System Decomposition Report — Generated 2026-03-27 — UHT Journal / universalhex.org
This report was generated autonomously by the UHT Journal systems engineering loop. An AI agent decomposed the system into subsystems and components, classified each using the Universal Hex Taxonomy (a 32-bit ontological classification system), generated traced requirements in AIRGen, and built architecture diagrams — all without human intervention.
Every component and subsystem is assigned an 8-character hex code representing its ontological profile across 32 binary traits organised in four layers: Physical (bits 1–8), Functional (9–16), Abstract (17–24), and Social (25–32). These codes enable cross-domain comparison — components from unrelated systems that share a hex code or high Jaccard similarity are ontological twins, meaning they occupy the same structural niche despite belonging to different domains.
Duplicate hex codes are informative, not errors. When two components share the same code, it means UHT classifies them as the same kind of thing — they have identical trait profiles. This reveals architectural patterns: for example, a fire control computer and a sensor fusion engine may share the same hex because both are powered, synthetic, signal-processing, state-transforming, system-essential components. The duplication signals that requirements, interfaces, and verification approaches from one may transfer to the other.
Requirements follow the EARS pattern (Easy Approach to Requirements Syntax) and are traced through a derivation chain: Stakeholder Needs (STK) → System Requirements (SYS) → Subsystem Requirements (SUB) / Interface Requirements (IFC) → Verification Plan (VER). The traceability matrices at the end of this report show every link in that chain.
| Standard | Title |
|---|---|
| BS 5839-1 | — |
| BS 8519 | — |
| BS EN 14175-3 | — |
| BS EN 1822 | — |
| IEC 61225 | — |
| IEC 61508 | Functional safety of electrical/electronic/programmable electronic safety-related systems |
| IEC 61508/61511 | Functional safety of electrical/electronic/programmable electronic safety-related systems |
| IEC 61511 | Functional safety — Safety instrumented systems for the process industry sector |
| IEC 61511-1 | Functional safety — Safety instrumented systems for the process industry sector |
| IEC 62443 | Industrial communication networks — Network and system security |
| ISO 10816-3 | — |
| ISO 11929 | — |
| ISO 17025 | — |
| ISO 2889 | — |
| Acronym | Expansion |
|---|---|
| ARC | Architecture Decisions |
| CADOR | Central Approved Dosimetry Organisation Record |
| CCCS | Completeness, Consistency, Correctness, Stability |
| EARS | Easy Approach to Requirements Syntax |
| IFC | Interface Requirements |
| STK | Stakeholder Requirements |
| SUB | Subsystem Requirements |
| SYS | System Requirements |
| UHT | Universal Hex Taxonomy |
| VER | Verification Plan |
flowchart TB n0["system<br>Radiochemistry Laboratory"] n1["subsystem<br>Sample Receipt and Preparation"] n2["subsystem<br>Gamma Spectrometry Suite"] n3["subsystem<br>Alpha Spectrometry Laboratory"] n4["subsystem<br>Liquid Scintillation Counting"] n5["subsystem<br>ICP-MS and Elemental Analysis"] n6["subsystem<br>Radiochemical Separations Lab"] n7["subsystem<br>Active Ventilation and Containment"] n8["subsystem<br>Radiation Protection Monitoring"] n9["subsystem<br>Active Effluent Treatment"] n10["subsystem<br>LIMS and Data Management"] n11["subsystem<br>Radioactive Waste Management"] n12["subsystem<br>Facility Safety and Emergency"] n13["subsystem<br>Utilities and Building Services"] n0 --> n1 n0 --> n2 n0 --> n3 n0 --> n4 n0 --> n5 n0 --> n6 n0 --> n7 n0 --> n8 n0 --> n9 n0 --> n10 n0 --> n11 n0 --> n12 n0 --> n13
Radiochemistry Laboratory — Decomposition
| Ref | Requirement | V&V | Tags |
|---|---|---|---|
| STK-REQ-001 | The Radiochemistry Laboratory SHALL provide analysis results for reactor primary coolant samples within 4 hours of sample receipt for safety-critical parameters (gross alpha, gross beta, H-3, dissolved gases) to support reactor operations decision-making. Rationale: Reactor operations require timely coolant chemistry data to confirm fuel clad integrity and authorise continued power operation. A 4-hour turnaround enables the duty chemist to report results within the same watch period, supporting the submarine's operational programme. Delayed results could force precautionary reactor shutdown with significant fleet availability impact. | Test | stakeholder, session-325 |
| STK-REQ-002 | The Radiochemistry Laboratory SHALL demonstrate compliance with the nuclear site licence conditions, particularly LC14 (safety documentation), LC23 (operating rules), LC27 (safety mechanisms), and LC28 (examination, maintenance, inspection and testing) as assessed by the ONR. Rationale: ONR is the statutory nuclear safety regulator for UK defence nuclear sites. Non-compliance with licence conditions can result in enforcement action including improvement notices, prohibition notices, or prosecution. The laboratory safety case and its compliance arrangements must satisfy ONR inspectors during routine and reactive inspections. | Inspection | stakeholder, session-325 |
| STK-REQ-003 | The Radiochemistry Laboratory SHALL ensure that all liquid and gaseous radioactive discharges remain within the limits and conditions specified in the current environmental permit (EPR or RSA authorisation) and SHALL provide verifiable discharge monitoring data to the Environment Agency or SEPA. Rationale: The laboratory generates liquid effluent (from sample preparation, washing, decontamination) and gaseous discharges (from fume cupboard and glovebox extracts). EA/SEPA discharge permits set annual limits on total alpha, total beta, tritium, and specific nuclides. Exceeding these limits is a criminal offence and risks permit revocation, which would shut down the laboratory. | Analysis | stakeholder, session-325 |
| STK-REQ-004 | The Radiochemistry Laboratory SHALL maintain individual annual effective dose to all laboratory personnel as low as reasonably practicable (ALARP) and in all cases below a dose constraint of 10 mSv per year, with investigation levels at 1 mSv per quarter. Rationale: Laboratory staff handle open radioactive sources daily, creating external irradiation and internal contamination hazards. The 10 mSv/year constraint provides margin below the 20 mSv/year IRR17 legal limit. ALARP is a legal requirement under IRR17 Regulation 9 and is actively enforced by ONR. The 1 mSv/quarter investigation level ensures trends are caught early before approaching annual limits. | Analysis | stakeholder, session-325 |
| STK-REQ-005 | The Radiochemistry Laboratory SHALL provide nuclear material assay results with measurement uncertainties meeting IAEA International Target Values for destructive assay of uranium and plutonium, to support the site nuclear material accountancy system. Rationale: As a defence nuclear site, the dockyard must account for all special nuclear material to IAEA safeguards-equivalent standards. The laboratory's mass spectrometric and radiometric assay results feed directly into the nuclear material balance. Measurement uncertainty must meet ITVs (e.g. 0.1% relative for U mass, 0.5% for Pu isotopic composition by IDMS) to avoid material unaccounted for (MUF) triggers. | Test | stakeholder, session-325 |
| STK-REQ-006 | The Radiochemistry Laboratory SHALL be designed to facilitate future decommissioning and decontamination, with all active areas employing smooth, non-porous, sealed surface finishes and modular service routing that enables progressive zone-by-zone clearance without compromising containment of remaining active areas. Rationale: Nuclear site licence condition LC35 requires the licensee to make and implement adequate arrangements for decommissioning. ONR Safety Assessment Principles EKP.2 requires that design facilitates decommissioning from the outset. A radiochemistry laboratory handling open sources creates surface contamination that, if embedded in porous materials, would generate significant quantities of intermediate-level waste during decommissioning. Smooth sealed surfaces and modular services are established good practice (IAEA SSG-47) to minimise decommissioning waste volumes and worker dose. | Inspection | stakeholder, decommissioning, validation, session-337 |
| STK-REQ-007 | The Radiochemistry Laboratory SHALL protect nuclear material accountancy data, safeguards-relevant analytical results, and facility security information in accordance with the Classification Policy Framework and the site Nuclear Industries Security Regulations 2003 (NISR) security plan, with electronic systems meeting NCSC Cyber Essentials Plus as a minimum baseline. Rationale: The dockyard is a defence nuclear site where nuclear material accountancy data (Pu/U assay results, isotopic compositions) and facility vulnerability information are classified under the government security classification policy. NISR 2003 requires approved security plans for nuclear premises. ONR Civil Nuclear Security division assesses cyber security under the NIS Regulations 2018. LIMS contains safeguards-sensitive data that must be protected from exfiltration or manipulation — loss of integrity in NMA results could mask material diversion. | Inspection | stakeholder, security, validation, session-337 |
| Ref | Requirement | V&V | Tags |
|---|---|---|---|
| SYS-REQ-001 | The Gamma Spectrometry Suite SHALL achieve a minimum detectable activity (MDA) of 0.5 Bq/L for Cs-137 and Co-60 in a 1-litre Marinelli beaker geometry with a 1-hour counting time, using HPGe detectors with relative efficiency of not less than 30%. Rationale: Reactor coolant Cs-137 and Co-60 are primary fuel clad failure indicators. The 0.5 Bq/L MDA at 1-hour count enables detection at levels well below operational action limits (~50 Bq/L for Cs-137) while keeping turnaround within the 4-hour window required by STK-REQ-001. The 30% relative efficiency is the minimum for achieving this MDA in a 1-hour count with typical background. | Test | system, gamma-spec, session-325 |
| SYS-REQ-002 | The Active Ventilation and Containment System SHALL maintain a depression cascade with pressure differentials of at least 15 Pa between successive containment zones (corridor to C1, C1 to C2, C2 to C3, C3 to C4) under all normal operating conditions including door openings. Rationale: The depression cascade is the primary engineered control preventing airborne contamination from spreading from higher-activity zones to lower-activity zones and occupied areas. The 15 Pa minimum per zone boundary is derived from HSE/ONR guidance for nuclear facility ventilation and ensures that transient events (door openings creating ~10 Pa perturbation) do not reverse flow direction. This directly supports ALARP for inhalation dose. | Test | system, ventilation, safety, session-325 |
| SYS-REQ-003 | The Active Effluent Treatment and Discharge System SHALL sample and analyse every liquid effluent batch for total alpha (<0.1 Bq/L detection limit), total beta (<1 Bq/L), and tritium (<10 Bq/L) before authorising discharge, with results recorded against the batch in the discharge database. Rationale: EA/SEPA discharge authorisations require pre-discharge monitoring of every batch to prevent unauthorised releases. Detection limits are set at approximately 1/100th of typical batch concentration limits to ensure measurement uncertainty does not risk a non-compliant discharge being authorised. Batch-level recording enables retrospective audit of cumulative annual discharges against permit limits. | Test | system, effluent, session-325 |
| SYS-REQ-004 | The Alpha Spectrometry Laboratory SHALL achieve detection limits of 0.5 mBq per sample for Pu-239/240 and Am-241 with energy resolution of not more than 25 keV FWHM at 5.486 MeV (Am-241 peak), using PIPS detectors with a minimum counting time of 72 hours for environmental-level samples. Rationale: Nuclear material accountancy for Pu requires quantification at environmental background levels to confirm there is no unaccounted material migration. The 0.5 mBq detection limit is consistent with IAEA requirements for environmental swipe analysis. 25 keV resolution is needed to resolve Pu-238 (5.499 MeV) from Am-241 (5.486 MeV) and Pu-239 (5.157 MeV) from Pu-240 (5.168 MeV) — failure to resolve these peaks invalidates isotopic ratios critical for material identification. | Test | system, alpha-spec, session-325 |
| SYS-REQ-005 | The Laboratory Information Management System SHALL maintain a tamper-evident electronic audit trail recording all sample data entries, modifications, approvals, and deletions with operator identity, timestamp, and reason for change, in compliance with UKAS ISO 17025 and ONR LC25 (operational records) requirements. Rationale: LC25 requires the licensee to keep adequate records of operations. ISO 17025 clause 8.4 requires control of records including protection against unauthorised changes. The audit trail provides the evidential basis for demonstrating that analytical results are traceable, unaltered, and properly authorised — essential for both regulatory compliance and legal admissibility of results in nuclear safety cases. | Inspection | system, lims, session-325 |
| SYS-REQ-006 | The Radiation Protection and Health Physics Monitoring System SHALL detect airborne alpha contamination exceeding 1/10th of the derived air concentration (DAC) for Pu-239 within 60 seconds and initiate a local audible and visual alarm within 5 seconds of detection threshold exceedance. Rationale: Airborne alpha contamination from Pu compounds is the highest-consequence hazard in the laboratory (committed effective dose per unit intake: 5×10⁻⁵ Sv/Bq for Pu-239 Type S). Detection at 1/10th DAC provides early warning before significant intake occurs. The 60-second detection time is constrained by the filter collection and counting statistics of continuous air monitors operating at 1-2 L/min flow rate. The 5-second alarm latency ensures personnel can respond (evacuate or don respiratory protection) before accumulating significant intake. | Test | system, radpro, safety, session-325 |
| SYS-REQ-007 | The ICP-MS and Elemental Analysis Suite SHALL achieve a detection limit of 0.05 Bq/L for Tc-99 in liquid effluent samples with a measurement uncertainty of not more than 15% (k=2) at 10 times the detection limit. Rationale: Tc-99 is a long-lived beta emitter (t½ 2.13×10⁵ years) present in spent fuel and is specifically listed in EA discharge authorisations. LSC measurement of Tc-99 requires prior radiochemical separation, whereas ICP-MS provides faster direct determination at lower detection limits. The 0.05 Bq/L limit is 1/20th of typical batch discharge action levels and the 15% uncertainty at 10× LOD meets ISO 11929 requirements for regulatory reporting. | Test | system, icp-ms, session-325 |
| SYS-REQ-008 | The Active Ventilation and Containment System SHALL employ twin-bank HEPA filtration on all extract pathways from C3 and C4 zones, with each bank achieving a minimum decontamination factor of 1000 (99.9% removal efficiency) for 0.3 micron aerosols, DOP-tested in situ at installation and annually thereafter. Rationale: HEPA filtration is the final barrier preventing airborne radioactive particulate discharge to atmosphere. Twin-bank configuration provides redundancy — if one bank fails or is being changed, the second maintains protection. The DF of 1000 per bank (combined DF of 10⁶) reduces stack discharge to negligible levels even during worst-case glove failure or spill events. In-situ DOP testing per BS EN 1822 confirms installed performance, as factory tests do not account for bypass leakage at frame seals. | Test | system, ventilation, safety, session-325 |
| SYS-REQ-009 | The Facility Safety and Emergency Response System SHALL enforce fissile material mass limits per workstation such that the total fissile inventory in any single laboratory room does not exceed 50% of the minimum critical mass for the most reactive credible configuration, with physical controls (container geometry, material form) providing at least two independent barriers to criticality. Rationale: Nuclear site licence condition LC24 (fissile material) requires the licensee to ensure criticality cannot occur. The 50% margin provides conservative protection against accumulation errors and credible upset conditions. Two independent barriers (e.g. mass limit AND geometry control) ensure that no single failure leads to a critical configuration. This is particularly important during fuel element dissolution where fissile material is in solution form with higher reactivity than solid metal. | Analysis | system, safety, criticality, session-325 |
| SYS-REQ-010 | The Liquid Scintillation Counting Facility SHALL achieve a detection limit of 1 Bq/L for tritium in reactor coolant water samples with a counting time of not more than 120 minutes, using ultra-low-background counters with figure of merit (E²/B) exceeding 400. Rationale: Tritium is produced by neutron activation of boron in PWR coolant and Li in primary circuit materials. It is a key indicator of coolant chemistry status and fuel performance. The 1 Bq/L detection limit is well below the typical coolant concentration (~10⁴-10⁶ Bq/L) but is needed for environmental monitoring of non-active drainage and groundwater. The 120-minute counting time keeps turnaround within the 4-hour operational requirement. FOM > 400 requires Quantulus-class counters with active guard counting. | Test | system, lsc, session-325 |
| SYS-REQ-011 | The Laboratory Information Management System SHALL implement role-based access control with multi-factor authentication for all users, encrypt all data at rest using AES-256 and in transit using TLS 1.2 or later, and maintain network segmentation isolating the LIMS server from general-purpose office networks and from safety-related operational technology networks. Rationale: LIMS stores safeguards-relevant nuclear material accountancy data whose integrity directly affects material balance reporting. ONR CNS guidance requires defence-in-depth for computer-based systems on nuclear sites. Network segmentation prevents lateral movement from compromised office networks to safety or safeguards systems. MFA prevents credential theft enabling unauthorised data modification. AES-256 encryption at rest protects against physical media theft from the site. | Test | system, cybersecurity, validation, session-337 |
| SYS-REQ-012 | The Radiochemistry Laboratory SHALL maintain a decommissioning database recording all materials of construction in active zones, all instances of contamination events requiring remediation, and cumulative operational histories for each containment zone, sufficient to support future radiological characterisation during decommissioning planning. Rationale: LC35 requires decommissioning arrangements to be maintained throughout the facility lifetime. A radiochemistry laboratory accumulates activation and contamination records over decades of operation. Without systematic recording from day one, decommissioning characterisation requires expensive physical sampling of every surface. The database enables waste categorisation estimates and dose predictions essential for decommissioning safety case development. | Inspection | system, decommissioning, validation, session-337 |
| Ref | Requirement | V&V | Tags |
|---|---|---|---|
| SUB-REQ-001 | The Supply Air Handling Unit SHALL deliver conditioned air to C1 and C2 zones at 20 plus or minus 2 degrees Celsius and 40 to 60 percent relative humidity at a supply rate of not less than 8000 cubic metres per hour. Rationale: Temperature and humidity stability is required for instrument calibration consistency in the gamma spectrometry and alpha spectrometry suites. A 2-degree-C band ensures detector gain drift remains within calibration tolerance. Humidity control prevents condensation on cooled detector surfaces and static discharge in low-background counting areas. | Test | subsystem, ventilation, session-326, idempotency:sub-sahu-temp-326 |
| SUB-REQ-002 | The Extract Fan System SHALL provide automatic changeover from duty to standby fan within 10 seconds of duty fan failure, maintaining extract airflow at not less than 80 percent of nominal during the changeover transient. Rationale: A 10-second changeover limit ensures the depression cascade does not collapse during fan failure. At 10000 m3/h extract rate, a 10-second interruption allows approximately 28 cubic metres of unextracted air — insufficient to pressurise C3/C4 zones beyond the 15 Pa minimum differential given room volumes of approximately 200 m3. The 80 percent flow floor prevents cascade reversal during transient. | Test | subsystem, ventilation, session-326, idempotency:sub-efs-changeover-326 |
| SUB-REQ-003 | The HEPA Filtration Assembly SHALL achieve a minimum decontamination factor of 10000 (99.99 percent retention efficiency) on each filter bank when tested in situ using DOP/PAO aerosol challenge at rated airflow, with leak-tight safe-change housings on the primary bank preventing operator exposure exceeding 1 microsievert during filter replacement. Rationale: H14-grade HEPA filters are rated at 99.995 percent but in-situ performance must achieve at least 99.99 percent to account for housing seal leakage and installation imperfections. The 1-microsievert dose constraint during filter change drives the safe-change (bag-in/bag-out) housing requirement — used primary HEPA filters in a radiochemistry lab accumulate alpha activity that would present significant skin and inhalation dose if exposed during manual removal. | Test | subsystem, ventilation, session-326, idempotency:sub-hepa-dop-326 |
| SUB-REQ-004 | The Depression Cascade Control System SHALL restore zone differential pressures to within 5 Pa of setpoint within 2 seconds of a step disturbance of 10 Pa, for all zone boundaries (C1/C2 at minus 15 Pa, C2/C3 at minus 30 Pa, C3/C4 at minus 50 Pa). Rationale: A 2-second response time prevents sustained cascade reversal during door openings or fume cupboard sash movements. At typical room volumes (150-200 m3) and extract rates, a 10 Pa step disturbance represents a major perturbation (e.g. door opening). Failure to restore within 2 seconds risks airflow from higher-activity to lower-activity zones, potentially spreading alpha contamination. The 5 Pa tolerance band prevents continuous hunting while maintaining containment integrity. | Test | subsystem, ventilation, session-326, idempotency:sub-dccs-response-326 |
| SUB-REQ-005 | The Stack Monitoring and Discharge System SHALL automatically close the stack isolation damper within 5 seconds when the measured airborne alpha activity exceeds one-tenth of the derived air concentration limit for the most restrictive isotope handled (Pu-239, DAC 0.08 Bq/m3, trigger at 0.008 Bq/m3). Rationale: One-tenth DAC trigger provides margin before the regulatory discharge limit is approached. Pu-239 is the most restrictive alpha emitter handled in the laboratory (lowest ALI). The 5-second closure time limits the total release during the transient to approximately 0.014 Bq at 10000 m3/h stack flow — negligible compared to quarterly discharge limits. Damper closure faster than 5 seconds risks pressure surge in the extract ductwork. | Test | subsystem, ventilation, session-326, idempotency:sub-stack-isolation-326 |
| SUB-REQ-006 | The Fume Cupboard and Glove Box Extract Network SHALL maintain a minimum face velocity of 0.5 metres per second at each C3 zone fume cupboard with the sash at the 500 mm working opening, and shall maintain each C4 zone glove box at minus 250 Pa relative to the surrounding room. Rationale: The 0.5 m/s face velocity is the minimum specified by BS EN 14175-3 for containment of hazardous substances and is the standard adopted by UKAS-accredited laboratories handling alpha-active materials. Below 0.5 m/s, turbulent room air currents can defeat the fume cupboard air curtain, allowing alpha particulate to escape to the operator breathing zone. Glove box negative pressure of 250 Pa ensures that any glove breach results in inward airflow, preventing release of loose alpha contamination. | Test | subsystem, ventilation, session-326, idempotency:sub-fc-facevel-326 |
| SUB-REQ-007 | The Standby Ventilation and Emergency Isolation System SHALL maintain containment integrity (depression cascade not less than 10 Pa at all zone boundaries) for a minimum of 72 hours following loss of normal mains power, achieving Safety Integrity Level 2 for the containment preservation function per IEC 61511. Rationale: The 72-hour duration covers the maximum credible mains restoration time for a UK nuclear licensed site (National Grid ESO restoration planning assumption). SIL 2 is assigned because loss of containment during alpha handling could result in individual effective doses of 20-50 mSv — ALARP assessment shows that the cost of SIL 2 (redundant components, proof testing) is grossly disproportionate to the risk reduction foregone. The 10 Pa minimum (versus normal 15-50 Pa) is the degraded-mode threshold below which cascade reversal becomes possible with door openings. | Test | subsystem, ventilation, safety, session-326, idempotency:sub-standby-sil2-326 |
| SUB-REQ-008 | The HEPA Filtration Assembly SHALL provide continuous differential pressure monitoring across each filter bank with alarm at 250 Pa (advisory, approaching loading limit) and 500 Pa (mandatory filter change), transmitting readings to the Depression Cascade Control System at intervals not exceeding 5 seconds. Rationale: HEPA filter loading increases pressure drop from approximately 250 Pa (clean) to over 750 Pa (blocked). At 500 Pa, extract fan power consumption increases by approximately 40 percent and flow reduction risks cascade collapse. The 250 Pa advisory threshold provides 2-4 weeks warning (typical loading rate in a radiochemistry lab handling microgramme quantities of alpha emitters) for planned filter replacement, avoiding emergency changes that carry higher dose risk. 5-second update rate matches the cascade control loop bandwidth. | Test | subsystem, ventilation, session-326, idempotency:sub-hepa-dp-326 |
| SUB-REQ-009 | The Extract Fan System SHALL include vibration monitoring on all fan bearings with automatic trip at 11 mm/s RMS velocity (ISO 10816-3 Zone D boundary for Group 2 machines) and alarm at 7.1 mm/s RMS (Zone C/D boundary), initiating automatic changeover to standby fan on trip. Rationale: Extract fans operate continuously and bearing failure is the dominant failure mode. ISO 10816-3 vibration severity zones provide well-established thresholds for rotating machinery condition monitoring. Zone D (11 mm/s) indicates damage is occurring and continued operation risks catastrophic bearing seizure — which would halt extract ventilation entirely. Early warning at Zone C/D (7.1 mm/s) allows planned maintenance during low-activity periods. | Test | subsystem, ventilation, session-326, idempotency:sub-efs-vibration-326 |
| SUB-REQ-010 | The Continuous Air Monitor Network SHALL detect airborne alpha contamination at a sensitivity of 0.2 DAC-hours for Pu-239 (corresponding to 0.037 Bq/m3 DAC fraction) with a false alarm rate not exceeding 1 per 1000 operating hours per monitor. Rationale: Derived from SYS-REQ-006 airborne alpha detection requirement and IRR17 Schedule 3 dose assessment obligations. The 0.2 DAC-hour threshold ensures personnel dose from inhalation is assessed before exceeding 1/10 of the annual dose constraint. False alarm rate limit prevents alarm fatigue which degrades response reliability. | Test | subsystem, radiation-protection, cam-network, session-327, idempotency:sub-cam-sensitivity-327 |
| SUB-REQ-011 | The Continuous Air Monitor Network SHALL provide a three-level alarm cascade: investigation at 0.5 DAC, action at 1.0 DAC, and evacuation at 3.0 DAC, with alarm annunciation at both the local CAM unit and the Health Physics Central Alarm and Display System within 2 seconds of threshold exceedance. Rationale: Three-level cascade aligns with HSE Approved Code of Practice for IRR17 Regulation 18 (contingency plans). Investigation level triggers RPS assessment, action level triggers area evacuation and HP survey, evacuation level triggers emergency response. The 2-second latency ensures real-time awareness for time-critical contamination events. | Test | subsystem, radiation-protection, cam-network, session-327, idempotency:sub-cam-alarm-327 |
| SUB-REQ-012 | The Area Gamma Dose Rate Monitoring Array SHALL measure ambient dose equivalent rate H*(10) from 0.05 microSv/h to 10 Sv/h with energy response within plus or minus 30 percent across the range 50 keV to 3 MeV, calibrated against NPL-traceable Cs-137 and Co-60 reference fields. Rationale: Lower range of 0.05 microSv/h is needed to resolve natural background variations and detect early onset contamination in supervised areas. Upper range of 10 Sv/h covers credible accident scenarios including source handling incidents. Energy response specification ensures accurate dose assessment for the mixed gamma fields encountered from activated corrosion products and fission products in reactor coolant samples. | Test | subsystem, radiation-protection, gamma-array, session-327, idempotency:sub-gamma-range-327 |
| SUB-REQ-013 | The Area Gamma Dose Rate Monitoring Array SHALL alarm at three thresholds: investigation at 7.5 microSv/h, action at 25 microSv/h, and evacuation at 100 microSv/h, with dose rate update interval not exceeding 10 seconds. Rationale: Investigation level set at 3x typical background (2.5 microSv/h) to reliably distinguish source movement from statistical fluctuation. Action level corresponds to dose rate that would deliver 200 microSv in an 8-hour shift (daily investigation level). Evacuation level limits potential acute dose. 10-second update ensures timely detection of rapidly changing fields during sample handling. | Test | subsystem, radiation-protection, gamma-array, session-327, idempotency:sub-gamma-alarm-327 |
| SUB-REQ-014 | The Contamination Monitoring Stations SHALL achieve alpha detection sensitivity of 0.04 Bq/cm2 and beta-gamma detection sensitivity of 0.4 Bq/cm2 on hand-foot-clothing monitors, with total measurement time not exceeding 10 seconds and throughput of at least 6 persons per monitor per hour. Rationale: Detection sensitivities are set at 1/10 of the ONR-accepted surface contamination clearance levels (0.4 Bq/cm2 alpha, 4 Bq/cm2 beta-gamma) to provide adequate margin for reliable detection at the clearance boundary. 10-second measurement time and throughput requirement prevent queuing at shift changeover which would incentivise personnel to bypass monitoring. | Test | subsystem, radiation-protection, contamination, session-327, idempotency:sub-contam-hfc-327 |
| SUB-REQ-015 | The Contamination Monitoring Stations SHALL include portal monitors at the controlled area final exit capable of detecting 400 Bq of Cs-137 distributed on a person within a 5-second walk-through measurement, with automatic barrier lock on alarm. Rationale: Portal monitors serve as the final barrier against spread of contamination outside the controlled area. 400 Bq Cs-137 detection threshold corresponds to approximately 1/10 of the body contamination level requiring decontamination intervention. Automatic barrier lock prevents contaminated personnel from leaving without HP assessment. | Test | subsystem, radiation-protection, contamination, session-327, idempotency:sub-contam-portal-327 |
| SUB-REQ-016 | The Personal Dosimetry and Dose Record System SHALL issue EPDs with audible dose rate alarm at 10 microSv/h and integrated dose alarm at 200 microSv per entry, and SHALL automatically flag any individual whose running annual dose exceeds 80 percent of the 6 mSv dose constraint, restricting controlled area access until RPS authorisation. Rationale: EPD dose rate alarm set below area gamma investigation level to provide personal warning before area alarm triggers. 200 microSv daily investigation level aligns with IRR17 Regulation 8 dose investigation requirements. 80 percent dose constraint trigger provides margin before reaching the 6 mSv investigation level and the 15 mSv statutory limit, preventing inadvertent overexposure. | Test | subsystem, radiation-protection, dosimetry, session-327, idempotency:sub-dosim-alarm-327 |
| SUB-REQ-017 | The Personal Dosimetry and Dose Record System SHALL submit dose records to the Central Approved Dosimetry Organisation Record (CADOR) quarterly, with reconciliation between EPD readings, TLD results, and CADOR entries completed within 10 working days of TLD processing. Rationale: CADOR submission is a legal requirement under IRR17 Regulation 21 for classified persons. Reconciliation window of 10 working days ensures discrepancies between EPD and TLD are investigated promptly. TLD remains the legal dose of record; EPD provides operational dose management. | Inspection | subsystem, radiation-protection, dosimetry, session-327, idempotency:sub-dosim-cador-327 |
| SUB-REQ-018 | The Health Physics Central Alarm and Display System SHALL achieve 99.9 percent availability (less than 8.76 hours unplanned downtime per year) through active-standby redundant server architecture, with automatic failover completing within 30 seconds and no loss of alarm state or historian data. Rationale: Continuous radiation monitoring is an ONR licence condition requirement. 99.9 percent availability target balances cost against the risk that loss of central monitoring forces reliance on local instrument alarms alone, which lack trending and remote awareness capability. 30-second failover ensures alarm continuity during server switchover. | Test | subsystem, radiation-protection, hp-central, session-327, idempotency:sub-hpcentral-avail-327 |
| SUB-REQ-019 | The Health Physics Central Alarm and Display System SHALL retain all radiation monitoring data in a 10-year historian database with tamper-evident audit trail, and SHALL automatically generate quarterly EA/SEPA statutory discharge returns from stack and effluent monitoring data. Rationale: 10-year retention satisfies ONR guidance on records retention for nuclear sites and supports epidemiological follow-up obligations. Tamper-evident audit trail required for regulatory inspection credibility. Automatic statutory returns generation reduces manual transcription errors in discharge reporting which could result in regulatory enforcement action. | Inspection | subsystem, radiation-protection, hp-central, session-327, idempotency:sub-hpcentral-historian-327 |
| SUB-REQ-020 | When mains power is lost, the Health Physics Central Alarm and Display System SHALL maintain full alarm and display functionality on UPS power for a minimum of 4 hours, with automatic graceful shutdown and data preservation if UPS capacity falls below 10 percent. Rationale: 4-hour UPS duration covers credible mains outage scenarios including time for diesel generator start and load transfer. Matches the site emergency plan assumption for restoration of essential supplies. Graceful shutdown protects historian database integrity — abrupt shutdown risks data corruption requiring manual recovery. | Test | subsystem, radiation-protection, hp-central, session-327, idempotency:sub-hpcentral-ups-327 |
| SUB-REQ-021 | The Radioactive Source Inventory and Calibration System SHALL maintain a complete register of all sealed radioactive sources held on site with real-time location tracking via barcode scanning, and SHALL generate automated alerts at least 30 days before each source leak test is due under IRR17 Schedule 4. Rationale: Source inventory is a legal requirement under IRR17 Regulation 28. Real-time location tracking prevents source loss which is a nuclear security reportable event. 30-day advance alert for leak tests provides adequate scheduling margin to avoid regulatory non-compliance. Barcode scanning provides auditable source movement records for ONR inspection. | Inspection | subsystem, radiation-protection, source-management, session-327, idempotency:sub-source-tracking-327 |
| SUB-REQ-022 | The Effluent Collection and Delay Tanks SHALL hold each batch for a minimum of 24 hours before discharge authorisation to allow decay of short-lived isotopes (Na-24 half-life 15h, Mn-56 half-life 2.6h) generated during reactor coolant sample processing. Rationale: 24-hour hold ensures Na-24 decays by at least one half-life and Mn-56 by nine half-lives, reducing gross gamma activity substantially and avoiding unnecessary chemical treatment for short-lived nuclides. | Test | subsystem, aetds, delay-tanks, session-328, idempotency:sub-delay-tanks-hold-time-328 |
| SUB-REQ-023 | The Effluent Collection and Delay Tanks SHALL provide a minimum of four tanks of 5000 litres each, such that at least one tank is always available for filling while others are in hold, sampling, or discharge states. Rationale: Four-tank configuration ensures continuous waste receipt from laboratory operations without interruption. Weekly laboratory throughput of approximately 8000L requires at least two tanks in parallel fill/hold, with remaining tanks for treatment and discharge. | Inspection | subsystem, aetds, delay-tanks, session-328, idempotency:sub-delay-tanks-capacity-328 |
| SUB-REQ-024 | The Effluent Collection and Delay Tanks SHALL be double-contained within bunded enclosures sized to at least 110% of the volume of the largest single tank, with leak detection sensors providing alarm within 60 seconds of bund water ingress. Rationale: 110% bund volume per nuclear site licence LC34 (leakage and escape of radioactive material). 60-second detection limit ensures rapid response before significant environmental release pathway is established. | Test | subsystem, aetds, delay-tanks, session-328, idempotency:sub-delay-tanks-containment-328 |
| SUB-REQ-025 | The Chemical Treatment Plant SHALL reduce total alpha activity in treated effluent to below 0.1 Bq/mL and total beta-gamma activity to below 1.0 Bq/mL, achieving a decontamination factor of at least 100 for actinides and at least 10 for Cs-137 and Sr-90. Rationale: Discharge limits derived from Environment Agency RSR permit schedule. DF of 100 for actinides required because incoming effluent from plutonium handling areas may reach 10 Bq/mL alpha. DF of 10 for fission products covers worst-case reactor coolant sample waste. | Test | subsystem, aetds, chemical-treatment, session-328, idempotency:sub-chem-treatment-df-328 |
| SUB-REQ-026 | The Batch Sampling and Analysis Station SHALL draw representative 500 mL aliquots from agitated delay tanks such that the sample activity concentration is within ±10% of the true batch mean, verified by triplicate sampling during commissioning. Rationale: ±10% representativeness ensures discharge decisions are based on accurate batch characterisation. Triplicate verification during commissioning establishes confidence in the sampling system before active operations. | Test | subsystem, aetds, batch-sampling, session-328, idempotency:sub-batch-sampling-rep-328 |
| SUB-REQ-027 | The Discharge Monitoring and Control System SHALL isolate the discharge line via a fail-safe valve within 5 seconds of detecting total activity exceeding 80% of the Environment Agency discharge limit, or upon loss of monitoring signal, or upon loss of electrical power. Rationale: SIL 2 safety function per IEC 61511 risk graph — environmental consequence of uncontrolled above-limit discharge. 80% setpoint provides margin before absolute limit. 5-second closure time limits volume discharged above threshold to less than 1 litre at maximum discharge flow rate of 10 L/min. | Test | subsystem, aetds, discharge-monitoring, safety, session-328, idempotency:sub-discharge-isolation-328 |
| SUB-REQ-028 | The Discharge Monitoring and Control System SHALL measure and totalise discharge volume using electromagnetic flowmeters with accuracy of ±1% of reading, recording batch ID, volume, activity concentrations, date/time, and authorising operator identity for each discharge event. Rationale: ±1% flow accuracy required for statutory discharge records submitted to Environment Agency. Operator identity recording required under nuclear site licence arrangements for formal authorisation chain. | Test | subsystem, aetds, discharge-monitoring, session-328, idempotency:sub-discharge-flow-328 |
| SUB-REQ-029 | The Inactive Drain Diversion System SHALL detect contamination above 0.1 Bq/mL gross beta-gamma in inactive drain flows and actuate motorised divert valves to route the affected drain to the active effluent collection tanks within 5 seconds of detection. Rationale: 0.1 Bq/mL threshold set at 10% of site discharge limit to provide early warning. 5-second divert time limits volume of contaminated water reaching the trade effluent system to less than 0.5 litres at typical drain flow rates, well within monitoring detection capability. | Test | subsystem, aetds, inactive-drain, session-328, idempotency:sub-inactive-divert-328 |
| SUB-REQ-030 | The Active Drain Collection Network SHALL be constructed from 316L stainless steel or borosilicate glass with double-contained routing through controlled areas, and SHALL withstand liquids in the pH range 1 to 13 with activity concentrations up to 1E6 Bq/L alpha and 1E8 Bq/L beta-gamma without material degradation over a 50-year design life. Rationale: pH 1-13 range covers concentrated acid digestion waste (HNO3, HCl) from radiochemical separations and alkaline decontamination solutions. 50-year design life aligns with nuclear facility decommissioning timeline. 316L SS and borosilicate glass are proven materials for nuclear effluent service per GDA assessments. | Analysis | subsystem, aetds, drain-network, session-328, idempotency:sub-drain-materials-328 |
| SUB-REQ-031 | The Chemical Treatment Plant SHALL collect and package treatment sludge containing co-precipitated actinides as intermediate-level waste in 200-litre drums compatible with the Radioactive Waste Management Facility storage and eventual disposal route. Rationale: Sludge from ferric floc co-precipitation concentrates actinides into a small-volume ILW stream. 200L drum packaging aligns with UK ILW conditioning and storage standards (RWM Letter of Compliance process). Compatibility with downstream waste route is essential to avoid orphan waste. | Inspection | subsystem, aetds, chemical-treatment, session-328, idempotency:sub-chem-sludge-328 |
| SUB-REQ-032 | The Criticality Warning System SHALL detect a prompt criticality excursion producing a minimum absorbed dose rate of 20 mrad at the detector location within 1 millisecond of onset, using a minimum of two independent neutron-sensitive channels per monitored zone in a 2oo3 coincidence voting arrangement. Rationale: 20 mrad detection threshold derived from IAEA NS-R-5 and ANSI/ANS-8.3-1997 requirements for criticality alarm systems in facilities handling fissile materials. 2oo3 voting balances false alarm rate against detection reliability — a single-channel system would produce unacceptable false alarm frequency in a dockyard environment with neutron background from submarine reactor compartments nearby. | Test | subsystem, safety, criticality, session-329, idempotency:sub-cws-detection-329 |
| SUB-REQ-033 | The Criticality Warning System SHALL produce a distinctive warbling alarm tone audible at a minimum of 75 dBA in all occupied areas of the laboratory, distinguishable from fire, contamination, and general evacuation alarms, and not capable of being silenced locally. Rationale: ONR Safety Assessment Principles ECS.3 and IAEA guidance require criticality alarms to be unmistakable and non-defeatable. 75 dBA threshold ensures audibility in laboratory areas with fume cupboard noise (typically 60-65 dBA). Local silencing would allow personnel to ignore the alarm during an event where immediate evacuation is the only safe response. | Demonstration | subsystem, safety, criticality, session-329, idempotency:sub-cws-alarm-329 |
| SUB-REQ-034 | The Fire Detection and Suppression System SHALL achieve detection-to-alarm notification in less than 30 seconds for all fire scenarios within the laboratory, and SHALL initiate automatic suppression within 60 seconds of confirmed detection in zones where automatic suppression is enabled. Rationale: 30-second detection-to-alarm derived from BS 5839-1 Category L1 response time requirements. 60-second suppression initiation allows for detector confirmation (prevents single-point false discharge of IG-541, which would require zone evacuation) while limiting fire growth in a facility containing flammable solvents and radioactive materials. | Test | subsystem, fire, session-329, idempotency:sub-fds-response-329 |
| SUB-REQ-035 | The Fire Detection and Suppression System SHALL employ inert gas suppression (IG-541) in zones containing unsealed radioactive materials, alpha glove boxes, and sensitive analytical instruments, and SHALL employ water mist suppression in corridors, offices, and storage areas where water application does not risk contamination spread. Rationale: Water applied to alpha-contaminated surfaces aerosolises plutonium particles and spreads contamination via runoff. IG-541 suppresses fire by oxygen displacement without disturbing contaminated surfaces or damaging sensitive detectors (HPGe, silicon alpha detectors). Zone boundary follows the C3/C4 contamination classification boundary. | Inspection | subsystem, fire, session-329, idempotency:sub-fds-zones-329 |
| SUB-REQ-036 | The Safety Interlock and Trip System SHALL enforce fissile material mass limits at each workstation using load cells and gamma activity monitors, initiating automatic process isolation when 80 percent of the single-contingency criticality safety limit is reached, with trip logic implemented in hardwired relay circuits achieving SIL 3 per IEC 61511. Rationale: Derives from SYS-REQ-009. 80 percent trip threshold provides margin before the actual criticality safety limit. Hardwired relay implementation required for SIL 3 because software-based systems introduce common-cause failure modes that cannot be claimed below 1E-4 PFDavg without extensive software V and V. Load cells plus gamma monitors provide diverse measurement principles. | Test | subsystem, safety, criticality, session-329, idempotency:sub-sit-fissile-329 |
| SUB-REQ-037 | The Safety Interlock and Trip System SHALL use 2oo3 voting logic for all safety-critical trip functions, with each voting channel powered from an independent UPS circuit, and SHALL complete trip initiation within 500 milliseconds of the trip condition being met. Rationale: 2oo3 voting allows one channel to fail or be taken offline for maintenance without losing the safety function or causing a spurious trip. 500 ms trip initiation bounds the time between detection and actuation, ensuring criticality and fire trips are fast enough to be effective. Independent UPS circuits prevent single power failure from disabling voting majority. | Test | subsystem, safety, session-329, idempotency:sub-sit-voting-329 |
| SUB-REQ-038 | The Emergency Power System SHALL provide uninterruptible power to all criticality detectors, fire detection panels, safety interlock circuits, and radiation monitors via online double-conversion UPS with a minimum of 30 minutes full-load battery autonomy and 4 hours reduced-load autonomy. Rationale: 30-minute full-load autonomy covers diesel generator start and synchronisation including failed-start retry. 4-hour reduced-load provides overnight coverage if diesel fails to start. Online double-conversion ensures zero transfer time — even momentary power interruption to criticality detectors creates an unmonitored gap during which a criticality event could occur undetected. | Test | subsystem, power, safety, session-329, idempotency:sub-eps-ups-329 |
| SUB-REQ-039 | The Emergency Power System SHALL start the standby diesel generator and achieve rated voltage and frequency within 8 seconds of mains power failure, with automatic load transfer to safety-critical ventilation extract fans maintaining containment depression. Rationale: 8-second start-to-load derived from the maximum acceptable loss-of-containment duration. Extract fans maintain depression cascade preventing airborne contamination migration between zones. Without extract, C4 zone pressure equalises with C3 within approximately 15 seconds, so 8-second diesel start plus transfer maintains depression before equalisation occurs. | Test | subsystem, power, session-329, idempotency:sub-eps-diesel-329 |
| SUB-REQ-040 | The Spill Containment and Emergency Decontamination System SHALL provide bunded containment under all fume cupboards and glove boxes rated to 110 percent of the largest vessel volume, with stainless steel construction resistant to concentrated nitric acid and sealed joints preventing underfloor seepage to inactive drains. Rationale: 110 percent containment volume is standard for nuclear bunded areas per Environment Agency guidance. Nitric acid resistance required because radiochemical separations use concentrated HNO3 for plutonium dissolution. Sealed joints prevent contaminated liquid reaching inactive (non-monitored) drainage, which would bypass the active effluent treatment system and risk unmonitored discharge. | Inspection | subsystem, containment, session-329, idempotency:sub-scd-bund-329 |
| SUB-REQ-041 | The Emergency Communications and Alarm System SHALL provide a minimum of four distinct alarm tones: criticality (warbling siren), fire (two-tone), contamination (intermittent), and general evacuation (continuous), each audible at 75 dBA minimum in all occupied zones including hearing protection areas via visual beacon backup. Rationale: Four distinct tones required because each emergency type demands a different response: criticality requires immediate evacuation away from the source, fire requires orderly evacuation via designated routes, contamination requires shelter-in-place or controlled exit, and general evacuation covers all other scenarios. Visual beacons ensure alerting in hearing protection zones where audiometric thresholds may exceed 75 dBA. | Demonstration | subsystem, communications, session-329, idempotency:sub-eca-tones-329 |
| SUB-REQ-042 | The Solid Waste Characterization and Segregation Station SHALL measure the gamma-emitting radionuclide inventory of each waste item using a shielded detector enclosure with a minimum detectable activity of 10 Bq for Cs-137 and Co-60 in a 200L drum geometry with a counting time of not more than 30 minutes. Rationale: Waste categorisation into VLLW/LLW/ILW per the Radioactive Substances Regulation 2011 requires quantified activity inventories. The 10 Bq MDA for Cs-137 in a drum geometry ensures reliable discrimination between VLLW (<4 Bq/g threshold) and LLW. The 30-minute limit supports operational throughput of approximately 10 drums per shift. | Test | subsystem, waste-management, characterization, session-330, idempotency:sub-swcss-gamma-mda-330 |
| SUB-REQ-043 | The Solid Waste Characterization and Segregation Station SHALL perform alpha and beta surface contamination screening on each waste package with detection limits of 0.04 Bq/cm2 for alpha and 0.4 Bq/cm2 for beta, recording results against the package unique identifier. Rationale: Surface contamination limits for waste packages at UK nuclear sites are derived from IRR 2017 and site-specific dose uptake assessments. These detection limits are one-tenth of the surface contamination clearance values, ensuring reliable compliance verification before packages leave the characterization area. | Test | subsystem, waste-management, characterization, session-330, idempotency:sub-swcss-surface-330 |
| SUB-REQ-044 | The Liquid Waste Conditioning System SHALL achieve a volume reduction factor of at least 10:1 for radioactive liquid concentrates through thin-film evaporation, with a decontamination factor of at least 1000 for non-volatile radionuclides in the distillate returned to the active drain system. Rationale: Volume reduction of 10:1 is necessary to minimise the number of cemented wasteform packages generated from liquid waste concentrates. The DF of 1000 ensures distillate activity is below the site discharge authorisation limits for return to the AETDS, preventing re-concentration of radioactivity in the effluent treatment loop. | Test | subsystem, waste-management, liquid-conditioning, session-330, idempotency:sub-lwcs-evaporator-330 |
| SUB-REQ-045 | The Liquid Waste Conditioning System SHALL immobilise concentrated liquid waste into a cement-based wasteform achieving a compressive strength of at least 4 MPa after 28 days curing, and a leach rate of less than 10^-5 g/cm2/day for Cs-137 under standard ANSI/ANS 16.1 test conditions. Rationale: Compressive strength of 4 MPa is the RWM Waste Acceptance Criteria minimum for ILW packages destined for geological disposal. The leach rate requirement ensures the wasteform provides adequate long-term containment of mobile fission products during interim storage and post-closure. Without these quantified criteria, packages may be rejected at the disposal facility. | Test | subsystem, waste-management, liquid-conditioning, session-330, idempotency:sub-lwcs-cement-330 |
| SUB-REQ-046 | The Solid Waste Packaging and Compaction System SHALL compact dry active waste in 200L drums using a hydraulic compactor with a minimum force of 50 kN, achieving a volume reduction ratio of at least 3:1 for compactible waste streams. Rationale: Volume reduction of 3:1 is the minimum economic justification for mechanical compaction at this facility scale, reducing interim storage requirements by approximately 200 drum positions over the facility lifetime. The 50 kN force is sufficient for laboratory dry active waste (paper, plastics, PPE) without requiring the higher forces needed for metallic waste. | Test | subsystem, waste-management, packaging, session-330, idempotency:sub-swpcs-compaction-330 |
| SUB-REQ-047 | The Solid Waste Packaging and Compaction System SHALL verify that the external surface contamination of each sealed drum does not exceed 4 Bq/cm2 for beta/gamma emitters and 0.4 Bq/cm2 for alpha emitters before release to the Interim Waste Store. Rationale: These are the UK transport regulation surface contamination limits for Type A packages under CDG 2009. Any drum exceeding these limits cannot be transferred to storage or transport without further decontamination. Verification at the packaging stage prevents contaminated drums entering the store where detection and remediation are more difficult. | Test | subsystem, waste-management, packaging, session-330, idempotency:sub-swpcs-surface-verify-330 |
| SUB-REQ-048 | The Interim Waste Store SHALL maintain a minimum spacing of 300 mm between fissile waste packages in all directions, with physical spacer frames preventing closer approach, such that the effective neutron multiplication factor (keff) does not exceed 0.95 for any credible arrangement including seismic displacement and flooding scenarios. Rationale: keff limit of 0.95 is the UK standard criticality safety criterion for waste storage (ONR Safety Assessment Principles, para 573). The 300 mm spacing is derived from criticality safety assessment for worst-case fissile loadings in 500L drums containing PuO2-contaminated waste at the maximum permitted mass per drum. Physical spacer frames are required because administrative controls alone are insufficient for multi-decade storage. | Analysis | subsystem, waste-management, interim-store, safety, session-330, idempotency:sub-iws-criticality-330 |
| SUB-REQ-049 | The Interim Waste Store SHALL continuously monitor the storage environment for temperature (range 5-35 degC, alarm at 40 degC), relative humidity (alarm at 80% RH), and area gamma dose rate (alarm at 25 microSv/h), with all parameters logged at 15-minute intervals and retained for the lifetime of stored packages. Rationale: Temperature and humidity limits are derived from RWM guidance on interim storage conditions to prevent corrosion of mild steel drums and degradation of cement wasteforms. The 40 degC alarm prevents thermally-driven degradation. The 25 microSv/h gamma alarm is set at 50% of the 2 mSv/year public dose limit budget allocated to the store, providing early warning of shielding degradation or package failure. | Test | subsystem, waste-management, interim-store, session-330, idempotency:sub-iws-envmon-330 |
| SUB-REQ-050 | The Interim Waste Store SHALL provide storage capacity for a minimum of 200 standard waste packages (200L and 500L drums) with provision for a 20% expansion margin, and SHALL support package placement and retrieval using an overhead crane rated for the maximum credible package weight of 2000 kg. Rationale: 200-package capacity is based on projected waste arisings of approximately 15 ILW drums and 40 LLW drums per year over the 10-year period between scheduled off-site transfers. The 20% margin provides operational flexibility for delayed transfers. The 2000 kg crane rating covers the heaviest credible package: a 500L drum containing cemented alpha-bearing sludge at maximum fill. | Inspection | subsystem, waste-management, interim-store, session-330, idempotency:sub-iws-capacity-330 |
| SUB-REQ-051 | The Waste Records and Consignment System SHALL create and maintain a waste package data record for each package containing: unique identifier, waste stream origin, radionuclide inventory (activity and uncertainty), waste form description, dose rate at 1 m, surface contamination measurements, package weight, waste category, and storage location, in a format compliant with RWM Data Recording Requirements. Rationale: The RWM Waste Package Data Record is a mandatory regulatory deliverable for any package destined for geological disposal. Without complete and compliant records, packages cannot be consigned. The specified data fields are the minimum set required by the RWM Letter of Compliance process. Records must be created at packaging time and updated throughout the storage period. | Inspection | subsystem, waste-management, records, session-330, idempotency:sub-wrcs-wpdr-330 |
| SUB-REQ-052 | The Waste Records and Consignment System SHALL maintain a nuclear material accountancy ledger tracking all fissile material (U-235, Pu-239, Pu-241) transfers into, within, and out of the waste management facility, reconciled with the site-level nuclear material accountancy system within 24 hours of any material movement. Rationale: ONR Licence Condition 14 (nuclear material accountancy) requires accurate tracking of all fissile material at licensed nuclear sites. The 24-hour reconciliation window ensures the site accountancy system reflects the current fissile inventory distribution for criticality safety and safeguards purposes. Delays beyond 24 hours risk undetected discrepancies that could compromise either criticality safety arguments or IAEA safeguards compliance. | Inspection | subsystem, waste-management, records, safety, session-330, idempotency:sub-wrcs-nma-330 |
| SUB-REQ-053 | The Sample Receiving Bay SHALL maintain negative pressure of at least minus 15 Pa relative to the adjacent corridor (C2 zone boundary) during all sample transfer operations, with automatic interlock preventing simultaneous opening of inner and outer airlock doors. Rationale: Prevents migration of airborne contamination from the C3 receiving area to uncontrolled C2 corridors during sample delivery. The 15 Pa threshold matches the facility depression cascade setpoints. Interlock prevents containment breach via airlock short-circuit — a credible contamination event given high sample throughput of up to 50 containers per day. | Test | subsystem, sample-receipt, session-331, idempotency:sub-sample-receipt-airlock-331 |
| SUB-REQ-054 | The Dose Rate and Contamination Screening Station SHALL measure ambient dose equivalent rate H*(10) from 0.05 microSv/h to 10 mSv/h with energy response within plus or minus 30 percent across 50 keV to 3 MeV, and SHALL categorise each sample as contact-handled (below 2 mSv/h at surface) or remote-handled (above 2 mSv/h) within 5 minutes of sample presentation. Rationale: The 2 mSv/h contact-handled threshold is the IRR17 boundary for requiring controlled handling procedures. Energy response specification ensures accurate measurement of the mixed gamma fields from reactor-origin samples (Co-60, Cs-137, Mn-54). The 5-minute turnaround prevents bottlenecks at the receiving bay given peak throughput of 50 containers per day. | Test | subsystem, sample-receipt, session-331, idempotency:sub-sample-receipt-doserate-331 |
| SUB-REQ-055 | The Sample Registration and Chain-of-Custody System SHALL assign a unique barcode identifier to each sample within 60 seconds of receipt, recording sample origin, requested analyses, date-time, receiving operator, and external dose rate, with all custody transfer events timestamped and attributable to named individuals in an auditable database. Rationale: Chain-of-custody integrity is a regulatory requirement under ONR licence conditions and is essential for evidential samples used in nuclear material accountancy. The 60-second registration target prevents queuing at the receiving bay. Named-individual attribution supports the ALARP demonstration by tracking who handled what and when. | Demonstration | subsystem, sample-receipt, session-331, idempotency:sub-sample-receipt-registration-331 |
| SUB-REQ-056 | The Sample Preparation Laboratory SHALL perform acid digestion of solid samples using concentrated HNO3, HCl, and HF in PTFE-lined microwave or hotplate dissolution vessels rated to 250 degC and 100 bar, achieving complete dissolution of reactor structural materials (stainless steel, Inconel, Zircaloy) with dissolution completion verified by visual inspection and gravimetric residue measurement below 0.1 percent of original sample mass. Rationale: Complete dissolution is essential for representative radiochemical analysis of reactor decommissioning samples. Incomplete dissolution preferentially retains refractory actinides (Pu in particular) leading to underestimation of waste classification. The 0.1% gravimetric threshold is the standard acceptance criterion used by UKAS-accredited nuclear analytical laboratories. | Test | subsystem, sample-receipt, session-331, idempotency:sub-sample-prep-dissolution-331 |
| SUB-REQ-057 | The Sample Preparation Laboratory SHALL add calibrated radiotracer spikes (Am-243, Pu-242, Sr-85, Cs-134) to each sample aliquot before chemical separation, with spike activities calibrated against NPL-traceable standards and dispensed using calibrated micropipettes with accuracy of plus or minus 1 percent of stated volume. Rationale: Radiotracer spiking enables yield correction for the subsequent radiochemical separation steps. Without tracers, chemical recovery losses cannot be quantified, producing unreliable results. NPL traceability is a UKAS accreditation requirement for quantitative radiochemistry. The 1% volumetric accuracy ensures tracer-to-analyte ratio uncertainty does not dominate the overall measurement uncertainty budget. | Inspection | subsystem, sample-receipt, session-331, idempotency:sub-sample-prep-tracer-331 |
| SUB-REQ-058 | The Sample Storage and Archive Facility SHALL maintain criticality-safe geometry with a minimum spacing of 250 mm between fissile sample containers in all directions using fixed neutron-absorbing cadmium-lined shelving, such that keff does not exceed 0.95 for any credible arrangement including optimum moderation and reflection, with a maximum fissile mass inventory of 200 g Pu-239 equivalent across all stored samples. Rationale: Criticality safety is the overriding nuclear safety concern for a sample storage area holding multiple fissile-bearing samples from reactor decommissioning. The 200g Pu-eq limit and 0.95 keff criterion derive from the site criticality safety case assessment, with cadmium-lined shelving providing passive geometric safety independent of administrative controls. This is consistent with the IAEA criticality safety standards for storage arrays. | Analysis | subsystem, sample-receipt, session-331, idempotency:sub-sample-storage-crit-331 |
| SUB-REQ-059 | The Sample Storage and Archive Facility SHALL maintain a storage environment of 15 to 25 degC and below 60 percent relative humidity, with continuous monitoring at 15-minute intervals and alarm at 30 degC or 70 percent RH, and SHALL provide retention capacity for a minimum of 500 sample containers with a 2-year routine retention period and indefinite retention for evidential or legal-hold samples. Rationale: Environmental control prevents sample degradation (acid solution evaporation, biological growth in aqueous samples, corrosion of container closures) during extended storage. The 500-container capacity is derived from the projected 200 samples per week throughput with 2-year retention. Evidential samples supporting nuclear material accountancy or regulatory investigations must be retained indefinitely until released by the regulator. | Test | subsystem, sample-receipt, session-331, idempotency:sub-sample-storage-env-331 |
| SUB-REQ-060 | The Acid Digestion and Dissolution Station SHALL achieve complete dissolution of reactor structural materials (austenitic stainless steel, Inconel 600/625, Zircaloy-2/4) with verified residue below 0.1 percent of original sample mass, using sequential acid additions in PTFE-lined vessels rated to 250 degC and 100 bar, with all acid additions performed within perchloric-acid-rated fume cupboards equipped with washdown systems. Rationale: Complete dissolution is prerequisite for quantitative radiochemical analysis. Incomplete dissolution preferentially retains refractory actinides (Pu, Am, Cm are co-precipitated with undissolved metal oxides), leading to systematic underestimation of alpha-emitting inventory — a criticality safety and waste classification concern. Perchloric acid fume cupboards are mandatory when HClO4 is used as a final oxidising acid for organic destruction in Pu-bearing solutions, as dry perchlorate residues are explosive. | Test | subsystem, radchem-sep, session-331, idempotency:sub-radchem-acid-diss-331 |
| SUB-REQ-061 | The Actinide Separation Chemistry Station SHALL achieve chemical recovery of at least 70 percent for Pu-239/240, Am-241, and Cm-244 through the complete separation procedure, with recovery determined by radiotracer yield measurement, and SHALL produce source-ready actinide fractions with a spectral purity sufficient for alpha spectrometry resolution of Pu-239/240 from Pu-238 (minimum peak separation of 40 keV FWHM). Rationale: The 70% recovery threshold is the minimum acceptable for quantitative analysis — below this, measurement uncertainties become unacceptably large for waste categorisation decisions. Spectral purity is essential because Pu-239 (5.16 MeV) and Pu-238 (5.50 MeV) differ by only 340 keV; incomplete separation of interfering isotopes (U, Th, Am) produces spectral overlap that prevents accurate activity ratio determination needed for isotopic characterisation of submarine reactor fuel. | Test | subsystem, radchem-sep, session-331, idempotency:sub-radchem-actinide-recovery-331 |
| SUB-REQ-062 | The Strontium and Caesium Separation Station SHALL isolate Sr-90 from dissolved reactor samples with a decontamination factor of at least 1000 for calcium and at least 10000 for other beta-emitting radionuclides, and SHALL achieve chemical recovery of at least 60 percent for strontium as determined by Sr-85 radiotracer yield. Rationale: Sr-90 measurement by Cherenkov counting or LSC of the Y-90 daughter requires high radiochemical purity because other beta-emitters (Cs-137, Ce-144, Ru-106) interfere directly. The calcium decontamination factor is critical because natural calcium in the sample matrix competes with strontium on the crown ether resin, reducing both recovery and selectivity. These DFs are established requirements for UKAS-accredited Sr-90 methods in the nuclear industry. | Test | subsystem, radchem-sep, session-331, idempotency:sub-radchem-sr-sep-331 |
| SUB-REQ-063 | The Tritium and Carbon-14 Preparation Station SHALL recover tritium from aqueous reactor coolant samples by azeotropic distillation with a recovery efficiency of at least 95 percent, and SHALL trap evolved CO2 from acid-digested samples using NaOH bubblers with a trapping efficiency of at least 98 percent for C-14 determination, with all distillation and trapping apparatus operated within a dedicated fume cupboard with molecular sieve extract filtration to prevent tritiated water vapour discharge. Rationale: Tritium is the dominant radionuclide by activity in PWR coolant and must be accurately measured for discharge accounting. The 95% recovery threshold ensures measurement uncertainty remains below 10% for typical dockyard coolant samples. The molecular sieve extract filtration is required because tritiated water vapour would otherwise pass through HEPA filters (which capture only particulates) and contribute directly to the site gaseous discharge authorisation. | Test | subsystem, radchem-sep, session-331, idempotency:sub-radchem-tritium-331 |
| SUB-REQ-064 | The Separation Chemistry Fume Cupboard Array SHALL provide a minimum of six standard mineral-acid-rated fume cupboards and two perchloric-acid-rated fume cupboards, each maintaining a face velocity of 0.5 m/s at the 500 mm working sash opening, with continuous airflow monitoring and automatic sash closure within 5 seconds of extract airflow falling below 80 percent of nominal. Rationale: Eight fume cupboards is the minimum for concurrent processing of the three analyte group separations plus acid digestion without workflow bottlenecks. Two perchloric-rated cupboards (with stainless steel washdown ductwork) are required specifically for the HClO4 final oxidation step in actinide separations — this cannot be performed in standard cupboards due to explosive perchlorate residue risk. Automatic sash closure on extract failure is a defence-in-depth measure preventing operator exposure if the extract fan trips during active work. | Test | subsystem, radchem-sep, session-331, idempotency:sub-radchem-fume-cupboards-331 |
| SUB-REQ-065 | The HPGe Detector Array SHALL provide energy resolution of 2.0 keV FWHM or better at 1332 keV (Co-60) for each co-axial detector and 1.2 keV FWHM or better at 122 keV (Co-57) for each well-type detector, measured under operational cryocooler vibration conditions. Rationale: Energy resolution directly determines the ability to resolve gamma peaks in complex fission product spectra from irradiated submarine reactor components. 2.0 keV at 1332 keV is needed to separate closely spaced peaks such as Eu-152/154 multiplets and to deconvolve Co-60 sum peaks from activation products. Degraded resolution causes systematic positive bias in nuclide activity quantification. | Test | subsystem, gamma-spectrometry, session-333, idempotency:sub-gamma-hpge-resolution-333 |
| SUB-REQ-066 | The HPGe Detector Array SHALL include a minimum of 6 co-axial detectors with relative efficiency of 40 percent or greater and 2 well-type detectors with absolute efficiency of 5 percent or greater at 1332 keV, providing sufficient counting capacity for a throughput of 80 samples per day during submarine refit campaigns. Rationale: Detector count and efficiency are sized to the peak demand during submarine refit, when 80+ environmental and structural material samples per day require gamma screening within 48-hour turnaround. Well-type detectors provide the high efficiency needed for low-activity environmental monitoring samples. | Test | subsystem, gamma-spectrometry, session-333, idempotency:sub-gamma-hpge-efficiency-333 |
| SUB-REQ-067 | The Lead Shielding and Counting Chambers SHALL reduce the integral background count rate in the 50 to 2000 keV energy range to less than 1 count per second per detector, using graded-Z shielding of minimum 100 mm lead, 1 mm cadmium, and 1 mm copper. Rationale: Background reduction factor of greater than 1000 is required to achieve the 0.5 Bq/L MDA for Cs-137 specified in SYS-REQ-001. Without adequate shielding, environmental background from the nearby dockyard (activation products, cosmic ray interactions) would dominate the spectrum below 500 keV, increasing counting times to impractical durations. | Test | subsystem, gamma-spectrometry, session-333, idempotency:sub-gamma-shielding-background-333 |
| SUB-REQ-068 | The Detector Cryogenic Cooling System SHALL maintain each HPGe detector crystal temperature at 85 K plus or minus 2 K continuously, with automatic shutdown and crystal protection initiated within 30 seconds of temperature exceeding 100 K. Rationale: HPGe detectors require cryogenic temperatures to achieve semiconductor charge carrier mobility needed for spectroscopic-grade resolution. Above 100 K, charge trapping degrades resolution irreversibly within minutes. The 30-second shutdown protects detector investment of approximately 30000 GBP per crystal. | Test | subsystem, gamma-spectrometry, session-333, idempotency:sub-gamma-cryo-temp-333 |
| SUB-REQ-069 | The Digital MCA and Signal Processing System SHALL provide a minimum of 16384 channels per detector with integral nonlinearity of less than 0.05 percent and dead-time correction accurate to within 1 percent at input count rates up to 50000 counts per second. Rationale: 16384 channels at 0.05 percent linearity yield approximately 0.12 keV per channel over the 0-2000 keV analysis range, well below the 2 keV detector resolution and sufficient for peak centroid accuracy required by nuclide identification algorithms. 50 kcps dead-time correction handles high-activity submarine reactor component samples without systematic activity underestimation. | Test | subsystem, gamma-spectrometry, session-333, idempotency:sub-gamma-mca-channels-333 |
| SUB-REQ-070 | The Gamma Spectroscopy Analysis and QA Workstation SHALL perform automated nuclide identification against a validated library containing a minimum of 300 nuclides including all fission products, activation products, and actinides relevant to submarine reactor systems, with false positive identification rate of less than 1 percent. Rationale: The nuclide library must cover the full spectrum of isotopes encountered in submarine PWR decommissioning: fission products (Cs-137, Sr-90 via Ba-137m), activation products (Co-60, Fe-55, Ni-63, Mn-54), transuranics (Pu-241 via Am-241 in-growth), and environmental tracers. False positives would trigger unnecessary contamination investigations costing approximately 2000 GBP each. | Test | subsystem, gamma-spectrometry, session-333, idempotency:sub-gamma-analysis-library-333 |
| SUB-REQ-071 | The Gamma Spectroscopy Analysis and QA Workstation SHALL perform automated daily quality control checks on each detector using a Eu-152 reference source, verifying energy calibration within 0.3 keV of reference values and resolution within 10 percent of baseline, and SHALL generate control chart trend data for UKAS accreditation review. Rationale: ISO 17025 and UKAS requirements for accredited nuclear measurements mandate daily QC with documented control charts. Eu-152 is the standard reference source because it provides peaks spanning the full analysis range (122 to 1408 keV). Drift beyond 0.3 keV causes nuclide misidentification; resolution degradation beyond 10 percent indicates detector or electronics failure. | Demonstration | subsystem, gamma-spectrometry, session-333, idempotency:sub-gamma-qc-daily-333 |
| SUB-REQ-072 | The Alpha Detector Chamber Array SHALL achieve energy resolution of 25 keV FWHM or better at 5.486 MeV (Am-241) for each PIPS detector, with minimum detectable activity of 0.5 mBq per sample for Pu-239/240 using a 250000-second counting time. Rationale: 25 keV resolution is required to resolve the Pu-238 (5.499 MeV) and Am-241 (5.486 MeV) alpha peaks which are separated by only 13 keV. The 0.5 mBq MDA derives from SYS-REQ-004 and is needed to demonstrate clearance of submarine structural materials against regulatory limits. | Test | subsystem, alpha-spectrometry, session-333, idempotency:sub-alpha-detector-resolution-333 |
| SUB-REQ-073 | The Electrodeposition and Source Preparation Station SHALL produce alpha sources with areal density of less than 50 micrograms per cm2 on 25 mm diameter stainless steel planchets, with chemical yield recovery for the electrodeposition process of at least 90 percent for Am-243 and Pu-242 tracers. Rationale: Source thickness directly determines alpha peak tailing and energy resolution degradation. Above 50 micrograms per cm2, self-absorption broadens peaks beyond 30 keV FWHM, preventing resolution of Pu-238 from Am-241. The 90 percent tracer recovery ensures acceptable measurement uncertainty — below 70 percent recovery, uncertainty on the reported activity exceeds the 20 percent target required by the client. | Test | subsystem, alpha-spectrometry, session-333, idempotency:sub-alpha-electrodep-thickness-333 |
| SUB-REQ-074 | The Alpha Spectrometry Vacuum System SHALL achieve and maintain a chamber pressure of less than 5 Pa within 3 minutes of pump-down initiation, with automatic acquisition inhibit when chamber pressure exceeds 10 Pa during counting. Rationale: Alpha particles lose approximately 1 MeV per cm of travel in air at atmospheric pressure. At 5 Pa, energy loss is negligible over the 5-25 mm source-detector distance. Exceeding 10 Pa during counting would degrade energy resolution beyond 30 keV, invalidating the spectrum for peak resolution of closely-spaced actinide lines. | Test | subsystem, alpha-spectrometry, session-333, idempotency:sub-alpha-vacuum-pressure-333 |
| SUB-REQ-075 | The Alpha MCA and Spectral Processing Unit SHALL calculate tracer recovery, isotopic activity ratios, activity per sample, combined measurement uncertainty at k equals 2, and minimum detectable activity for each sample, with results traceable to NIST or NPL-certified tracer solutions. Rationale: Alpha spectrometry quantification requires known-activity tracer isotopes spiked before separation to correct for chemical recovery losses. Without automated tracer recovery calculation, manual errors in activity computation would undermine ISO 17025 accreditation. Traceability to NIST or NPL ensures results are defensible for regulatory submissions. | Demonstration | subsystem, alpha-spectrometry, session-333, idempotency:sub-alpha-mca-tracer-333 |
| SUB-REQ-076 | The Alpha Spectrometry Vacuum System SHALL incorporate a cold trap between counting chambers and the vacuum pump to prevent actinide contamination of pump oil, and SHALL exhaust pump discharge through a HEPA filter to the active extract ductwork. Rationale: Actinide-contaminated pump oil creates a secondary radioactive waste stream and poses an inhalation hazard during pump maintenance. The cold trap captures volatile actinide compounds that may sublime from high-activity sources during long counting periods. HEPA-filtered exhaust prevents airborne release of alpha-emitting particles. | Inspection | subsystem, alpha-spectrometry, session-333, idempotency:sub-alpha-vacuum-containment-333 |
| SUB-REQ-077 | The Liquid Scintillation Counter Array SHALL achieve a counting efficiency of at least 65% for H-3 and at least 95% for C-14 across the operational quench range (tSIE 200-800), with background count rate not exceeding 2.0 CPM in the H-3 window and 4.0 CPM in the C-14 window. Rationale: These efficiency and background values derive from the SYS-REQ-010 detection limit of 1 Bq/L H-3 at 120 min count time. MDA = 2.71 + 4.65*sqrt(B*t) / (E*V*t) requires E>=0.65 and B<=2.0 CPM to achieve 1 Bq/L. The C-14 figures derive from equivalent calculations for the C-14 window. | Test | subsystem, liquid-scintillation, session-334, idempotency:sub-lsc-counter-efficiency-334 |
| SUB-REQ-078 | The Liquid Scintillation Counter Array SHALL provide pulse shape analysis alpha/beta discrimination with an alpha rejection factor of at least 99.95% and beta spillover into the alpha channel not exceeding 0.1%, verified using mixed Am-241/H-3 reference standards. Rationale: Dockyard samples contain alpha-emitting actinides alongside H-3 and C-14. Without effective PSA, alpha events in the beta counting window produce false-positive activity, particularly problematic for low-level H-3 measurements where alpha interference can exceed the H-3 signal. The 99.95% rejection factor ensures alpha contribution to the H-3 window is negligible (<0.1% of MDA). | Test | subsystem, liquid-scintillation, session-334, idempotency:sub-lsc-psa-334 |
| SUB-REQ-079 | The LSC Sample Preparation Station SHALL achieve cocktail dispensing repeatability of 0.5% RSD for volumes between 10 and 15 mL, with sample-to-cocktail ratio configurable between 1:1 and 1:3 to accommodate varying sample salinity and pH. Rationale: Cocktail volume consistency directly affects quench level reproducibility and counting geometry. A 1% volume variation translates to approximately 2% variation in quench-corrected activity. The 0.5% RSD target ensures the cocktail dispensing contribution to total measurement uncertainty is below 0.3%, keeping it negligible compared to counting statistics (~3-5% at MDA). | Test | subsystem, liquid-scintillation, session-334, idempotency:sub-lsc-cocktail-334 |
| SUB-REQ-080 | The LSC Sample Preparation Station SHALL provide temperature-controlled dark adaptation storage for a minimum of 200 vials simultaneously, maintaining temperature at 15 +/- 1 degrees C for a minimum dark adaptation period of 2 hours before counting, to reduce chemiluminescence and photoluminescence below 0.5 CPM contribution. Rationale: Chemiluminescence from cocktail-sample chemical interaction and photoluminescence from ambient light exposure produce time-dependent false counts that decay over 1-4 hours. At 15C the decay constant is approximately 30 minutes. A 2-hour period at 15C reduces the luminescence contribution to below 0.5 CPM, which is 25% of the H-3 background target. Higher temperatures accelerate chemical luminescence onset. The 200-vial capacity supports batch processing during dockyard campaigns. | Test | subsystem, liquid-scintillation, session-334, idempotency:sub-lsc-dark-adapt-334 |
| SUB-REQ-081 | The LSC Background and QC Reference System SHALL perform automated daily QC checks using sealed H-3 and C-14 reference standards traceable to NPL, with chi-squared test at 95% confidence level and trending analysis detecting systematic drift exceeding 2 sigma over 20 consecutive measurements. Rationale: ISO 17025 and Environment Agency MCERTS requirements mandate regular instrument QC. Daily QC with sealed standards detects detector degradation, electronics drift, and environmental changes before they affect analytical results. The chi-squared test at 95% confidence provides statistically rigorous pass/fail criteria. Two-sigma trending over 20 points detects slow systematic drift that individual chi-squared tests miss. | Test | subsystem, liquid-scintillation, session-334, idempotency:sub-lsc-qc-daily-334 |
| SUB-REQ-082 | The LSC Data Analysis and QA Workstation SHALL calculate total measurement uncertainty for each result per GUM methodology, incorporating counting statistics, quench correction uncertainty, background subtraction uncertainty, volumetric uncertainty, and decay correction uncertainty, reporting combined standard uncertainty and expanded uncertainty at 95% coverage factor. Rationale: Regulatory reporting of environmental radioactivity requires uncertainty budgets per GUM (ISO/IEC Guide 98-3). EA discharge authorisation conditions require reported uncertainties. Without propagated uncertainty budgets, results cannot be used for compliance demonstration. Each component contributes differently depending on activity level — at MDA counting statistics dominate, at higher activities volumetric and quench correction dominate. | Test | subsystem, liquid-scintillation, session-334, idempotency:sub-lsc-uncertainty-334 |
| SUB-REQ-083 | The ICP-MS Sample Introduction System SHALL achieve inter-sample carryover of less than 0.01% for uranium and less than 0.005% for plutonium, verified using a 10 ppb rinse-down protocol with 5% HNO3 and 0.05% Triton X-100, to prevent cross-contamination between high-activity dockyard samples and environmental blanks. Rationale: Dockyard samples span 6+ orders of magnitude in actinide concentration. Memory effects from high-level samples contaminating subsequent low-level measurements produce false positives. The 0.01% U carryover ensures a 10 ppb sample does not contribute more than 1 fg/L to the next measurement, which is below the instrument detection limit. Plutonium has stricter limits (0.005%) because Pu measurements are used for criticality safety assessments. | Test | subsystem, icp-ms, session-334, idempotency:sub-icpms-memory-334 |
| SUB-REQ-084 | The ICP-MS Instrument SHALL achieve isotope ratio measurement precision of 0.5% RSD for U-235/U-238 and 2% RSD for Pu-239/Pu-240 at concentrations exceeding 10 times the detection limit, with mass bias correction using NIST SRM 3164 (uranium) or CRM 136 (plutonium) certified reference materials. Rationale: Uranium enrichment determination (U-235/U-238) for dockyard decommissioning waste characterisation requires 0.5% RSD to distinguish natural uranium (0.0072) from reactor-grade (0.03-0.05) confidently. Pu-239/Pu-240 ratio distinguishes weapons-grade from reactor-grade plutonium, critical for waste categorisation and safeguards. The 2% RSD reflects the greater difficulty of Pu ratio measurements due to lower concentrations and UH+ interference. | Test | subsystem, icp-ms, session-334, idempotency:sub-icpms-isotope-ratio-334 |
| SUB-REQ-085 | The Argon Gas Supply and Plasma System SHALL maintain plasma gas flow stability within 0.5% of setpoint and nebuliser gas flow stability within 1% of setpoint over an 8-hour analytical run, with automatic gas purity monitoring that triggers instrument standby when impurity levels (O2, H2O, N2) exceed 5 ppm total. Rationale: Plasma gas flow variations directly affect plasma temperature and ionisation efficiency. A 1% change in nebuliser gas flow causes approximately 5% change in signal intensity and alters oxide formation ratios. The 0.5% stability target keeps signal drift below 3% over 8 hours, within internal standard correction capability. Gas purity monitoring prevents torch damage and spectral interference from N2 and O2 molecular species. | Test | subsystem, icp-ms, session-334, idempotency:sub-icpms-argon-334 |
| SUB-REQ-086 | The LIMS Server and Database SHALL maintain operational availability of at least 99.5% during laboratory working hours (0700-1900 weekdays), with automatic failover to the standby server completing within 60 seconds of primary server failure detection, and zero data loss for committed transactions. Rationale: Laboratory operations depend on LIMS for sample tracking and result recording. Extended downtime forces paper-based backup procedures that increase error risk. The 99.5% target allows approximately 2.5 hours unplanned downtime per quarter, which is operationally acceptable. The 60-second failover prevents work interruption. Zero data loss for committed transactions ensures no approved results are lost during failover. | Test | subsystem, lims, session-334, idempotency:sub-lims-availability-334 |
| SUB-REQ-087 | The LIMS Instrument Interface Module SHALL support bidirectional data exchange with all analytical instrument workstations (gamma spectrometry, alpha spectrometry, liquid scintillation, and ICP-MS), pushing work orders and counting/analysis parameters to instruments and receiving validated results back, with automatic data integrity verification using checksums and duplicate detection. Rationale: Bidirectional interface eliminates manual transcription at both ends: work order details do not need to be re-entered at the instrument, and results do not need to be manually typed into LIMS. Each manual transcription point has an estimated error rate of 0.1-0.5% for nuclear analytical data. With 50,000 results per year, unidirectional-only interfaces would generate 50-250 transcription errors annually. Checksums prevent silent data corruption during transfer. | Test | subsystem, lims, session-334, idempotency:sub-lims-instrument-ifc-334 |
| SUB-REQ-088 | The LIMS Reporting and Regulatory Compliance Engine SHALL automatically calculate cumulative site discharges against annual authorised limits for all controlled radionuclides, generating alerts when cumulative discharge reaches 75% and 90% of the authorised limit for any radionuclide, and producing quarterly RIFE programme submissions in the format specified by EA/SEPA. Rationale: Exceeding authorised discharge limits is a regulatory offence under the Environmental Permitting Regulations. Automated cumulative tracking with early warning at 75% and 90% provides laboratory management and dockyard radiological protection sufficient lead time to implement discharge reduction measures. Manual tracking of cumulative discharges across multiple radionuclides is error-prone and has historically led to reportable events at other nuclear sites. | Test | subsystem, lims, session-334, idempotency:sub-lims-regulatory-334 |
| SUB-REQ-089 | The Electrical Power Distribution System SHALL maintain normal supply availability of at least 99.5% per annum, measured at the main low-voltage switchboard, excluding planned maintenance outages notified 48 hours in advance. Rationale: 99.5% equates to approximately 44 hours unplanned downtime per year. Below this, analytical campaigns requiring multi-day continuous instrument operation (e.g., 72-hour LSC counts) would face unacceptable interruption rates. The dockyard HV ring provides dual feeds; 99.5% is achievable with automatic changeover. | Analysis | subsystem, lab-utilities, session-335, idempotency:sub-epds-availability-335 |
| SUB-REQ-090 | The Electrical Power Distribution System SHALL provide uninterruptible power supply to ICP-MS instruments, gamma spectrometers, LIMS servers, and radiation monitoring data loggers with less than 10ms transfer time and at least 15 minutes autonomy at full rated load. Rationale: ICP-MS plasma extinction occurs within 2ms of power loss, requiring full instrument restart and 30-minute restabilisation. Gamma spectrometry counts spanning hours would lose accumulated data. 15 minutes autonomy covers generator start and load acceptance time with margin. | Test | subsystem, lab-utilities, session-335, idempotency:sub-epds-ups-335 |
| SUB-REQ-091 | The Deionised Water Treatment and Distribution System SHALL produce water meeting ASTM D1193 Type I specifications: resistivity greater than or equal to 18.0 megaohm-centimetres at 25 degrees C, total organic carbon less than 50 parts per billion, and bacterial count below 1 CFU per millilitre. Rationale: Trace radiochemical analysis by ICP-MS operates at sub-ppt detection limits. Ionic contaminants in reagent water create spectral interferences and elevated blanks that invalidate results. Type I water is the minimum standard for quantitative trace analysis per ISO 17025 accreditation requirements. | Test | subsystem, lab-utilities, session-335, idempotency:sub-diwater-quality-335 |
| SUB-REQ-092 | When the fire detection system activates a zone alarm, the Laboratory Gas Supply System SHALL automatically isolate all flammable gas supplies (hydrogen, acetylene) to the affected zone within 5 seconds via fail-safe solenoid valves. Rationale: Flammable gas accumulation in a radiological area during a fire creates a combined radiological-explosion hazard. 5-second isolation prevents gas accumulation above lower explosive limit in worst-case leak scenarios, derived from zone volume and maximum flow rate calculations. | Test | subsystem, lab-utilities, session-335, idempotency:sub-gas-fire-isolation-335 |
| SUB-REQ-093 | The Building Management System SHALL implement network segmentation isolating operational technology networks from enterprise IT networks via a unidirectional security gateway, with all remote access authenticated via multi-factor authentication and logged with 12-month retention. Rationale: ONR expects nuclear-connected OT networks to be isolated from enterprise networks to prevent cyber-attack vectors reaching safety-related systems. Unidirectional gateway ensures monitoring data flows out but no commands can originate from the IT side. NIS Regulations require audit trail. | Inspection | subsystem, lab-utilities, session-335, idempotency:sub-bms-cyber-335 |
| SUB-REQ-094 | The Physical Security and Access Control System SHALL enforce three access tiers: Tier 1 (building entry, proximity card), Tier 2 (controlled area, card plus PIN), and Tier 3 (nuclear material accountability zones and high-activity stores, card plus biometric verification), with access rights reviewed quarterly. Rationale: NISR 2003 requires graded physical protection proportional to the consequence of malicious act. Three tiers align with the facility consequence categories: low (general labs), medium (active areas), and high (nuclear material stores). Quarterly review catches personnel changes and prevents credential drift. | Inspection | subsystem, lab-utilities, session-335, idempotency:sub-security-tiers-335 |
| SUB-REQ-095 | The Chilled Water and Heating System SHALL maintain laboratory ambient temperature within 20 plus or minus 2 degrees C in all analytical areas during occupied hours, with chilled water flow temperature controlled to 6 plus or minus 0.5 degrees C. Rationale: Analytical instrument calibration and measurement uncertainty budgets assume stable ambient temperature. ICP-MS and gamma spectrometer electronics are temperature-sensitive; ambient excursions beyond 2C from setpoint cause measurable detector gain drift and plasma instability, requiring recalibration. | Test | subsystem, lab-utilities, session-335, idempotency:sub-chw-temp-335 |
| SUB-REQ-096 | The Laboratory Gas Supply System SHALL provide automatic manifold changeover for nitrogen and compressed air supplies, switching from primary to reserve cylinder bank without interruption to laboratory supply pressure, and generating a low-reserve alarm at 20 percent remaining capacity. Rationale: ICP-MS collision cell and glove box atmosphere require uninterrupted nitrogen flow. Manual changeover risks supply interruption during overnight or weekend analytical runs. 20 percent low-reserve threshold provides approximately 8 hours response time for cylinder replacement based on typical consumption rates. | Test | subsystem, lab-utilities, session-335, idempotency:sub-gas-changeover-335 |
| SUB-REQ-097 | The Deionised Water Treatment and Distribution System SHALL recirculate stored water continuously at a minimum flow velocity of 0.5 m/s within the distribution loop, with continuous online monitoring of resistivity and automatic diversion of off-specification water back to the treatment stage. Rationale: Stagnant ultra-pure water rapidly degrades through CO2 absorption and biofilm formation. 0.5 m/s minimum velocity prevents dead-leg colonisation. Automatic diversion prevents off-spec water reaching analytical points of use, which would invalidate quality control blanks and potentially contaminate samples. | Test | subsystem, lab-utilities, session-335, idempotency:sub-diwater-recirc-335 |
| SUB-REQ-098 | The Building Management System SHALL present utility alarms in priority order (critical, high, medium, low) on control room workstations within 2 seconds of detection, with critical alarms requiring operator acknowledgement and generating automatic notification to the facility duty manager. Rationale: Nuclear site licence condition requires prompt operator awareness of facility conditions. 2-second alarm presentation ensures utility failures affecting containment systems (e.g., chiller failure causing extract fan motor overheating) are detected before secondary protection trips occur. Prioritisation prevents alarm flooding. | Test | subsystem, lab-utilities, session-335, idempotency:sub-bms-alarms-335 |
| SUB-REQ-099 | The Safety Interlock and Trip System SHALL be subject to proof testing at intervals not exceeding 6 months for all SIL 2 functions and 3 months for all SIL 3 functions, with each proof test exercising the complete trip chain from sensor input through logic solver to final element actuation, and test results recorded in the maintenance management system. Rationale: IEC 61511 requires proof testing at intervals consistent with the target SIL. The 2oo3 voting architecture specified in SUB-REQ-037 achieves SIL 3 only when combined with sufficiently frequent proof testing to detect dangerous undetected failures. Cross-domain analysis of Nuclear Reactor Protection Systems confirms that 3-month proof test intervals are standard practice for SIL 3 nuclear safety functions. Without defined proof test intervals, the claimed SIL cannot be demonstrated in the safety case. | Test | subsystem, safety, proof-testing, validation, session-337 |
| SUB-REQ-100 | The Safety Interlock and Trip System SHALL employ diverse sensing technologies for each safety function such that no single common cause failure mechanism can disable all redundant channels simultaneously, with diversity demonstrated through use of different physical measurement principles or different equipment manufacturers for at least one channel in each 2oo3 voting group. Rationale: Cross-domain analysis shows Nuclear Reactor Protection Systems with 0.91 trait similarity require diverse redundancy to defeat common cause failures. IEC 61511 clause 11.4 requires CCF defences proportional to SIL. In a radiochemistry laboratory, common cause failures from chemical attack on sensors or electromagnetic interference from nearby equipment could disable identical redundant channels simultaneously. Diversity in sensing principle provides inherent defence. | Analysis | subsystem, safety, ccf, validation, session-337 |
| Ref | Requirement | V&V | Tags |
|---|---|---|---|
| IFC-REQ-001 | The interface between the Extract Fan System and the HEPA Filtration Assembly SHALL comprise 316L stainless steel ductwork rated for minus 3 kPa, with the fan positioned downstream of both filter banks to ensure the entire extract path from containment devices to fan inlet operates at negative pressure relative to surrounding spaces. Rationale: Fan-downstream-of-filters is a fundamental nuclear ventilation design principle. If the fan were upstream, any ductwork leak between fan and filters would release unfiltered contaminated air. With fan downstream, all leaks are inward, maintaining containment. 316L stainless steel is specified because extract ductwork may accumulate surface contamination requiring periodic decontamination with acidic solutions. | Inspection | interface, ventilation, session-326, idempotency:ifc-efs-hepa-326 |
| IFC-REQ-002 | The interface between the Depression Cascade Control System and the Extract Fan System SHALL provide variable speed drive setpoint signals (4-20 mA analogue or Modbus RTU) with fan speed feedback and status returned at update rates not exceeding 500 milliseconds. Rationale: The 500 ms update rate supports the 2-second disturbance response in SUB-REQ-004. The control loop needs at least 4 measurement-actuation cycles within the response window. Dual interface option provides resilience against communication bus failure. | Test | interface, ventilation, session-326, idempotency:ifc-dccs-efs-326 |
| IFC-REQ-003 | The interface between the Fume Cupboard and Glove Box Extract Network and the HEPA Filtration Assembly SHALL comprise a common extract manifold with total airflow capacity of not less than 12000 cubic metres per hour and static pressure at manifold entry of not less than minus 500 Pa. Rationale: The manifold must accommodate simultaneous extract from all fume cupboards (8-12 at 500-800 m3/h each) plus glove boxes (4-6 at 50-100 m3/h). The 12000 m3/h capacity provides margin for future expansion. The minus 500 Pa ensures adequate flow to the most remote containment device. | Test | interface, ventilation, session-326, idempotency:ifc-fcgb-hepa-326 |
| IFC-REQ-004 | The interface between the HEPA Filtration Assembly and the Stack Monitoring and Discharge System SHALL comprise the filtered extract duct with an isokinetic sampling point located at not less than 8 duct diameters downstream of the last flow disturbance and 2 duct diameters upstream of the stack exit, per ISO 2889. Rationale: ISO 2889 specifies isokinetic sampling locations for representative radioactive effluent monitoring. Inadequate straight-run distances cause non-representative sampling due to particle concentration gradients, resulting in either under-reporting (regulatory non-compliance) or over-reporting (spurious stack isolation). | Inspection | interface, ventilation, session-326, idempotency:ifc-hepa-stack-326 |
| IFC-REQ-005 | The interface between the Depression Cascade Control System and the Supply Air Handling Unit SHALL provide supply fan speed setpoint and supply damper position commands, with supply airflow measurement feedback (pitot array or orifice plate, accuracy plus or minus 5 percent of reading) to enable cascade balancing between supply and extract volumes. Rationale: Cascade control requires coordinated supply and extract flow modulation. If supply volume is not reduced proportionally when extract is reduced (e.g. during fume cupboard closure), over-pressurisation of C1/C2 zones can result. The 5 percent accuracy ensures the supply-extract flow balance remains within the control system deadband. | Test | interface, ventilation, session-326, idempotency:ifc-dccs-sahu-326 |
| IFC-REQ-006 | The interface between the Standby Ventilation and Emergency Isolation System and the Depression Cascade Control System SHALL provide hardwired override signals for fire damper closure and smoke extract mode activation, bypassing the normal cascade control logic via dedicated SIL 2 rated safety relay circuits independent of the PLC. Rationale: Emergency isolation must operate independently of the cascade PLC to satisfy common-cause failure requirements under IEC 61511. A PLC failure must not prevent fire damper closure or smoke extract activation. Hardwired safety relays provide the required independence and achieve the SIL 2 target for the containment preservation safety function. | Test | interface, ventilation, safety, session-326, idempotency:ifc-standby-dccs-326 |
| IFC-REQ-007 | The interface between the Continuous Air Monitor Network and the Health Physics Central Alarm and Display System SHALL comprise RS-485 Modbus RTU at 9600 baud with polling interval not exceeding 5 seconds, transmitting DAC-fraction reading, alarm state, instrument status, and filter paper accumulation for each CAM station. Rationale: RS-485 Modbus is the established industrial standard for radiation monitoring instruments and provides reliable multi-drop communication over distances up to 1200m. 5-second polling ensures the central display updates within the 2-second alarm annunciation window when combined with local alarm relay. Data fields cover all information needed for HP assessment and statutory reporting. | Test | interface, radiation-protection, cam-network, hp-central, session-327, idempotency:ifc-cam-hpcentral-327 |
| IFC-REQ-008 | The interface between the Area Gamma Dose Rate Monitoring Array and the Health Physics Central Alarm and Display System SHALL provide dual-path data: a 4-20mA analogue signal proportional to log dose rate for hardwired alarm relay, and Modbus TCP/IP digital data at 10-second intervals carrying dose rate, energy-compensated H*(10), cumulative dose, and instrument health status. Rationale: Dual-path interface provides diversity against common-mode communication failure. Hardwired 4-20mA ensures alarm relay even if digital network fails — this is the SIL 1 safety function path. Digital path carries the full data set needed for trending, statutory returns, and dose assessment. 10-second interval matches the area gamma update rate requirement. | Test | interface, radiation-protection, gamma-array, hp-central, session-327, idempotency:ifc-gamma-hpcentral-327 |
| IFC-REQ-009 | The interface between the Contamination Monitoring Stations and the Health Physics Central Alarm and Display System SHALL transmit measurement results (pass/fail status, alpha and beta-gamma surface activity in Bq/cm2, measurement timestamp, and monitor identity) via Ethernet TCP/IP within 2 seconds of measurement completion. Rationale: Real-time contamination monitoring results at the central display enable the RPS to track contamination trends across the facility and identify developing contamination events before they reach clearance levels. 2-second transmission requirement ensures the mimic display reflects current facility status for shift handover and incident response. | Test | interface, radiation-protection, contamination, hp-central, session-327, idempotency:ifc-contam-hpcentral-327 |
| IFC-REQ-010 | The interface between the Personal Dosimetry and Dose Record System and the Health Physics Central Alarm and Display System SHALL transmit EPD dose data (current dose rate, integrated dose, dose constraint percentage, and personnel identifier) via OPC-UA at 60-second intervals, with immediate event notification when any dose alarm threshold is exceeded. Rationale: OPC-UA interface aligns with the HP Central system SCADA architecture and provides structured, secure data exchange. 60-second routine interval is adequate for dose trend monitoring. Immediate event notification ensures the RPS is aware of dose alarm conditions in real-time for personnel protection decisions. Personnel identifier enables dose tracking by individual on the mimic display. | Test | interface, radiation-protection, dosimetry, hp-central, session-327, idempotency:ifc-dosim-hpcentral-327 |
| IFC-REQ-011 | The interface between the Health Physics Central Alarm and Display System and the Laboratory Information Management System SHALL provide OPC-UA read access to real-time zone radiation status, current area dose rates, and airborne contamination levels, enabling LIMS to associate radiological conditions with sample processing records. Rationale: LIMS integration enables correlation of radiological conditions with sample analysis activities, supporting dose assessment for specific operations and investigation of any anomalous results that may be attributable to elevated background. OPC-UA read-only access ensures LIMS cannot inadvertently modify radiation monitoring data or alarm states. | Test | interface, radiation-protection, hp-central, lims, session-327, idempotency:ifc-hpcentral-lims-327 |
| IFC-REQ-012 | The interface between the Health Physics Central Alarm and Display System and the Facility Safety and Emergency Response System SHALL provide hardwired relay contacts for evacuation-level radiation alarms from any CAM or area gamma monitor, activating the facility evacuation alarm within 1 second of the radiation alarm condition being confirmed. Rationale: Hardwired relay interface for evacuation-level alarms provides deterministic, network-independent triggering of the facility emergency response. 1-second activation ensures evacuation alarm sounds within the 3-second total response target from radiation detection to audible warning. This is the most safety-critical interface in the RP subsystem — it must not depend on software or network availability. | Test | interface, radiation-protection, hp-central, facility-safety, session-327, idempotency:ifc-hpcentral-safety-327 |
| IFC-REQ-013 | The interface between the Active Drain Collection Network and the Effluent Collection and Delay Tanks SHALL transfer liquid waste via gravity and sump pump through 50mm bore 316L stainless steel pipework at a maximum flow rate of 20 L/min, with isolation valves at each tank inlet and flow totalisation at the collection header. Rationale: 50mm bore sized for peak laboratory waste generation rate (multiple fume cupboard drains simultaneously) with margin. Flow totalisation needed for mass balance accounting per LC34 arrangements. | Test | interface, aetds, session-328, idempotency:ifc-drain-tanks-328 |
| IFC-REQ-014 | The interface between the Effluent Collection and Delay Tanks and the Batch Sampling and Analysis Station SHALL provide dedicated 12mm bore 316L stainless steel sample lines from each tank with peristaltic pump sampling capability, including a 5-minute line purge cycle before each sample draw to clear stagnant liquid from the sample line. Rationale: Dedicated sample lines per tank prevent cross-contamination between batches. 5-minute purge at 12mm bore clears approximately 3 line volumes at typical pump rate, ensuring sample represents current tank contents. | Test | interface, aetds, session-328, idempotency:ifc-tanks-sampling-328 |
| IFC-REQ-015 | The interface between the Effluent Collection and Delay Tanks and the Chemical Treatment Plant SHALL transfer effluent batches at a controlled flow rate of 5-15 L/min via positive displacement pump, with return of treated effluent to a clean receiving tank for post-treatment sampling before discharge authorisation. Rationale: Controlled flow rate ensures adequate residence time in precipitation reactor and ion exchange columns. Return to receiving tank enables post-treatment verification sampling — if treatment is inadequate, the batch can be re-treated rather than discharged. | Test | interface, aetds, session-328, idempotency:ifc-tanks-treatment-328 |
| IFC-REQ-016 | The interface between the Discharge Monitoring and Control System and the site active drainage system SHALL include continuous proportional sampling during discharge, with in-line ZnS scintillation alpha monitor (MDA 0.05 Bq/mL) and plastic scintillation beta-gamma monitor (MDA 0.5 Bq/mL), electromagnetic flowmeter (±1% accuracy), and a fail-safe pneumatic discharge valve with less than 5-second closure time. Rationale: Continuous proportional sampling provides a composite sample for post-discharge laboratory confirmation. MDA values set at half the Environment Agency discharge limits to ensure reliable detection before limits are reached. Pneumatic valve chosen for fail-safe closure on air supply loss. | Test | interface, aetds, safety, session-328, idempotency:ifc-discharge-site-328 |
| IFC-REQ-017 | The interface between the Batch Sampling and Analysis Station and the Laboratory Information Management System SHALL transmit batch screening results (pH, conductivity, temperature, gross gamma) as structured data records within 30 seconds of measurement completion, using the facility OPC UA data bus with authentication and integrity verification. Rationale: 30-second latency ensures batch status is current in LIMS for discharge decisions. OPC UA provides standard industrial interoperability with built-in security. Integrity verification prevents corrupted data driving incorrect discharge authorisation. | Test | interface, aetds, session-328, idempotency:ifc-sampling-lims-328 |
| IFC-REQ-018 | The interface between the Chemical Treatment Plant and the Radioactive Waste Management Facility SHALL transfer ILW sludge in sealed 200-litre drums with dose rate not exceeding 2 mSv/h at contact, accompanied by a waste characterisation record including activity inventory, chemical composition, and package weight. Rationale: 2 mSv/h contact dose rate limit aligned with transport regulations and RWMF receipt acceptance criteria. Waste characterisation record required for ILW inventory accounting under LC32 and future disposal case development. | Inspection | interface, aetds, session-328, idempotency:ifc-treatment-waste-328 |
| IFC-REQ-019 | The interface between the Criticality Warning System and the Safety Interlock and Trip System SHALL transmit criticality trip signals via hardwired relay contacts (volt-free, fail-safe energise-to-run) with end-to-end signal propagation latency not exceeding 10 milliseconds and electrical isolation between the two systems maintained by galvanic isolation barriers rated to 2.5 kV. Rationale: Hardwired relay contacts ensure deterministic signal path without software dependency. Fail-safe energise-to-run means loss of signal (wire break, power loss) defaults to trip state. 10 ms latency budget allocated from the 500 ms total trip initiation budget. 2.5 kV galvanic isolation prevents fault propagation between safety-critical subsystems. | Test | interface, safety, criticality, session-329, idempotency:ifc-cws-sit-329 |
| IFC-REQ-020 | The interface between the Fire Detection and Suppression System and the Standby Ventilation and Emergency Isolation System SHALL transmit zone-specific fire damper closure commands within 2 seconds of fire confirmation, using dedicated fire-rated cabling (BS 8519) maintaining circuit integrity for a minimum of 120 minutes. Rationale: Zone-specific commands prevent whole-facility ventilation shutdown on a single-zone fire, maintaining containment in unaffected zones. 2-second command latency ensures damper closure completes before fire growth compromises ductwork integrity. 120-minute fire-rated cabling per BS 8519 ensures damper commands remain available throughout a fire event. | Test | interface, fire, ventilation, session-329, idempotency:ifc-fds-sveis-329 |
| IFC-REQ-021 | The interface between the Emergency Power System and the Criticality Warning System SHALL provide dual-redundant UPS-backed power feeds at 24 VDC with automatic changeover in less than 1 millisecond, each feed capable of sustaining the full criticality detection load independently. Rationale: Criticality detection must operate continuously without any monitoring gap. Dual-redundant feeds ensure single UPS failure does not interrupt detection. 1 ms changeover maximum prevents detector reset or transient loss of counting that could mask a neutron burst. 24 VDC selected as standard for nuclear instrumentation per IEC 61225. | Test | interface, power, criticality, session-329, idempotency:ifc-eps-cws-329 |
| IFC-REQ-022 | The interface between the Safety Interlock and Trip System and the Depression Cascade Control System SHALL provide ventilation isolation trip commands on confirmed fire or seismic event, with the depression cascade controller maintaining minimum 10 Pa containment depression on non-affected zones during partial isolation. Rationale: Partial isolation allows ventilation to continue in unaffected zones, maintaining containment where there is no fire. 10 Pa minimum depression during partial isolation is the lower bound required to prevent contamination migration through door seals and penetrations under wind loading conditions at the dockyard coastal site. | Test | interface, safety, ventilation, session-329, idempotency:ifc-sit-dccs-329 |
| IFC-REQ-023 | The interface between the Spill Containment and Emergency Decontamination System and the Active Drain Collection Network SHALL route all spill drainage and decontamination shower effluent via sealed stainless steel pipework to the active drain collection system, with no cross-connection to inactive drainage, and floor drain traps maintaining a minimum 50 mm water seal. Rationale: Cross-connection to inactive drains would bypass the active effluent treatment system, risking unmonitored radioactive discharge. 50 mm water seal prevents airborne contamination backflow through the drain system, which would compromise the depression cascade containment regime. | Inspection | interface, containment, effluent, session-329, idempotency:ifc-scd-adn-329 |
| IFC-REQ-024 | The interface between the Solid Waste Characterization and Segregation Station and the Solid Waste Packaging and Compaction System SHALL transfer categorised waste items with an accompanying electronic categorisation certificate containing: waste category (VLLW/LLW/ILW), measured activity inventory, surface contamination results, and approved packaging route, transmitted via the Waste Records and Consignment System within 5 minutes of categorisation completion. Rationale: Waste must not be packaged without a completed categorisation record — packaging the wrong category of waste (e.g., ILW into an LLW drum) is a regulatory non-compliance that could result in incorrectly disposed packages. The 5-minute transfer time ensures real-time data availability for packaging operators and prevents orphaned waste items sitting without categorisation records. | Test | interface, waste-management, characterization, packaging, session-330, idempotency:ifc-char-pack-330 |
| IFC-REQ-025 | The interface between the Solid Waste Packaging and Compaction System and the Interim Waste Store SHALL transfer sealed waste drums with verified surface contamination below transport limits, each drum bearing a unique barcode label cross-referenced to its waste package data record, with a maximum of 4 hours between sealing and placement in the designated store position. Rationale: The 4-hour window between sealing and store placement limits the time drums spend in the uncontrolled transfer area, reducing the risk of accidental damage or loss of traceability. Barcode labelling provides positive identification that does not degrade during multi-decade storage, unlike paper labels. Surface contamination verification at this boundary prevents contamination entering the store. | Test | interface, waste-management, packaging, interim-store, session-330, idempotency:ifc-pack-store-330 |
| IFC-REQ-026 | The interface between the Liquid Waste Conditioning System and the Interim Waste Store SHALL transfer cemented wasteform packages only after a minimum 7-day curing period and confirmation that compressive strength sampling indicates the batch will meet the 4 MPa 28-day target, with each package assigned a storage position that respects criticality spacing requirements for its fissile content. Rationale: The 7-day hold before transfer allows early-age compressive strength testing (typically 7-day cubes) to verify the cement mix is developing strength correctly before committing the package to long-term storage. Packages failing early strength checks can be remediated before placement in the store, where retrieval for rework is operationally expensive. Criticality spacing assignment at transfer time prevents ad-hoc placement that could violate keff limits. | Test | interface, waste-management, liquid-conditioning, interim-store, session-330, idempotency:ifc-liquid-store-330 |
| IFC-REQ-027 | The interface between the Liquid Waste Conditioning System and the Active Drain Collection Network SHALL return evaporator distillate to the active drain system at a maximum activity concentration of 100 Bq/L total alpha and 1000 Bq/L total beta/gamma, at a flow rate not exceeding 0.5 L/min, via a dedicated sampling point that enables batch hold-and-release before drain entry. Rationale: Distillate activity limits are derived from the AETDS input assumptions — exceeding these values would overload the Chemical Treatment Plant and risk breaching discharge authorisation limits. The hold-and-release sampling point provides an additional verification barrier, consistent with the ALARP principle, before returning potentially active liquid to the site drainage system. | Test | interface, waste-management, liquid-conditioning, effluent, session-330, idempotency:ifc-liquid-drain-330 |
| IFC-REQ-028 | The interface between the Waste Records and Consignment System and the Laboratory Information Management System SHALL exchange waste characterisation analytical results and sample chain-of-custody data via a bidirectional API with mutual TLS authentication, with data synchronisation completing within 60 seconds of record creation in either system. Rationale: Analytical results from the characterization station are initially recorded in LIMS (as the authoritative analytical record under ISO 17025) and must flow to the waste records system for waste package data records. Bidirectional exchange ensures traceability in both directions. Mutual TLS prevents unauthorised data injection into either system. The 60-second synchronisation window ensures near-real-time consistency between the two databases. | Test | interface, waste-management, records, lims, session-330, idempotency:ifc-records-lims-330 |
| IFC-REQ-029 | The interface between the Chemical Treatment Plant and the Liquid Waste Conditioning System SHALL transfer treatment sludges and concentrates via a shielded pipeline with a maximum throughput of 50 L/batch, with each batch accompanied by an analytical certificate confirming radionuclide inventory and chemical composition, and a physical interlock preventing transfer if the conditioning system is not in a ready state. Rationale: The Chemical Treatment Plant generates sludges and concentrates that exceed discharge authorisation limits and must be conditioned as solid waste. The 50 L/batch limit is sized to the cementation vessel capacity. The analytical certificate is required because the cement formulation must be adjusted for different waste chemistries. The physical interlock prevents overfilling or transfer to an unprepared system, both of which are credible initiating events in the liquid waste safety case. | Test | interface, waste-management, liquid-conditioning, aetds, session-330, idempotency:ifc-ctp-liquid-330 |
| IFC-REQ-030 | The interface between the Sample Receiving Bay and the Dose Rate and Contamination Screening Station SHALL transfer sample containers via a pass-through hatch with interlocked doors, with each container accompanied by a physical transfer slip recording sender identity, sample origin, and declared isotopes, and the hatch SHALL be sized to accommodate containers up to 500 mm diameter and 800 mm height including shielded transport pigs. Rationale: The pass-through hatch maintains the C2/C3 containment boundary while enabling sample transfer. Physical transfer slips provide backup chain-of-custody when electronic systems are unavailable. Container sizing is based on the largest transport pig used for reactor coolant samples at UK naval dockyards. | Test | interface, sample-receipt, session-331, idempotency:ifc-recv-screen-331 |
| IFC-REQ-031 | The interface between the Dose Rate and Contamination Screening Station and the Sample Preparation Laboratory SHALL communicate sample handling category (contact-handled or remote-handled), measured dose rate, and contamination screening results electronically to the Sample Registration System within 30 seconds of measurement completion, and SHALL physically route contact-handled samples via a direct transfer corridor and remote-handled samples via a shielded transfer route with manipulator access. Rationale: Dual routing based on activity level is a fundamental ALARP measure — contact-handled samples can be processed at open bench workstations while remote-handled samples require shielded fume cupboards or glove boxes. Electronic data transfer ensures screening results are captured in the sample record before preparation begins, preventing preparation without characterisation. | Test | interface, sample-receipt, session-331, idempotency:ifc-screen-prep-331 |
| IFC-REQ-032 | The interface between the Sample Registration and Chain-of-Custody System and the Laboratory Information Management System SHALL transmit sample registration records including unique identifier, origin, requested analyses, handling category, and screening results via a secure authenticated API, with message queuing to buffer transmissions during LIMS unavailability and automatic resynchronisation within 15 minutes of LIMS recovery. Rationale: The Registration System must operate independently of LIMS to prevent sample receipt being blocked by LIMS outage. Message queuing with guaranteed delivery ensures no registration data is lost. The 15-minute resynchronisation window ensures LIMS work orders are generated promptly after recovery, maintaining laboratory throughput. | Demonstration | interface, sample-receipt, session-331, idempotency:ifc-reg-lims-331 |
| IFC-REQ-033 | The interface between the Acid Digestion and Dissolution Station and the Actinide Separation Chemistry Station SHALL transfer dissolved sample aliquots in capped PTFE or borosilicate glass vials labelled with sample ID barcode, with a maximum transfer volume of 100 mL per aliquot, and the transferred solution SHALL be in a 2-8 M HNO3 matrix compatible with direct loading onto TEVA/TRU extraction chromatography columns without further matrix adjustment. Rationale: Standardising the dissolution matrix to 2-8 M HNO3 eliminates a manual acid adjustment step before column loading, reducing both operator dose and the risk of cross-contamination from additional reagent additions. TEVA and TRU resins require nitric acid feed at this molarity range for quantitative actinide uptake. PTFE vials prevent HF etching of glass that would release interfering elements. | Test | interface, radchem-sep, session-331, idempotency:ifc-acid-actinide-331 |
| IFC-REQ-034 | The interface between the Actinide Separation Chemistry Station and the Alpha Spectrometry Laboratory SHALL deliver purified actinide fractions electrodeposited onto 25 mm diameter polished stainless steel discs, with a maximum deposited mass of 100 micrograms per disc to maintain alpha spectral resolution, and each disc SHALL be labelled with sample ID, fraction identity (Pu, Am/Cm, U), and electrodeposition date. Rationale: Electrodeposition onto thin-layer stainless steel discs is the standard source preparation for alpha spectrometry. The 100 microgram mass limit prevents self-absorption degradation of alpha peak resolution — thicker deposits broaden peaks below the 40 keV FWHM required to resolve Pu-238 from Pu-239/240. This interface is the hand-off from wet chemistry to counting and defines the source quality that drives measurement performance. | Inspection | interface, radchem-sep, session-331, idempotency:ifc-actinide-alpha-331 |
| IFC-REQ-035 | The interface between the Separations Waste Segregation Point and the Radioactive Waste Management Facility SHALL segregate waste into at least four streams: aqueous radioactive liquids routed via active drain (pH 1-13, max 1E6 Bq/L alpha), organic solvent waste collected in 5-litre containers with flash point and activity labelling, compactible dry active waste in 60-litre bags, and non-compactible items in dedicated bins, with each waste container identified by barcode linking to the originating sample work order. Rationale: Waste segregation at source is mandatory under the UK waste hierarchy and prevents downstream processing problems — mixing organic solvents with aqueous waste produces flammable mixtures in the effluent treatment plant, and unsegregated alpha-bearing waste contaminates low-level waste streams causing reclassification as ILW. Traceability to originating sample work order is required for nuclear material accountancy of fissile material in waste. | Inspection | interface, radchem-sep, session-331, idempotency:ifc-waste-seg-rwm-331 |
| IFC-REQ-036 | The interface between the HPGe Detector Array and the Digital MCA and Signal Processing System SHALL carry charge-sensitive preamplifier output pulses via RG-62 coaxial cable with BNC connectors, with signal amplitude range 0 to 10 V, rise time of less than 100 ns, and maximum cable length of 15 m to limit noise pickup in the nuclear-licensed facility environment. Rationale: Coaxial cable length and type determine signal-to-noise ratio at the MCA input. 15 m maximum allows placement of MCA electronics outside the counting room to reduce electronic noise contribution to background. BNC standardises connector interface across detector vendors. | Test | interface, gamma-spectrometry, session-333, idempotency:ifc-hpge-mca-signal-333 |
| IFC-REQ-037 | The interface between the Digital MCA and Signal Processing System and the Gamma Spectroscopy Analysis and QA Workstation SHALL transfer spectral data via dedicated Gigabit Ethernet on a physically isolated VLAN, using the vendor spectroscopy protocol, with maximum spectral transfer latency of 2 seconds for a 16384-channel spectrum. Rationale: Physical VLAN isolation prevents general network traffic from disrupting acquisitions during long counting periods. 2-second transfer latency is needed to support automated sequential sample counting without operator intervention. | Test | interface, gamma-spectrometry, session-333, idempotency:ifc-mca-analysis-network-333 |
| IFC-REQ-038 | The interface between the Gamma Spectroscopy Analysis and QA Workstation and the Laboratory Information Management System SHALL transmit analysis results in a structured format including nuclide identity, activity concentration, combined uncertainty at k equals 2, MDA, counting parameters, and QC status, with results posted automatically upon analyst approval. Rationale: Automated result transfer eliminates transcription errors which are the largest source of non-measurement errors in accredited nuclear laboratories. Structured format enables LIMS to perform automated regulatory limit checking before results release. | Demonstration | interface, gamma-spectrometry, session-333, idempotency:ifc-analysis-lims-results-333 |
| IFC-REQ-039 | The interface between the Electrodeposition and Source Preparation Station and the Alpha Detector Chamber Array SHALL use standard 25 mm diameter stainless steel planchets loaded into spring-clip sample holders compatible with the vacuum chamber sample tray, with each planchet uniquely identified by engraved number cross-referenced to the chain-of-custody system. Rationale: Standardised planchet geometry ensures reproducible source-detector distance and counting geometry across all 8 chambers. Engraved identification prevents sample mix-up which would invalidate nuclear material accountancy records. | Inspection | interface, alpha-spectrometry, session-333, idempotency:ifc-electrodep-detector-333 |
| IFC-REQ-040 | The interface between the Alpha Detector Chamber Array and the Alpha MCA and Spectral Processing Unit SHALL carry PIPS detector bias voltage (0 to 100 V) and preamplifier output pulses via multipin vacuum feedthrough connectors, with each chamber providing a vacuum status signal (good or bad) that enables or inhibits MCA acquisition for that channel. Rationale: Vacuum interlock prevents acquisition of degraded spectra that would waste counting time and potentially generate misleading results. The multipin feedthrough maintains vacuum integrity while passing electrical signals. | Test | interface, alpha-spectrometry, session-333, idempotency:ifc-alpha-detector-mca-333 |
| IFC-REQ-041 | The interface between Radiochemical Separations Laboratory and LSC Sample Preparation Station SHALL transfer purified H-3 fractions as aqueous distillate in sealed 20 mL HDPE vials with chain-of-custody labels, and C-14 fractions as benzene or aqueous solution in sealed glass vials, with transfer batch documentation recording fraction identity, source sample ref, separation date, expected activity range, and any chemical interferents. Rationale: Physical and chemical form of separated fractions determines cocktail compatibility and quench behaviour. H-3 as aqueous distillate is standard for direct cocktail mixing. C-14 may arrive as benzene (from benzene synthesis) or aqueous (from wet oxidation), requiring different cocktail types. Sealed vials prevent tritiated water vapour loss (H-3 has high vapour pressure). Documentation enables sample traceability and alerts operators to high-activity samples requiring dilution. | Test | interface, liquid-scintillation, session-334, idempotency:ifc-sep-lsc-prep-334 |
| IFC-REQ-042 | The interface between LSC Sample Preparation Station and Liquid Scintillation Counter Array SHALL deliver prepared counting vials in standard 20 mL polyethylene or low-potassium glass vials compatible with the counter sample changer, with each vial barcode-labelled linking to the LIMS work order, and loaded into counting cassettes in the sequence defined by the counting protocol (standards, blanks, samples, spikes). Rationale: Vial type affects counting geometry and background. Polyethylene vials have lower background than glass but higher permeability. The counter sample changer requires standard 20 mL vial geometry. Barcode labelling enables automatic protocol assignment and result association. Counting sequence (standard-blank-sample-spike) is essential for QA/QC batch validation per ISO 17025. | Test | interface, liquid-scintillation, session-334, idempotency:ifc-lsc-prep-counter-334 |
| IFC-REQ-043 | The interface between Liquid Scintillation Counter Array and LSC Data Analysis and QA Workstation SHALL transfer raw spectral data in vendor-compatible format over Ethernet TCP/IP at completion of each counting cycle, including full pulse height spectrum (0-2000 keV equivalent), tSIE quench indicator, total and windowed count rates, PSA histogram, counting time, and instrument status flags. Rationale: Full spectral data transfer enables offline re-analysis with different windows or quench correction methods. The tSIE quench indicator is required for external standard quench correction curve application. PSA histograms enable QA verification of alpha/beta separation quality. Instrument status flags alert to anomalies (power interruptions, temperature excursions, detector malfunction). Ethernet TCP/IP is standard for modern LSC-to-workstation communication. | Test | interface, liquid-scintillation, session-334, idempotency:ifc-lsc-counter-analysis-334 |
| IFC-REQ-044 | The interface between LSC Data Analysis and QA Workstation and Laboratory Information Management System SHALL transfer validated analysis results including nuclide activity concentration, combined standard uncertainty, expanded uncertainty at k=2, MDA, QC batch acceptance status, and analysis certificate reference, via authenticated API or file transfer with data integrity verification, within 30 minutes of batch QA approval. Rationale: LIMS is the system of record for all analytical results. Automated transfer eliminates transcription errors (a key concern in regulated nuclear analysis). The 30-minute transfer target supports same-day reporting for urgent dockyard operational samples. Data integrity verification prevents corruption during transfer. Authentication prevents unauthorised result modification. All listed data fields are required for EA regulatory reporting and UKAS accreditation records. | Test | interface, liquid-scintillation, session-334, idempotency:ifc-lsc-analysis-lims-334 |
| IFC-REQ-045 | The interface between Radiochemical Separations Laboratory and ICP-MS Sample Introduction System SHALL deliver purified actinide fractions in 15 mL polypropylene centrifuge tubes in 2-5% HNO3 matrix, with fraction identity label, expected concentration range, and carrier chemistry documentation, enabling the autosampler to process fractions without manual matrix adjustment. Rationale: Matrix compatibility between separation chemistry and ICP-MS is critical. The 2-5% HNO3 matrix is standard for ICP-MS analysis; higher acid concentrations cause signal suppression and torch damage. Polypropylene tubes are compatible with the autosampler probe. Concentration range documentation enables method selection (standard vs. dilution protocol) and prevents detector saturation from unexpectedly high-concentration samples. | Test | interface, icp-ms, session-334, idempotency:ifc-sep-icpms-334 |
| IFC-REQ-046 | The interface between ICP-MS Instrument and ICP-MS Data Acquisition and Processing Workstation SHALL transfer raw mass spectral data including counts per second at each measured mass, internal standard signal, analyte-to-internal-standard ratios, and instrument tuning parameters, via vendor data format over Ethernet TCP/IP, with automatic data backup to network storage. Rationale: Complete mass spectral data transfer enables offline re-processing with alternative quantification methods (standard addition vs. external calibration). Internal standard ratios are needed for matrix effect correction. Instrument tuning parameters provide audit trail for method validation. Network backup protects against workstation failure — loss of raw data would require re-analysis of potentially irreplaceable dockyard samples. | Test | interface, icp-ms, session-334, idempotency:ifc-icpms-data-334 |
| IFC-REQ-047 | The interface between LIMS Instrument Interface Module and all analytical instrument workstations SHALL use standardised message formats (HL7 LIS2-A2 or ASTM E1394 for structured results, vendor API where available), with message queuing to buffer results during LIMS maintenance windows and automatic retry with exponential backoff on communication failure, supporting minimum 200 result transactions per hour aggregate throughput. Rationale: Standardised messaging protocols ensure maintainability as instruments are replaced over the laboratory lifecycle (15-20 years). Message queuing prevents result loss during planned LIMS maintenance. The 200 transactions/hour throughput handles peak campaign periods when multiple instruments are running simultaneously. Exponential backoff prevents network flooding during recovery from outage. | Test | interface, lims, session-334, idempotency:ifc-lims-instruments-334 |
| IFC-REQ-048 | The interface between the Building Management System and the Electrical Power Distribution System SHALL provide real-time monitoring of distribution board loads, transformer temperature, and power quality parameters (voltage, frequency, THD) via Modbus TCP at 1-second polling interval, with automatic load shedding commands on transformer overtemperature. Rationale: Transformer overtemperature protection requires fast response to prevent winding damage. 1-second polling enables BMS to detect rising trends and initiate non-essential load shedding before protection relay trip, maintaining supply to essential circuits. | Test | interface, lab-utilities, session-335, idempotency:ifc-bms-epds-335 |
| IFC-REQ-049 | The interface between the Building Management System and the Chilled Water and Heating System SHALL transmit chiller plant status, flow and return temperatures, pump speeds, and valve positions via BACnet/IP, with the BMS providing temperature setpoint control and automatic duty/standby changeover on chiller fault. Rationale: Laboratory temperature stability depends on closed-loop control of chilled and heating water. BACnet/IP is the standard protocol for HVAC plant integration, enabling the BMS to coordinate chiller operation with AHU demand and implement optimal start/stop sequences. | Test | interface, lab-utilities, session-335, idempotency:ifc-bms-chw-335 |
| IFC-REQ-050 | The interface between the Laboratory Gas Supply System and the Fire Detection and Suppression System SHALL receive zone fire alarm signals as volt-free contacts, triggering automatic closure of flammable gas isolation valves within the affected zone. Valve closure status SHALL be reported back to the fire panel within 3 seconds. Rationale: Fire safety case requires confirmed gas isolation as part of the fire response strategy. Volt-free contacts provide electrical isolation between safety-classified fire system and utility gas controls. 3-second feedback confirms isolation before fire suppression activation in gas-supplied areas. | Test | interface, lab-utilities, session-335, idempotency:ifc-gas-fire-335 |
| IFC-REQ-051 | The interface between the Chilled Water and Heating System and the Supply Air Handling Unit SHALL provide chilled water at 6 plus or minus 0.5 degrees C flow temperature and LTHW at 82 plus or minus 2 degrees C to AHU cooling and heating coils respectively, with two-port control valves modulated by the BMS to maintain supply air temperature setpoint. Rationale: The AHU conditions fresh supply air before delivery to laboratories. Temperature tolerance on chilled water flow directly impacts achievable supply air dewpoint and dehumidification capacity. The ventilation system depression cascade cannot function correctly if supply air temperature is uncontrolled. | Test | interface, lab-utilities, session-335, idempotency:ifc-chw-ahu-335 |
| IFC-REQ-052 | The interface between the Physical Security and Access Control System and the Health Physics Central Alarm and Display System SHALL exchange access zone occupancy data so that HP monitoring knows which personnel are present in each radiological zone, enabling dose tracking per individual and supporting emergency muster accountability. Rationale: Regulation 19 of IRR 2017 requires employers to investigate doses that may exceed dose limits. Correlating zone occupancy with area dose rates enables real-time estimated dose calculation. Emergency muster requires knowing who is in controlled areas at the time of an incident. | Test | interface, lab-utilities, session-335, idempotency:ifc-security-hp-335 |
| IFC-REQ-053 | The interface between the Deionised Water Treatment and Distribution System and the Acid Digestion and Dissolution Station SHALL deliver DI water at point-of-use dispensers with a maximum delivery distance of 3 metres from the treatment polishing cartridge, maintaining resistivity above 18.0 megaohm-cm at the dispenser outlet. Rationale: Ultra-pure water resistivity degrades with pipe length due to CO2 absorption and material leaching. 3-metre maximum distance from final polishing ensures point-of-use quality meets ASTM D1193 Type I without additional treatment. Critical for acid digestion blanks in trace analysis. | Test | interface, lab-utilities, session-335, idempotency:ifc-diw-digestion-335 |
| IFC-REQ-054 | The interface between the Electrical Power Distribution System and the Emergency Power System SHALL provide automatic changeover via a motorised changeover switch that detects normal supply failure (voltage below 85 percent of nominal for more than 500ms) and transfers essential loads to the emergency generator within 15 seconds of generator reaching rated voltage and frequency. Rationale: 15-second transfer time is derived from the UPS autonomy margin: essential loads on UPS bridge the gap during generator start (typically 8-10 seconds to reach rated speed). The 500ms detection delay prevents nuisance transfers on voltage transients while ensuring genuine failures trigger changeover before UPS battery depletion. | Test | interface, lab-utilities, session-335, idempotency:ifc-power-emergency-335 |
| IFC-REQ-055 | The interface between the Building Management System and the Safety Interlock and Trip System SHALL be implemented as a unidirectional data diode or hardware-enforced one-way gateway permitting status data transfer from the safety system to the BMS for display purposes only, with no data path from the BMS network to the safety system logic solver. Rationale: The BMS is a general-purpose SCADA system connected to multiple building services networks and potentially to wider site networks. The Safety Interlock and Trip System is a SIL-rated safety system whose integrity must be protected from cyber threats and accidental corruption. A unidirectional gateway per IEC 62443 zone and conduit model ensures that compromise of the BMS cannot affect safety system operation. This is consistent with ONR guidance on independence of safety-related and non-safety systems. | Test | interface, cybersecurity, safety, validation, session-337 |
| Ref | Requirement | V&V | Tags |
|---|---|---|---|
| ARC-REQ-001 | ARC: Active Ventilation and Containment System — Twin-bank HEPA with safe-change housings and depression cascade architecture selected over single-bank filtration or positive-pressure glovebox approach. The twin-bank arrangement satisfies defence-in-depth requirements under Nuclear Site Licence Condition 28 (regular and systematic review) by ensuring that a single filter failure or breach does not result in uncontrolled release. Depression cascade (negative pressure increasing toward highest activity zones) was chosen over local containment-only because the laboratory handles diverse alpha-emitting materials across multiple workstations — centralised extract through a cascade provides whole-building containment assurance rather than relying on individual device integrity. Seven-component decomposition: Supply AHU, Extract Fan System, HEPA Filtration Assembly, Depression Cascade Control System, Stack Monitoring and Discharge System, Fume Cupboard and Glove Box Extract Network, and Standby Ventilation and Emergency Isolation System. The control system uses 1oo2D PLC architecture because cascade control is a safety function (SIL 2) — loss of depression cascade during alpha handling could result in personnel inhalation doses exceeding 20 mSv. Rationale: Documents the key design trade-offs for the primary engineered safety barrier. Twin-bank HEPA and depression cascade are standard nuclear practice (IAEA Safety Guide RS-G-1.7, ONR TAG 049) but the specific rationale for this facility — multiple alpha-handling workstations with varying activity levels — justifies recording the engineering judgement. | Analysis | architecture, ventilation, session-326 |
| ARC-REQ-003 | ARC: Radiation Protection and Health Physics Monitoring System — Centralised star topology with dedicated HP Central Alarm and Display System as single aggregation point for all monitoring instruments. Chose centralised SCADA-grade architecture over distributed peer-to-peer because: (a) ONR SAP EKP.3 requires demonstrable single-point alarm awareness for the Radiation Protection Supervisor; (b) SIL 1 alarm function classification per IEC 61508 requires defined reliability architecture with known common-cause failure modes; (c) 10-year historian with statutory returns generation requires single database rather than federated stores. Dual-server active-standby with 4-hour UPS eliminates single points of failure at the aggregation layer while maintaining the simplicity advantage of star topology. Component-level instruments retain local alarm capability as defence-in-depth — loss of central system degrades trending and recording but does not eliminate local audible/visual warnings. Rationale: Nuclear site licence condition 26 (control and supervision of operations) and ONR SAP EKP.3 (single competent person awareness) mandate centralised visibility of all radiation monitoring. Star topology with local alarm fallback satisfies both the centralisation requirement and the defence-in-depth principle. | Analysis | architecture, radiation-protection, session-327 |
| ARC-REQ-004 | ARC: Radiation Protection and HP Monitoring — Centralised star topology with HP Central Alarm and Display as single aggregation point. Chose centralised SCADA over distributed peer-to-peer because ONR SAP EKP.3 requires single-point alarm awareness for RPS, SIL 1 alarm classification requires defined reliability architecture, and statutory returns need single historian. Dual-server active-standby with 4-hour UPS at aggregation layer. Instruments retain local alarm as defence-in-depth. Rationale: LC26 and ONR SAP EKP.3 mandate centralised radiation monitoring visibility. Star topology with local alarm fallback satisfies centralisation and defence-in-depth. | Analysis | architecture, radiation-protection, session-327 |
| ARC-REQ-005 | ARC: Active Effluent Treatment and Discharge System — Batch-mode processing with four delay tanks in a fill-sample-hold-discharge cycle, rather than continuous flow-through treatment. This topology ensures every batch is characterised before discharge, satisfying Environment Agency permit conditions requiring pre-discharge analysis. Chemical treatment (floc co-precipitation + ion exchange) was chosen over evaporation due to lower capital cost and simpler ILW sludge management, accepting higher per-batch reagent costs. The Discharge Monitoring and Control System is designated SIL 2 because an uncontrolled release of above-limit effluent is a credible environmental hazard, and the single discharge point allows a simple fail-safe isolation architecture. Rationale: Batch processing provides a hold point for regulatory compliance that continuous systems cannot. SIL 2 assignment follows IEC 61511 risk graph for environmental consequence category. | Analysis | architecture, aetds, session-328 |
| ARC-REQ-006 | ARC: Facility Safety and Emergency Response System — Six-component architecture separating criticality warning, fire detection, safety interlocks, emergency communications, emergency power, and spill containment into independent subsystems with dedicated power paths. The criticality warning and safety interlock systems are hardwired (relay-based) rather than PLC-based, ensuring deterministic response times and immunity to common-cause software failures. The emergency power system uses a three-tier architecture (UPS, diesel, dockyard ring main) because loss of safety monitoring power in a facility handling submarine-origin fissile materials would create an unacceptable criticality risk gap. Fire suppression uses zone-differentiated media (water mist vs IG-541 inert gas) because water application in alpha-contaminated areas would spread plutonium contamination, converting a fire event into a combined fire-contamination incident. Rationale: Architecture driven by ONR SAPs (EHA.7 fire, ECS.3 criticality), IEC 61508/61511 safety integrity requirements, and the specific hazard profile of a nuclear dockyard radiochemistry laboratory handling Pu-239 and U-235. Independence between subsystems prevents common-cause failure cascading across safety functions. | Analysis | architecture, safety, session-329 |
| ARC-REQ-008 | ARC: Radioactive Waste Management Facility — Separated solid and liquid waste streams with centralised records. The decomposition separates characterization from packaging because waste categorisation (VLLW/LLW/ILW) must be completed and recorded BEFORE packaging decisions are made — mixing these functions would create a single point of failure in the waste acceptance criteria compliance chain. Liquid waste conditioning is isolated because alpha-bearing liquors require shielded cementation in a different containment zone from dry solid waste handling. The Interim Waste Store is a distinct component rather than an extension of the packaging area because criticality-safe storage geometry, environmental monitoring, and multi-decade package surveillance require dedicated infrastructure and separate safety case arguments. The Waste Records and Consignment System is centralised across all waste streams to ensure a single authoritative nuclear material accountancy record, avoiding reconciliation errors between parallel databases. Rationale: Nuclear waste management at a dockyard radiochemistry lab must comply with Environmental Permitting Regulations, Radioactive Substances Regulation, and ONR Licence Conditions (LC32 accumulation, LC33 disposal). The separation of characterization, conditioning, packaging, storage, and records reflects regulatory requirements for independent verification at each stage of the waste lifecycle, and the need for separate safety case arguments for storage criticality and liquid waste immobilisation. | Analysis | architecture, waste-management, session-330 |
| ARC-REQ-009 | ARC: Sample Receipt — Linear workflow with screening gate. Samples follow a strict one-way path: Receiving Bay to Screening to Registration to Preparation to Storage/Analysis. The screening station is placed BEFORE registration to prevent uncharacterised high-activity samples from entering the preparation lab. Alternative considered: parallel screening and registration — rejected because dose rate category determines required handling procedures and must be known before LIMS work order generation. The chain-of-custody system is logically separate from LIMS to allow standalone operation if LIMS is unavailable, with batch synchronisation when connectivity is restored. Rationale: Architectural rationale for the sequential screening-first workflow in the Sample Receipt facility. | Analysis | architecture, sample-receipt, session-331 |
| ARC-REQ-010 | ARC: Radiochemical Separations Laboratory — Analyte-driven workflow topology. The laboratory is organised by analyte group rather than by technique, with dedicated stations for actinides, fission products (Sr/Cs), and volatile radionuclides (H-3/C-14). This topology minimises cross-contamination between high-alpha actinide work and low-activity fission product separations, and allows independent ventilation risk assessment per station. Alternative considered: technique-based layout (all precipitation in one area, all chromatography in another) — rejected because different analyte groups require different containment levels and waste streams, and mixing actinide and fission product work at shared stations creates unacceptable cross-contamination risk for low-level measurements. Rationale: Records the fundamental architectural choice of analyte-group organisation for the separations laboratory. | Analysis | architecture, radchem-sep, session-331 |
| ARC-REQ-011 | ARC: Gamma Spectrometry Suite — Electric cryocoolers selected over LN2 dewars despite higher unit cost and slightly higher microphonic noise floor. LN2 handling in a nuclear-licensed facility introduces manual handling risks, supply chain dependency, and oxygen displacement hazards in confined counting rooms. Cryocoolers eliminate liquid cryogen inventory, reduce operator dose from routine dewar filling near active samples, and enable unattended 24/7 operation essential for high-throughput submarine refit sample campaigns. Vibration isolation mounts and digital signal processing with anti-microphonic filtering mitigate the noise penalty to <0.1 keV degradation at 1332 keV. Rationale: Nuclear safety and operational availability drove the LN2 elimination decision. Dewar filling near active samples was the highest routine dose contributor in legacy gamma spec labs. Electric cryocoolers with vibration isolation achieve comparable spectral performance while eliminating cryogen logistics. | Analysis | architecture, gamma-spectrometry, session-333 |
| ARC-REQ-013 | ARC: Alpha Spectrometry Laboratory — Dual source preparation methods retained (electrodeposition and NdF3 microprecipitation) despite duplication of equipment and training burden. Electrodeposition produces higher-quality thin sources (better resolution, lower self-absorption) essential for resolving Pu-238/Am-241 peak overlap and U-234/U-235 separation. NdF3 microprecipitation provides a rapid 30-minute preparation for urgent submarine defuelling samples where 90-minute electrodeposition turnaround is unacceptable. Retaining both methods provides operational resilience and covers the full range of analytical urgency encountered in dockyard operations. Rationale: Single-method labs are vulnerable to method failure halting all alpha analysis. The dockyard has routine and urgent analysis streams requiring different source preparation turnaround times. Cost of maintaining dual capability is offset by avoiding analytical delays during submarine refit critical path. | Analysis | architecture, alpha-spectrometry, session-333 |
| ARC-REQ-014 | ARC: Liquid Scintillation Counting Facility — Ultra-low-background counter selection with pulse shape analysis alpha/beta discrimination chosen over gas proportional counting. Justification: LS counting provides superior sensitivity for H-3 (18.6 keV beta max) with lower minimum detectable activity, handles aqueous reactor coolant matrices directly after distillation, and modern PSA achieves alpha rejection factors exceeding 99.95%. Gas proportional counting was rejected due to higher background rates, requirement for thin-source preparation, and poorer H-3 sensitivity. Dual-counter configuration selected for redundancy and throughput during high-activity dockyard campaigns. Rationale: Counter technology selection drives detection limits, sample throughput, and operating costs. Ultra-low-background LSC with PSA is the current industry standard for environmental H-3 and C-14 at nuclear sites per EA RIFE methodology. | Analysis | architecture, liquid-scintillation, session-334 |
| ARC-REQ-015 | ARC: ICP-MS and Elemental Analysis Suite — Quadrupole ICP-MS with collision/reaction cell (CRC) selected over sector-field (SF-ICP-MS) for routine actinide analysis. While SF-ICP-MS offers superior abundance sensitivity for U-236/U-238 and Pu-240/Pu-239 measurements, the CRC quadrupole handles routine Tc-99, Np-237, and total actinide screening at sufficient sensitivity (sub-pg/L) at approximately one-third the capital and maintenance cost. Helium KED mode resolves ArCa+ on Sr-80 and UH+ on Pu-239 interferences adequately for regulatory compliance measurements. SF-ICP-MS capability can be procured as a service for isotope dilution measurements requiring abundance sensitivity exceeding 1E7. Rationale: Technology selection drives capital cost, maintenance burden, and analytical capability. The CRC quadrupole meets EA environmental monitoring requirements for Tc-99 at 0.05 Bq/L MDA while costing significantly less than sector-field instrumentation. This is a proportionate choice for a dockyard lab that primarily needs screening and confirmation rather than research-grade isotope ratios. | Analysis | architecture, icp-ms, session-334 |
| ARC-REQ-016 | ARC: Laboratory Information Management System — Centralised LIMS with instrument interface middleware selected over distributed spreadsheet-based tracking. The LIMS provides single source of truth for sample chain-of-custody, eliminates transcription errors in result reporting, enables automated regulatory discharge calculations, and satisfies ONR SYAPS requirements for software used in nuclear safety-related measurement. Active-passive database failover selected over active-active clustering to reduce complexity while meeting 99.5% availability target. Rationale: A nuclear dockyard radiochemistry laboratory handling thousands of samples annually requires automated data management to prevent transcription errors that could affect discharge compliance reporting. UKAS accreditation (ISO 17025) mandates traceable data management. ONR expects LIMS for nuclear site laboratories. The failover architecture trades maximum availability for operational simplicity appropriate to a laboratory (not a real-time control system). | Analysis | architecture, lims, session-334 |
| ARC-REQ-017 | ARC: Laboratory Utilities and Building Services — decomposed into six components: Electrical Power Distribution, Laboratory Gas Supply, DI Water, BMS, Physical Security, and Chilled Water/Heating. The BMS acts as the central supervisory node, monitoring all other utility components. Power distribution is separated from the Emergency Power System (under Facility Safety) because normal supply reliability requirements differ from safety-classified emergency supply — normal distribution is availability-driven (99.5% uptime), while emergency power is safety-integrity-driven (SIL 2). Physical Security is placed here rather than under Safety because NISR compliance is an access governance concern, not a process safety function. Gas supply is centralised rather than per-laboratory to enable bulk storage, manifold changeover, and consistent pressure regulation, reducing per-instrument gas handling complexity. Rationale: Separation of normal utilities from safety systems follows ONR Safety Assessment Principles expectation that safety-classified systems remain independent of general building services. BMS centralisation enables single-point monitoring required by nuclear site licence conditions for environmental compliance reporting. | Inspection | architecture, lab-utilities, session-335 |
| Ref | Requirement | V&V | Tags |
|---|---|---|---|
| VER-060 | Verify SUB-REQ-032: Install a calibrated Cf-252 neutron source at maximum credible distance from each detector. Confirm detection within 1 ms using high-speed data acquisition. Verify 2oo3 coincidence by masking one channel at a time and confirming alarm with 2 remaining channels. Repeat for all monitored zones. Rationale: Criticality detection is the highest-consequence safety function requiring physical neutron source demonstration before commissioning per ONR guidance. | Test | |
| VER-065 | Verify SUB-REQ-036: Load test masses incrementally to 80 percent of single-contingency limit at each workstation. Confirm automatic process isolation triggers. Verify gamma activity monitor trip with calibrated Cs-137 source. Confirm hardwired relay trip logic independent of PLC by disconnecting PLC and re-testing. Review FMEDA and diagnostic coverage per IEC 61511-1 Clause 11. Rationale: SIL 3 safety function demands proof test and FMEDA evidence that PFDavg meets target per IEC 61511. | Test | |
| VER-066 | Verify SUB-REQ-037: Inject simulated trip signals into each voting channel in 2oo3 combinations. Measure trip time from injection to relay closure using oscilloscope. Confirm within 500 ms. Verify channel power independence by removing UPS feed to each channel sequentially. Rationale: 500 ms trip time and independent UPS paths must be demonstrated under fault conditions per LC28 defence-in-depth. | Test | |
| VER-067 | Verify SUB-REQ-010: Challenge each CAM station with NIST-traceable Pu-239 check source at 0.2 DAC-hours equivalent. Record alarm latency. Run 1000-hour reliability trial to verify false alarm rate does not exceed 1 per 1000 hours per monitor. Rationale: CAM sensitivity at 0.2 DAC-hours is the primary protection against plutonium inhalation; false alarm rate governs operational confidence. | Test | |
| VER-068 | Verify SUB-REQ-038: Simulate mains power failure and confirm automatic UPS takeover to criticality detectors, fire panels, safety interlocks, and radiation monitors. Conduct 30-minute full-load and 4-hour reduced-load battery discharge tests. Measure load and voltage at each critical bus during transition. Rationale: Emergency power continuity must be proven before commissioning; battery autonomy times drive evacuation and diesel start-up windows. | Test | |
| VER-REQ-001 | Verify IFC-REQ-001: Inspect extract ductwork material certificates (316L stainless steel), pressure test ductwork assembly at minus 3 kPa for 30 minutes with less than 0.5 percent pressure decay, and verify fan-downstream-of-filters arrangement by ductwork isometric review. Pass criteria: material certificates confirm 316L, pressure test holds, fan is downstream of both HEPA banks. Rationale: Ductwork integrity and material are most efficiently verified by inspection and pressure test during construction, before radioactive commissioning precludes access. | Inspection | verification, ventilation, session-326 |
| VER-REQ-002 | Verify IFC-REQ-002: Inject step setpoint changes from cascade controller to fan VSD and measure response. Pass criteria: fan speed tracks setpoint within 2 percent, status feedback updates within 500 ms, fault condition correctly reported within 1 second of simulated fault injection. Rationale: Functional integration test during commissioning validates the control loop timing that underpins the 2-second cascade response requirement. | Test | verification, ventilation, session-326 |
| VER-REQ-003 | Verify IFC-REQ-003: Commission extract manifold with all fume cupboards at maximum sash opening and all glove boxes at operating pressure. Measure total manifold flow using traverse pitot measurement at manifold entry. Pass criteria: total flow not less than 12000 m3/h, manifold static pressure not less negative than minus 500 Pa. Rationale: Full-load commissioning test validates manifold sizing under worst-case simultaneous demand from all containment devices. | Test | verification, ventilation, session-326 |
| VER-REQ-004 | Verify IFC-REQ-004: Inspect as-built ductwork drawings and measure straight-run distances upstream and downstream of sampling point. Pass criteria: not less than 8 diameters downstream of last disturbance, not less than 2 diameters upstream of stack exit, isokinetic nozzle aligned with duct axis within 5 degrees. Rationale: Physical measurement of straight-run distances confirms ISO 2889 compliance. This is a construction verification that cannot be repeated after active commissioning. | Inspection | verification, ventilation, session-326 |
| VER-REQ-005 | Verify IFC-REQ-006: With cascade PLC in simulated failure state, activate fire damper closure and smoke extract mode via hardwired safety relays. Pass criteria: fire dampers close within 10 seconds, smoke extract fan starts within 15 seconds, safety relay circuits maintain function with PLC powered off. Perform SIL 2 proof test per IEC 61511. Rationale: Independence of emergency override from PLC must be demonstrated by testing with PLC in failed state. This validates the common-cause failure defence required for SIL 2. | Test | verification, ventilation, safety, session-326 |
| VER-REQ-006 | Verify end-to-end ventilation containment: Release tracer aerosol (DOP at 0.3 micrometre) inside a C4 glove box and measure tracer concentration at (a) C3 zone boundary, (b) C2 zone boundary, (c) stack discharge point, and (d) external building envelope. Pass criteria: C3 concentration less than 0.01 percent of source, C2 less than 0.0001 percent, stack less than 0.00001 percent (two HEPA banks), external envelope below detection limit. Depression cascade maintained throughout test. Rationale: End-to-end tracer test validates the complete containment chain from primary containment device through extract ductwork, both HEPA banks, and stack discharge. This is the definitive active commissioning test confirming that the ventilation system performs its safety function as an integrated whole, not just at component level. | Test | verification, ventilation, integration, session-326 |
| VER-REQ-007 | Verify IFC-REQ-007: Connect each CAM station to HP Central via RS-485 Modbus RTU bus. Confirm polling interval is 5 seconds or less by monitoring bus traffic with protocol analyser. Inject simulated DAC-fraction readings at 0.5, 1.0, and 3.0 DAC and verify correct display on HP Central mimic within 5 seconds. Confirm all data fields (DAC-fraction, alarm state, instrument status, filter accumulation) are transmitted and recorded. Pass criteria: all data fields present, polling interval within spec, end-to-end latency under 5 seconds. Rationale: Integration test verifying the primary data path from distributed CAMs to central display. Tests both routine data and alarm state propagation. | Test | verification, radiation-protection, cam-network, hp-central, session-327 |
| VER-REQ-008 | Verify IFC-REQ-008: For each area gamma monitor, verify 4-20mA analogue output is proportional to log dose rate by injecting known Cs-137 fields at 1, 10, and 100 microSv/h and measuring analogue signal. Simultaneously verify Modbus TCP/IP digital path delivers dose rate, H*(10), cumulative dose, and health status at 10-second intervals. Disable digital path and confirm analogue alarm relay still activates at threshold. Pass criteria: analogue linearity within 5 percent, digital data complete at 10-second intervals, alarm functions on analogue path alone. Rationale: Diversity test confirming both data paths function independently. The analogue path independence test is critical because it is the SIL 1 safety function path. | Test | verification, radiation-protection, gamma-array, hp-central, session-327 |
| VER-REQ-009 | Verify IFC-REQ-009: Perform contamination measurement on each HFC monitor and portal monitor. Capture network traffic and confirm measurement results (pass/fail, alpha Bq/cm2, beta-gamma Bq/cm2, timestamp, monitor ID) arrive at HP Central within 2 seconds of measurement completion. Repeat for alarm condition. Pass criteria: all data fields present, latency under 2 seconds for 95th percentile across 20 measurements per monitor. Rationale: Verifies real-time contamination data path including latency under operational conditions. Statistical approach (95th percentile) accounts for network variability. | Test | verification, radiation-protection, contamination, hp-central, session-327 |
| VER-REQ-010 | Verify IFC-REQ-010: Issue EPDs to 5 test personnel, enter controlled area, and confirm OPC-UA data (dose rate, integrated dose, constraint percentage, personnel ID) appears on HP Central at 60-second intervals. Trigger EPD dose alarm and verify immediate event notification arrives at HP Central within 5 seconds. Pass criteria: routine data at 60-second intervals with no gaps over 1-hour test, alarm notification within 5 seconds. Rationale: End-to-end test of dosimetry-to-central interface under realistic conditions with multiple simultaneous EPDs. Alarm notification timing is critical for RPS situational awareness. | Test | verification, radiation-protection, dosimetry, hp-central, session-327 |
| VER-REQ-011 | Verify IFC-REQ-012: Inject simulated evacuation-level radiation alarm at each CAM and area gamma monitor in turn. Verify hardwired relay contact closure at HP Central within 1 second, and confirm facility evacuation alarm activation within 1 second of relay closure (2 seconds total from radiation alarm). Test with digital network disabled to confirm relay path is independent. Pass criteria: relay closure within 1 second for all monitors, evacuation alarm within 2 seconds total, function maintained with network disabled. Rationale: This is the most safety-critical interface in the RP subsystem. The test must demonstrate deterministic hardwired operation independent of digital infrastructure. Network-disabled test proves the safety function does not rely on software. | Test | verification, radiation-protection, hp-central, facility-safety, session-327 |
| VER-REQ-012 | Verify end-to-end radiation protection chain: Release a known-activity Tc-99m aerosol source (1 MBq) inside a fume cupboard in the Radiochemical Separations Laboratory. Verify the sequence: CAM detects airborne contamination and alarms at investigation level within 30 seconds, HP Central displays the alarm and identifies the zone within 5 seconds, area gamma monitors in adjacent zones show no increase (confirming containment), and personnel EPDs in the zone record no significant dose increase (confirming ventilation effectiveness). Pass criteria: complete detection-to-display chain within 35 seconds, no contamination spread beyond source zone, full data chain recorded in historian. Rationale: End-to-end system integration test exercising the complete detection-alarm-display chain under realistic conditions. Uses Tc-99m (6-hour half-life) for safe aerosol release testing. Tests both the RP subsystem's detection function and its integration with the ventilation containment system. This is the definitive acceptance test for the radiation protection safety function. | Demonstration | verification, radiation-protection, system-integration, session-327 |
| VER-REQ-013 | Verify IFC-REQ-013: Using inactive simulant at maximum flow rate, confirm gravity and pump transfer through 50mm bore pipework to each delay tank. Verify flow totalisation accuracy within ±2% against calibrated reference. Confirm isolation valve operation at each tank inlet. Pass criteria: flow rate sustains 20 L/min, totaliser agrees with reference within ±2%, each valve closes within 10 seconds. Rationale: Integration test at the drain-to-tank boundary using inactive simulant to verify hydraulic performance before active commissioning. | Test | verification, aetds, session-328 |
| VER-REQ-014 | Verify IFC-REQ-014: With tanks filled with traced simulant, execute 5-minute purge cycle then draw triplicate samples from each tank. Analyse samples against known tank concentration. Pass criteria: all samples within ±10% of true concentration, no cross-contamination between tank sample lines (absent tracer in adjacent tank samples). Rationale: Validates sample line purge effectiveness and cross-contamination isolation using different tracers per tank. | Test | verification, aetds, session-328 |
| VER-REQ-015 | Verify IFC-REQ-016: Inject calibration sources at 80%, 100%, and 120% of discharge limits into the in-line alpha and beta-gamma monitors during simulated discharge. Verify alarm generation and fail-safe valve closure within 5 seconds at each threshold. Simulate loss of monitoring signal and loss of power — confirm valve closes within 5 seconds in each case. Pass criteria: all alarm setpoints trigger correctly, valve closure time <5 seconds in all failure modes, proportional sampler collects representative composite. Rationale: SIL 2 proof test validating the complete safety function chain from detection through logic to final element. Tests all three trip conditions (high activity, signal loss, power loss). | Test | verification, aetds, safety, session-328 |
| VER-REQ-016 | Verify IFC-REQ-015: Transfer a spiked simulant batch through the Chemical Treatment Plant at minimum and maximum flow rates. Confirm treated effluent is returned to receiving tank and post-treatment sample shows decontamination factors meet SUB-REQ-025 targets. Pass criteria: transfer completes without leak at both flow rates, DF for alpha surrogate exceeds 100, DF for Cs/Sr surrogates exceeds 10. Rationale: End-to-end treatment loop verification using surrogate radionuclides during inactive commissioning. | Test | verification, aetds, session-328 |
| VER-REQ-017 | Verify IFC-REQ-017: Trigger a batch screening measurement and confirm structured data record appears in LIMS within 30 seconds. Verify OPC UA authentication handshake succeeds and data integrity checksum matches. Corrupt a test message in transit and confirm LIMS rejects it. Pass criteria: latency <30 seconds for 100 consecutive measurements, all corrupted messages rejected. Rationale: Validates both the functional data path and the security/integrity mechanisms of the OPC UA interface. | Test | verification, aetds, session-328 |
| VER-REQ-018 | Verify end-to-end AETDS batch cycle: Introduce spiked simulant into the Active Drain Collection Network, confirm collection in delay tank, execute hold period, draw and analyse sample via Batch Sampling Station, transfer through Chemical Treatment Plant if required, obtain discharge authorisation via LIMS, and discharge through the Discharge Monitoring and Control System with continuous monitoring. Pass criteria: full batch cycle completes within 48 hours, all intermediate data records present in LIMS, discharge activity below limits, proportional sample archived. Rationale: System-level integration test exercising the complete effluent management chain from waste generation to authorised discharge. 48-hour target includes 24-hour hold period plus processing time. | Demonstration | verification, aetds, integration, session-328 |
| VER-REQ-019 | Verify IFC-REQ-018: Inspect a filled 200-litre sludge drum from the Chemical Treatment Plant. Confirm dose rate at contact is below 2 mSv/h using calibrated survey meter. Verify waste characterisation record includes activity inventory, chemical composition, and package weight. Confirm drum is compatible with RWMF receipt criteria. Pass criteria: contact dose rate <2 mSv/h, characterisation record complete, drum passes RWMF acceptance checklist. Rationale: Verification of the waste transfer interface by inspection of the physical package and accompanying documentation. | Inspection | verification, aetds, session-328 |
| VER-REQ-020 | Verify IFC-REQ-019: Simulate criticality trip condition at the Criticality Warning System test input. Measure signal propagation latency from CWS relay output to SIT trip receipt using calibrated timing equipment. Verify latency is less than 10 ms across all three voting channels. Verify galvanic isolation by applying 2.5 kV test voltage between circuits for 60 seconds with no breakdown. Pass criteria: all channels below 10 ms latency, zero isolation failures. Rationale: Integration test at system boundaries to verify hardwired interface timing and isolation. | Test | verification, safety, session-329 |
| VER-REQ-021 | Verify IFC-REQ-020: Activate fire detection in a test zone. Measure time from fire confirmation to damper closure command receipt at the Standby Ventilation system. Verify command transmission within 2 seconds. Verify cable integrity by sustained fire test to BS 8519 at 842 degrees C for 120 minutes with circuit continuity maintained. Pass criteria: command latency below 2 seconds, cable circuit integrity maintained for 120 minutes. Rationale: Integration test verifying fire-to-ventilation interface timing and fire survivability of cabling. | Test | verification, fire, session-329 |
| VER-REQ-022 | Verify IFC-REQ-021: Remove primary UPS feed to the Criticality Warning System. Verify automatic changeover to secondary feed occurs within 1 ms using oscilloscope monitoring of the 24 VDC supply rail. Verify full criticality detection load is sustained on single feed. Repeat test removing secondary feed. Pass criteria: changeover time below 1 ms on both feeds, no detector dropout or counting interruption during transfer. Rationale: Power interface test ensuring zero detection gap during UPS feed changeover. | Test | verification, power, session-329 |
| VER-REQ-023 | Verify IFC-REQ-022: Initiate a simulated fire trip from the Safety Interlock system. Verify isolation commands reach the Depression Cascade Controller. Measure containment depression in non-affected zones during partial isolation and verify minimum 10 Pa is maintained. Pass criteria: trip command received, depression in non-affected zones remains above 10 Pa throughout the isolation transient. Rationale: System integration test verifying partial isolation maintains containment where no fire exists. | Test | verification, ventilation, session-329 |
| VER-REQ-024 | Verify IFC-REQ-023: Inspect all floor drain connections between spill containment areas and the active drain network. Verify no cross-connections to inactive drainage by dye tracing from each drain point. Measure water seal depth at each floor trap. Pass criteria: zero cross-connections found, all trap seals at or above 50 mm depth. Rationale: Physical inspection and dye trace test to verify drainage segregation integrity. | Inspection | verification, containment, session-329 |
| VER-REQ-025 | Verify end-to-end criticality response: inject simulated neutron burst at CWS detector input exceeding 20 mrad threshold. Verify the complete chain: CWS detection within 1 ms, trip signal to SIT within 10 ms, SIT trip initiation within 500 ms, criticality alarm activation via ECAS, ventilation isolation command to standby ventilation system. Total end-to-end time from neutron burst to completed facility response SHALL be less than 2 seconds. Pass criteria: all subsystems activate in sequence within timing budgets, alarm audible at 75 dBA, no subsystem fails to respond. Rationale: System-level integration test exercising the full criticality response chain from sensor to actuator. Tests the interfaces between CWS, SIT, ECAS, and ventilation systems as an integrated safety function. | Test | verification, integration, criticality, session-329 |
| VER-REQ-026 | Verify IFC-REQ-024: Test data transfer from characterization to packaging by performing gamma assay and surface survey on a reference waste item, then confirming the categorisation certificate appears in the packaging system within 5 minutes. Pass criteria: certificate contains correct waste category, activity inventory matching reference values within measurement uncertainty, and approved packaging route. Rationale: Integration test to verify the characterization-to-packaging data flow meets the 5-minute latency and data completeness requirements at the system boundary. | Test | verification, waste-management, characterization, session-330 |
| VER-REQ-027 | Verify IFC-REQ-025: Test drum transfer from packaging to store by sealing a test drum, verifying barcode scan retrieves the correct waste package data record, confirming surface contamination below transport limits, and tracking placement in the designated store position. Pass criteria: barcode correctly linked, contamination verified, placement within 4 hours, and store position matches criticality spacing plan. Rationale: Integration test at the packaging-to-store boundary ensuring positive identification, contamination verification, and criticality-safe placement are all functioning as a chain. | Test | verification, waste-management, packaging, session-330 |
| VER-REQ-028 | Verify IFC-REQ-026: Test cemented wasteform transfer by producing a test batch, holding for the 7-day curing period, confirming early-age strength test results are recorded, and verifying the package is assigned a criticality-compliant store position. Pass criteria: 7-day hold enforced by system interlock, strength test recorded against package ID, store position respects keff spacing. Rationale: Integration test verifying the curing-period hold, strength verification, and criticality-safe placement operate as a controlled sequence. Tests the most safety-significant interface in the waste management chain. | Test | verification, waste-management, liquid-conditioning, session-330 |
| VER-REQ-029 | Verify IFC-REQ-027: Test distillate return by processing a spiked liquid waste batch through evaporation, sampling the distillate at the hold-and-release point, and confirming activity concentrations are below 100 Bq/L alpha and 1000 Bq/L beta/gamma before drain release. Pass criteria: analytical results within limits, flow rate not exceeding 0.5 L/min, hold-and-release interlock prevents release if limits exceeded. Rationale: Verifies the critical environmental protection boundary between waste conditioning and the active drain system. Tests both the decontamination performance and the hold-and-release safety function. | Test | verification, waste-management, liquid-conditioning, effluent, session-330 |
| VER-REQ-030 | Verify IFC-REQ-028: Test bidirectional data exchange by creating a waste characterisation record in LIMS and confirming it appears in the Waste Records system within 60 seconds, then creating a waste package record in the Waste Records system and confirming chain-of-custody data is accessible from LIMS. Pass criteria: both synchronisation directions complete within 60 seconds, mutual TLS handshake verified, data integrity confirmed by checksum. Rationale: Verifies the information system integration that underpins regulatory record-keeping. Both directions must work because LIMS is the analytical authority and the Waste Records system is the waste package authority — each needs access to the other's data. | Test | verification, waste-management, records, lims, session-330 |
| VER-REQ-031 | Verify IFC-REQ-029: Test concentrate transfer by initiating a batch transfer from the Chemical Treatment Plant to the Liquid Waste Conditioning System with the conditioning system in both ready and not-ready states. Pass criteria: transfer proceeds when conditioning system is ready, physical interlock prevents transfer when not ready, analytical certificate accompanies the batch, and batch volume does not exceed 50 L. Rationale: Tests the safety interlock that prevents uncontrolled transfer of radioactive concentrates to an unprepared system. The interlock is a credited safety function in the liquid waste safety case. | Test | verification, waste-management, aetds, liquid-conditioning, session-330 |
| VER-REQ-032 | Verify end-to-end waste lifecycle: Process a solid waste item and a liquid waste batch through the complete RWMF chain from characterization/conditioning through packaging to storage placement, confirming that waste package data records are complete, nuclear material accountancy is reconciled with the site system within 24 hours, and all packages are placed in criticality-compliant store positions with environmental monitoring active. Pass criteria: all intermediate records created automatically, NMA reconciliation confirmed, store environmental parameters within limits, no orphaned packages without complete data records. Rationale: End-to-end integration test exercising both solid and liquid waste streams through the entire RWMF. This test verifies that the individual interface tests (IFC-REQ-024 through IFC-REQ-029) function as a coherent system and that no data is lost across the waste lifecycle chain. | Demonstration | verification, waste-management, integration, session-330 |
| VER-REQ-033 | Verify IFC-REQ-030: Commissioning test of pass-through hatch interlock by simultaneously commanding both doors open and confirming interlock prevents second door from opening. Verify container clearance with a 500 mm diameter by 800 mm height test article. Pass criteria: interlock holds under all attempted sequences; test article passes through without obstruction. Rationale: Integration test to verify physical interface compliance at the C2/C3 containment boundary. | Test | verification, sample-receipt, session-331 |
| VER-REQ-034 | Verify IFC-REQ-031: Demonstrate end-to-end data transfer from screening station measurement completion to Registration System display within 30 seconds using a test source. Verify dual physical routing by processing one contact-handled and one remote-handled sample through their respective routes. Pass criteria: data arrives within 30 seconds; each sample reaches correct preparation area. Rationale: Integration test verifying both the electronic data interface and the physical sample routing paths function as designed. | Demonstration | verification, sample-receipt, session-331 |
| VER-REQ-035 | Verify IFC-REQ-032: Demonstrate message queuing resilience by registering 10 samples with LIMS offline, then restoring LIMS and confirming all 10 records synchronise within 15 minutes of recovery with no data loss. Pass criteria: all 10 records appear in LIMS with correct fields; resync completes within 15 minutes. Rationale: Integration test proving the Registration System can operate independently during LIMS outage and resynchronise without data loss — a key architectural decision. | Demonstration | verification, sample-receipt, session-331 |
| VER-REQ-036 | Verify end-to-end Sample Receipt workflow: process a simulated sample from physical arrival at the Receiving Bay through dose rate screening, contamination check, registration, barcode labelling, preparation (acid digestion with tracer spiking), and storage. Pass criteria: sample arrives at storage with complete chain-of-custody record, all screening results recorded in LIMS, preparation records traceable to original registration, and total workflow time under 4 hours for a contact-handled sample. Rationale: System-level integration test exercising the complete sample receipt chain from physical arrival to prepared aliquot. The 4-hour target is the operational throughput requirement for routine dockyard samples. | Demonstration | verification, sample-receipt, session-331 |
| VER-REQ-037 | Verify IFC-REQ-033: Analyse five transferred aliquots by ICP-OES to confirm HNO3 molarity is within 2-8 M range. Verify volume does not exceed 100 mL. Verify barcode on PTFE vial matches sample record. Pass criteria: all five aliquots within acid range; volumes at or below 100 mL; barcode-to-record match 100 percent. Rationale: Acid matrix compatibility is critical for downstream chromatography performance — feed outside 2-8 M HNO3 causes actinide breakthrough on TEVA resin. | Test | verification, radchem-sep, session-331 |
| VER-REQ-038 | Verify IFC-REQ-034: Weigh ten electrodeposited discs and confirm deposited mass is below 100 micrograms. Measure alpha spectrum on each disc and confirm FWHM resolution is 40 keV or better for the Pu-239/240 peak. Pass criteria: all ten discs below mass limit; all spectra meet resolution threshold. Rationale: Source quality directly determines measurement performance — this test verifies the hand-off point between separations and counting. | Test | verification, radchem-sep, session-331 |
| VER-REQ-039 | Verify IFC-REQ-035: Inspect waste segregation during a simulated multi-sample processing campaign. Verify each waste stream is correctly routed to its designated container with barcode linkage to originating work order. Verify organic solvent containers have flash point and activity labels. Pass criteria: zero cross-contamination between streams; 100 percent barcode traceability. Rationale: Waste segregation failure has regulatory and safety consequences — inspection during operational simulation is the appropriate verification method for procedural compliance. | Inspection | verification, radchem-sep, session-331 |
| VER-REQ-040 | Verify IFC-REQ-036: Inject a precision pulser signal at the preamplifier test input and measure pulse shape at the MCA input with a digital oscilloscope. Verify rise time is less than 100 ns, amplitude is within 0 to 10 V range, and noise floor is less than 2 mV RMS. Pass criterion: all 8 channels meet specification simultaneously with 15 m cable runs installed. Rationale: Integration test confirms cable plant and connector quality after installation. Noise floor measurement validates electromagnetic compatibility in the nuclear facility environment. | Test | verification, gamma-spectrometry, session-333 |
| VER-REQ-041 | Verify IFC-REQ-037: Initiate simultaneous spectrum transfers from all 8 MCA channels to the analysis workstation. Measure transfer completion time for each 16384-channel spectrum. Pass criterion: all transfers complete within 2 seconds, no packet loss on dedicated VLAN, and spectral data integrity verified by checksum comparison. Rationale: Concurrent transfer from all channels represents worst-case network load during high-throughput campaigns. | Test | verification, gamma-spectrometry, session-333 |
| VER-REQ-042 | Verify IFC-REQ-038: Process a multi-nuclide reference sample spectrum through the full analysis chain and verify that the workstation automatically posts all required data fields to LIMS upon analyst approval. Pass criterion: nuclide identity, activity, uncertainty, MDA, and QC status fields all populate correctly in LIMS, with timestamp correlation within 5 seconds of approval action. Rationale: End-to-end demonstration validates the automated result transfer chain that eliminates transcription errors. | Demonstration | verification, gamma-spectrometry, session-333 |
| VER-REQ-043 | Verify end-to-end gamma spectrometry chain: place a NIST-traceable mixed-nuclide reference source (containing Cs-137, Co-60, Am-241, Eu-152 at certified activities) in a standard counting geometry, acquire spectrum for 3600 seconds, and process through automated analysis to LIMS result. Pass criterion: all reported activities within 10 percent of certified values at 95 percent confidence, MDA for Cs-137 is less than or equal to 0.5 Bq/L equivalent, total turnaround from sample placement to LIMS result less than 90 minutes. Rationale: System-level integration test validates that the combined performance of detector, shielding, MCA, and analysis software meets SYS-REQ-001. Exercises the full chain from photon detection to certified result. | Test | verification, gamma-spectrometry, session-333 |
| VER-REQ-044 | Verify IFC-REQ-039: Inspect all 8 vacuum chamber sample trays for correct spring-clip engagement with 25 mm planchets. Verify engraved identification is legible after 10 electrodeposition cycles. Pass criterion: all planchets seat repeatably within 0.5 mm of reference position, identification legible under standard laboratory lighting. Rationale: Positional repeatability determines counting geometry reproducibility. Identification legibility ensures chain-of-custody integrity throughout sample lifetime. | Inspection | verification, alpha-spectrometry, session-333 |
| VER-REQ-045 | Verify IFC-REQ-040: For each of the 8 channels, test vacuum interlock by venting one chamber while remaining chambers are under vacuum. Verify that only the vented chamber MCA channel inhibits acquisition while all other channels continue counting uninterrupted. Pass criterion: acquisition inhibits within 5 seconds of vacuum status changing to bad, resumes within 10 seconds of vacuum restoration. Rationale: Independent vacuum interlock per channel ensures a single chamber service event does not halt all alpha counting operations. | Test | verification, alpha-spectrometry, session-333 |
| VER-REQ-046 | Verify end-to-end alpha spectrometry: process a NIST-traceable mixed-actinide reference solution (Pu-239, Am-241, Cm-244) through electrodeposition, count for 86400 seconds, and analyse with MCA software. Pass criterion: reported activities within 15 percent of certified values at 95 percent confidence, Pu-239/240 MDA of 0.5 mBq or less, tracer recovery between 70 and 110 percent, and Pu-238 peak resolved from Am-241 with valley-to-peak ratio less than 0.3. Rationale: System-level integration test validates the complete alpha analysis chain against SYS-REQ-004. Valley-to-peak ratio confirms adequate source quality and detector resolution for the most demanding peak separation in the analysis. | Test | verification, alpha-spectrometry, session-333 |
| VER-REQ-047 | Verify IFC-REQ-041: Test by processing 10 simulated H-3 distillate and 10 C-14 fraction transfers through the full handover protocol. Verify vial integrity (no leakage after 24h), label readability, documentation completeness, and that receiving QC checks identify any out-of-specification fractions. Pass criteria: 100% documentation compliance, zero vial failures, all barcode scans successful. Rationale: Interface testing at the separations-LSC boundary validates the physical handover process that ensures sample integrity and traceability. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-048 | Verify IFC-REQ-042: Test by loading 50 prepared vials in standard counting cassettes into the sample changer. Verify all barcodes read correctly, vial geometry acceptance rate is 100%, and counting protocol auto-assignment matches LIMS work orders. Pass criteria: zero barcode read failures, zero vial rejection, correct protocol assignment for all 50 vials. Rationale: Sample changer interface testing ensures mechanical compatibility and barcode system reliability under realistic batch sizes. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-049 | Verify IFC-REQ-043: Test by running a full counting batch (20 vials including standards, blanks, and spiked samples) and verifying complete spectral data transfer to the analysis workstation. Verify all specified data fields are present, spectrum channel count matches instrument specification, tSIE values are within expected range for each quench level, and transfer completes within 60 seconds of counting cycle end. Rationale: Data transfer integrity testing ensures the analysis workstation receives complete, uncorrupted spectral data for accurate activity calculation and QA review. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-050 | Verify IFC-REQ-044: Test by processing a validated batch through QA approval and monitoring transfer to LIMS. Verify all required data fields arrive in LIMS within 30 minutes, activity values match workstation values to 6 significant figures, uncertainty values transfer correctly, and authentication/integrity checks pass. Inject deliberate data corruption to verify integrity check rejection. Rationale: LIMS interface testing validates the regulated data path from analysis to system of record, including positive and negative testing of integrity controls. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-051 | Verify end-to-end LSC chain: Test by processing 5 blind H-3 spiked samples and 5 blind C-14 spiked samples through the complete path from separations handover, through sample preparation, counting, data analysis, QA approval, to LIMS result entry. Pass criteria: all 10 results within 10% of the known spike value, all uncertainty budgets correctly calculated, and total turnaround time from vial receipt to LIMS entry not exceeding 48 hours. Rationale: End-to-end integration test exercises the full LSC measurement chain under realistic conditions. The 10% accuracy criterion against known spikes validates measurement traceability. 48-hour turnaround validates operational throughput during dockyard campaigns. | Test | verification, liquid-scintillation, session-334 |
| VER-REQ-052 | Verify IFC-REQ-045: Test by processing 20 simulated separated fractions through the autosampler. Verify matrix compatibility (no signal suppression >10%), tube geometry acceptance, label readability, and that autosampler processes all tubes without intervention. Include 3 matrix-mismatched tubes (>5% HNO3) to verify detection of out-of-specification fractions. Rationale: Interface testing validates physical and chemical compatibility between separation chemistry output and ICP-MS sample introduction. | Test | verification, icp-ms, session-334 |
| VER-REQ-053 | Verify IFC-REQ-046: Test by running a full calibration and sample batch (30 samples) and verifying complete data transfer. Confirm all mass channels present, CPS values match instrument display, internal standard ratios calculated correctly, and automatic backup completes within 5 minutes of batch end. Simulate network failure to verify data buffering and retry. Rationale: Data transfer testing validates the measurement data pipeline integrity and resilience for the complete analytical batch workflow. | Test | verification, icp-ms, session-334 |
| VER-REQ-054 | Verify IFC-REQ-047: Test bidirectional communication with each instrument type by sending 50 work orders and receiving 50 result sets per instrument. Verify work order parameters arrive correctly, result values match source to 6 significant figures, checksums validate on all transfers, and message queuing functions correctly during a simulated 30-minute LIMS outage. Pass criteria: zero data loss, zero corruption, queue drains within 10 minutes of LIMS recovery. Rationale: Comprehensive interface testing validates the LIMS integration with all instrument types under normal and degraded conditions. | Test | verification, lims, session-334 |
| VER-REQ-055 | Verify IFC-REQ-048: Integration test of BMS-to-EPDS Modbus TCP interface. Simulate transformer overtemperature condition and verify BMS receives alarm within 1 second and issues load shedding command. Pass criteria: load shedding confirmed on non-essential distribution board within 5 seconds of overtemperature setpoint breach. Rationale: Integration test to verify interface compliance and protection response timing at system boundaries. | Test | verification, lab-utilities, session-335 |
| VER-REQ-056 | Verify IFC-REQ-049: Integration test of BMS-to-Chilled Water BACnet/IP interface. Simulate primary chiller fault and verify automatic duty/standby changeover completes with chilled water flow temperature maintained within 6 plus or minus 1C during transition. Pass criteria: changeover complete within 60 seconds with no laboratory temperature excursion. Rationale: Duty/standby changeover is the primary resilience mechanism for maintaining laboratory temperature stability during chiller plant faults. | Test | verification, lab-utilities, session-335 |
| VER-REQ-057 | Verify IFC-REQ-050: Integration test of gas isolation on fire alarm. Activate zone fire alarm and measure time from alarm signal to confirmed valve closure on flammable gas supply. Pass criteria: all zone isolation valves closed within 5 seconds and closure status reported to fire panel within 3 seconds of closure. Rationale: Fire safety case critical test. Gas isolation timing is a fire safety case claim that must be demonstrated before facility commissioning. | Test | verification, lab-utilities, session-335 |
| VER-REQ-058 | Verify IFC-REQ-054: Integration test of normal-to-emergency power changeover. Simulate normal supply failure and verify generator start, load acceptance, and motorised changeover. Pass criteria: essential loads transferred within 15 seconds of generator reaching rated output, UPS output uninterrupted during transfer. Rationale: Power changeover timing is critical to UPS autonomy margin. Test must confirm the entire chain from detection through generator start to load transfer operates within design envelope. | Test | verification, lab-utilities, session-335 |
| VER-REQ-059 | Verify end-to-end utility failure response: Simulate total normal supply loss and verify the complete chain from UPS bridging through generator start, changeover switch operation, BMS alarm presentation, gas supply isolation (if fire alarm concurrent), and laboratory instrument continuity. Pass criteria: ICP-MS plasma maintained throughout, gamma spectrometry counts uninterrupted, LIMS server remains operational, BMS displays correct facility status within 30 seconds of initial failure. Rationale: System-level integration test exercising the most critical utility failure scenario. Confirms that the utility subsystem components interact correctly under the highest-consequence failure mode to maintain analytical capability. | Test | verification, lab-utilities, session-335 |
| VER-REQ-069 | Verify SUB-REQ-099: Conduct a proof test of all SIL 3 safety functions by injecting simulated trip conditions through the complete chain from sensor input to final element actuation. Confirm each function trips within its specified response time. Record all proof test results and confirm the test interval does not exceed 3 months since the previous proof test. Rationale: Proof testing validation ensures the claimed SIL is maintained throughout the facility operational life. The complete chain test verifies sensor, logic solver, and final element integrity rather than partial testing which could miss degraded components. | Test | verification, safety, validation, session-337 |
| VER-REQ-070 | Verify SUB-REQ-100: Review the safety system design documentation and confirm that each 2oo3 voting group employs at least two different sensing principles or manufacturers. Conduct a common cause failure analysis per IEC 61511 Annex E demonstrating that the beta factor for each voting group does not exceed 0.02 for SIL 3 functions. Rationale: CCF defence adequacy cannot be demonstrated by testing alone. Design review confirms diversity is implemented as specified. The beta factor analysis per IEC 61511 quantifies residual CCF vulnerability and must meet SIL 3 targets to validate the safety case claims. | Analysis | verification, safety, ccf, validation, session-337 |
| VER-REQ-071 | Verify SYS-REQ-011: Conduct penetration testing of the LIMS network segment by an independent assessor. Confirm RBAC enforces least-privilege access for each role. Verify MFA is required for all login sessions. Confirm encryption at rest by examining database storage configuration and in transit by capturing network traffic and verifying TLS 1.2 or later. Confirm network segmentation by attempting lateral movement from office and OT network segments. Rationale: Cybersecurity controls must be validated by independent testing, not self-assessment alone. Penetration testing is required under NIS Regulations assessment framework. The combination of configuration verification and active testing provides confidence that controls are both configured and effective against realistic attack scenarios. | Test | verification, cybersecurity, validation, session-337 |
flowchart TB n0["component<br>Criticality Warning System"] n1["component<br>Fire Detection and Suppression System"] n2["component<br>Safety Interlock and Trip System"] n3["component<br>Emergency Communications and Alarm System"] n4["component<br>Emergency Power System"] n5["component<br>Spill Containment and Emergency Decontamination System"] n0 -->|criticality trip signal| n2 n0 -->|criticality alarm| n3 n1 -->|fire zone trip| n2 n1 -->|fire alarm| n3 n2 -->|trip status| n3 n4 -.->|UPS power| n0 n4 -.->|UPS power| n1 n4 -.->|UPS power| n2 n4 -.->|emergency power| n3
Facility Safety and Emergency Response — Internal
flowchart TB n0["component<br>HPGe Detector Array"] n1["component<br>Lead Shielding and Counting Chambers"] n2["component<br>Detector Cryogenic Cooling System"] n3["component<br>Digital MCA and Signal Processing System"] n4["component<br>Gamma Spectroscopy Analysis and QA Workstation"] n2 -->|Cryogenic cooling| n0 n0 -->|Mounted in| n1 n0 -->|Pulses| n3 n3 -->|Spectra| n4
Gamma Spectrometry Suite — Internal
flowchart TB n0["component<br>Electrodeposition and Source Preparation Station"] n1["component<br>Alpha Detector Chamber Array"] n2["component<br>Alpha Spectrometry Vacuum System"] n3["component<br>Alpha MCA and Spectral Processing Unit"] n0 -->|Disc sources| n1 n2 -->|Vacuum| n1 n1 -->|Alpha pulses| n3
Alpha Spectrometry Laboratory — Internal
flowchart TB n0["component<br>LSC Sample Preparation Station"] n1["component<br>Liquid Scintillation Counter Array"] n2["component<br>LSC Data Analysis and QA Workstation"] n3["component<br>LSC Background and QC Reference System"] n4["external<br>Radiochemical Separations Laboratory"] n5["external<br>Laboratory Information Management System"] n4 -->|H-3/C-14 fractions| n0 n0 -->|Prepared vials| n1 n1 -->|Raw spectra| n2 n3 -->|QC standards| n1 n2 -->|Results and certificates| n5
Liquid Scintillation Counting Facility — Internal
flowchart TB n0["component<br>ICP-MS Sample Introduction System"] n1["component<br>ICP-MS Instrument"] n2["component<br>ICP-MS Data Acquisition and Processing Workstation"] n3["component<br>Argon Gas Supply and Plasma System"] n4["external<br>Radiochemical Separations Laboratory"] n5["external<br>Laboratory Information Management System"] n4 -->|Dissolved sample solutions| n0 n0 -->|Nebulised aerosol| n1 n3 -->|Ar plasma gas, He/H2 cell gas| n1 n1 -->|Mass spectra| n2 n2 -->|Results and isotope ratios| n5
ICP-MS and Elemental Analysis Suite — Internal
flowchart TB n0["component<br>LIMS Server and Database"] n1["component<br>LIMS Client Workstations"] n2["component<br>LIMS Instrument Interface Module"] n3["component<br>LIMS Reporting and Regulatory Compliance Engine"] n4["external<br>Analytical Instrument Workstations"] n5["external<br>Dockyard IT Network"] n4 -->|Instrument results| n2 n2 -->|Validated results| n0 n1 -->|Sample login, work orders| n0 n0 -->|Reporting data| n3 n0 -->|Backup, AD auth| n5
Laboratory Information Management System — Internal
| Entity | Hex Code | Description |
|---|---|---|
| Acid Digestion and Dissolution Station | 56851019 | Wet chemistry workstation within a UK nuclear dockyard radiochemistry laboratory for dissolving solid radioactive samples in concentrated mineral acids (HNO3, HCl, HF, HClO4). Contains fume cupboard rated for perchloric acid use with washdown capability, hotplate bank (6 positions, 300 degC max), microwave digestion system (12-position rotor, 250 degC, 100 bar), PTFE and glassware for sequential acid additions. Processes reactor structural materials (stainless steel, Inconel, Zircaloy) and decommissioning debris. Maximum workstation activity: 100 MBq beta-gamma, 10 MBq alpha. C3 containment zone. |
| Actinide Separation Chemistry Station | 54D53019 | Radiochemical separation workstation specialising in actinide isolation from dissolved nuclear samples. Performs co-precipitation (iron hydroxide, calcium fluoride carriers), solvent extraction (TOPO/TBP in cyclohexane for uranium/plutonium partitioning), and ion exchange chromatography (TEVA, TRU, UTEVA resin columns for sequential actinide group separation). Tracer-spiked for yield determination. Produces purified actinide fractions for alpha spectrometry and ICP-MS measurement. Generates mixed organic/aqueous radioactive waste. C3 zone fume cupboards with organic vapour scrubbing. |
| Active Drain Collection Network | CE851019 | Gravity-fed and pumped piping network collecting radioactive liquid waste from radiochemistry laboratory fume cupboards, glove boxes, and sinks. Constructed from 316L stainless steel and borosilicate glass with double-contained routing through controlled areas. Includes isolation valves at each laboratory connection point, leak detection sensors in secondary containment sumps, and flow measurement at collection headers. Handles pH 1-13 liquids with activity up to 1E6 Bq/L alpha and 1E8 Bq/L beta-gamma. Drains to effluent collection tanks via a monitored sump with level alarms. |
| Active Effluent Treatment and Discharge System | 57F53A59 | System for collection, treatment, monitoring, and controlled discharge of liquid and gaseous radioactive effluents from the laboratory. Liquid: active drains from fume cupboards and sinks route to delay/decay tanks (typically 3-tank cascade for batch sampling before discharge). Batch sampling and analysis against EA/SEPA discharge authorisation limits for total alpha, total beta, H-3, and specific nuclides. pH neutralisation and filtration before permitted discharge to dockyard active drainage system. Gaseous: stack discharge monitored continuously for particulate and gaseous activity (iodine, tritium). Annual discharge limits set by EA/SEPA environmental permits — typically in MBq/year range for alpha and GBq/year range for beta/tritium. OSPAR Convention compliance for marine discharge. All discharges recorded in discharge database for annual reporting to regulators. |
| Active Ventilation and Containment System | 55F73859 | Engineered ventilation system maintaining depression cascade across laboratory work zones to prevent spread of radioactive contamination. Hierarchy: offices/corridors (neutral) → C1 areas (slight negative) → C2 (moderate) → C3 fume cupboards → C4 gloveboxes (maximum negative, -250 Pa relative to corridor). Extract air passes through pre-filters and twin-bank HEPA filters (DOP-tested to 99.97% efficiency at 0.3 micron) before discharge via monitored stack. Includes continuous stack discharge monitoring for particulate alpha/beta, tritium, and I-129. Backup fans with auto-changeover on primary fan failure. Interlocked with fire dampers and fume cupboard sash position. Air change rates: 6-10 ACH in active laboratories, 15-20 ACH in fume cupboards. HEPA filter differential pressure monitoring with alarm at 500 Pa. Safety-critical system — loss of depression cascade is a nuclear safety significant event. |
| Alpha Detector Chamber Array | D6C51018 | Array of 8 vacuum chamber alpha spectrometers using passivated ion-implanted silicon (PIPS) detectors for quantitative alpha spectroscopy in a UK nuclear dockyard radiochemistry laboratory. Each chamber operates at less than 5 Pa pressure to minimise alpha particle energy loss in air. Active area 450 mm2 per detector, energy resolution 20 keV FWHM for Pu-239 at 5.15 MeV. Source-to-detector distance adjustable from 5 to 25 mm for optimising resolution versus efficiency trade-off. Used for measuring Pu-239/240, Am-241, Cm-244, and U-234/235/238 in electrodeposited or microprecipitated sources from separated actinide fractions. Key inputs: electrodeposited disc sources from separations lab, vacuum supply. Key outputs: alpha particle energy spectra to MCA. |
| Alpha MCA and Spectral Processing Unit | 54F53018 | 8-channel digital multi-channel analyser system for alpha spectrometry in a UK nuclear dockyard radiochemistry laboratory. Processes pulses from PIPS silicon detectors with 1024 or 2048 channels per detector, optimized for the 3 to 8 MeV alpha energy range. Provides pile-up rejection, baseline restoration, and region-of-interest counting with background subtraction. Calculates tracer recovery, isotope ratios, and activity per sample using known tracer spike activities (Am-243, Pu-242). Counting times typically 60000 to 250000 seconds for low-activity submarine decommissioning samples. Key inputs: detector pulses, vacuum status signal. Key outputs: alpha energy spectra, region-of-interest counts, activity calculations. |
| Alpha Spectrometry Laboratory | 54843018 | |
| Alpha Spectrometry Vacuum System | D4F71018 | Centralized rotary-vane vacuum pump system serving 8 alpha spectrometry counting chambers in a UK nuclear dockyard radiochemistry laboratory. Maintains chamber pressure below 5 Pa during counting to eliminate alpha energy loss in residual gas. Includes cold trap between chambers and pump to prevent contamination of pump oil with volatile actinides, HEPA-filtered exhaust from pump to active extract ductwork, individual chamber isolation valves for independent sample loading, and vacuum gauge readback to the MCA system for automatic acquisition start/stop based on chamber pressure. Duty/standby pump configuration with automatic changeover for continuous operation. Key inputs: mains power, extract ductwork connection. Key outputs: chamber vacuum, pump exhaust to active extract. |
| Area Gamma Dose Rate Monitoring Array | 54C57050 | Network of fixed gamma dose rate monitors covering all classified and supervised areas in the radiochemistry laboratory. Detectors are energy-compensated GM tubes (Thermo FHZ 672E or equivalent) with measurement range 0.05 microSv/h to 10 Sv/h. Installed at bench height in each laboratory, at entrances to high-activity handling areas, and at the waste transfer corridor. Provides 10-second update rate with local display and audible alarm. Alarm thresholds: investigation at 7.5 microSv/h (3x background), action at 25 microSv/h, evacuation at 100 microSv/h. Outputs 4-20mA analogue and digital Modbus to central HP system. Annual calibration against NPL-traceable Cs-137 reference field. |
| Argon Gas Supply and Plasma System | C6C51018 | High-purity argon (99.999%) gas supply system for ICP-MS plasma generation and collision/reaction cell operation. Includes bulk liquid argon dewar (180L), pressure regulators, gas purification traps (moisture and hydrocarbon removal), flow controllers for plasma gas (15 L/min), auxiliary gas (1 L/min), and nebuliser gas (0.8-1.2 L/min). Collision cell gases: helium (kinetic energy discrimination) and hydrogen (charge transfer reaction). Located external to lab with piped distribution to instrument. |
| Batch Sampling and Analysis Station | 55E75018 | Automated sampling system connected to each Effluent Collection and Delay Tank via dedicated 316L stainless steel sample lines with purge capability. Draws representative 500mL aliquots from agitated tanks using peristaltic pumps into pre-labelled sample pots for laboratory analysis. Provides on-line measurements of pH (±0.1), conductivity, temperature, and gross gamma activity via NaI scintillation detector for preliminary batch screening. Sample results are transmitted to LIMS for batch disposition decision (hold/treat/discharge). Includes sample archiving for 2-year retention per Environment Agency permit. Located in a shielded sampling cell with local ventilation to minimise operator dose during manual sample retrieval. |
| BMS-to-Safety Unidirectional Data Diode | D4C55058 | Hardware-enforced unidirectional network gateway installed at the boundary between the Building Management System SCADA network and the Safety Interlock and Trip System in a UK nuclear dockyard radiochemistry laboratory. Permits read-only status data (trip channel health, alarm states, interlock positions) to flow from the safety system to the BMS for operator display, with no return path. Implemented as a physically unidirectional optical data diode rated to IEC 62443 SL-3. Mounted in a dedicated comms cabinet with tamper-evident seals. |
| Building Management System | 51F77B58 | Central supervisory control and data acquisition (SCADA) system for all laboratory utilities in a nuclear-regulated radiochemistry facility. Monitors and controls HVAC supply temperatures, chilled water flow, electrical load balancing, lighting schedules, and utility plant status via BACnet/IP and Modbus TCP protocols. Interfaces with the Active Ventilation system for depression cascade setpoints and with the Safety Interlock system for utility isolation on safety trips. Provides trending, alarming, and energy management reporting. Operator workstations in facility control room and remote web access for authorised engineers. Cybersecurity hardened to NIS Regulations and ONR expectations for nuclear-connected OT networks. Approximately 2000 I/O points. |
| Chemical Treatment Plant | 54D53259 | Process plant for treating radioactive liquid effluent before discharge, comprising pH neutralization (NaOH/HNO3 dosing), chemical precipitation (ferric floc co-precipitation for actinides), and ion exchange columns (mixed-bed resin for Cs-137/Sr-90 removal). Designed to reduce total alpha activity below 0.1 Bq/mL and total beta-gamma below 1.0 Bq/mL to meet Environment Agency discharge authorization limits. Includes chemical dosing skids with bunded storage for reagents, in-line pH and activity monitoring, and sludge collection for transfer to the Radioactive Waste Management Facility as intermediate-level waste. Operates in batch mode synchronised with the delay tank cycle. |
| Chilled Water and Heating System | 56D71018 | Provides chilled water (6/12°C flow/return) and low-temperature hot water (82/71°C) for climate control and instrument cooling in a nuclear radiochemistry laboratory. Air-cooled chiller plant (2×100% duty/standby, 150kW each) serves air handling unit cooling coils and instrument cooling loops for ICP-MS torch boxes, gamma spectrometer electronics enclosures, and laser systems. LTHW from dockyard district heating or dedicated condensing boilers serves AHU heating coils and perimeter radiators. Laboratory temperature maintained at 20±2°C for analytical accuracy and instrument calibration stability. Variable-speed pumping with differential pressure control. Glycol-filled chilled water circuit to prevent freezing in exposed risers. |
| Contamination Monitoring Stations | D4ED5050 | Suite of contamination monitoring equipment at zone boundaries and controlled area exits in the radiochemistry laboratory. Comprises: (a) hand-foot-clothing (HFC) monitors at each C2/C3 zone exit with dual-phosphor alpha/beta detection, measurement time 10 seconds, alpha sensitivity 0.04 Bq/cm2; (b) portal monitors at the controlled area final exit with large-area plastic scintillator panels, 5-second walk-through measurement; (c) bench-top alpha/beta contamination meters (ZnS/plastic scintillator probes) for surface wipe counting. All HFC monitors and portals report pass/fail status to central HP system. Alarm threshold set to ONR-accepted clearance levels: 0.4 Bq/cm2 alpha, 4 Bq/cm2 beta-gamma. |
| Continuous Air Monitor Network | 54E57251 | Array of continuous air monitoring (CAM) stations distributed across all classified zones in a nuclear dockyard radiochemistry laboratory. Comprises alpha-in-air monitors (impactor-type, 150 L/min sample rate, PIPS detector) at each C2/C3 containment zone and combined alpha/beta-gamma particulate monitors at zone boundaries. Detection sensitivity: 0.2 DAC-hours for Pu-239 (0.037 Bq/m3 DAC fraction). Three-level alarm cascade: investigation (0.5 DAC), action (1.0 DAC), evacuation (3.0 DAC). Each CAM reports via RS-485 Modbus to the central HP display system. Filter papers collected and counted daily for quality assurance. |
| Criticality Warning System | 55F77A59 | |
| Deionised Water Treatment and Distribution System | 56973018 | Produces and distributes ultra-pure deionised water (18.2 MΩ·cm resistivity, <5 ppb TOC) for analytical chemistry in a nuclear radiochemistry laboratory. Two-stage reverse osmosis followed by mixed-bed ion exchange and UV oxidation. Recirculating loop maintains water quality with continuous resistivity and TOC monitoring. Supplies reagent preparation areas, sample dissolution stations, glassware rinsing, and ICP-MS sample introduction. Storage tank (500L, nitrogen-blanketed) with variable-speed recirculation pump. Weekly microbiological monitoring. Critical for trace-level radiochemical analysis where ionic contamination causes interferences at sub-ppt levels. |
| Depression Cascade Control System | 55F77018 | Instrumentation and control system maintaining the negative pressure cascade across zone boundaries in a nuclear radiochemistry laboratory. Monitors differential pressure at each zone transition (C1→C2: -15 Pa, C2→C3: -30 Pa, C3→C4: -50 Pa) using high-accuracy differential pressure transmitters (±0.5 Pa). Controls motorised dampers on supply and extract branches to maintain setpoints. PLC-based control with redundant controllers (1oo2D architecture) and independent hardwired safety trips for high-pressure deviation. Provides cascade status to LIMS and building management system. Response time <2 seconds for 10 Pa step disturbance. Includes local indication panels and central SCADA HMI. |
| Detector Cryogenic Cooling System | D5D71018 | Electrically powered cryocooler system maintaining 8 HPGe detector crystals at operating temperature (~85K) in a nuclear dockyard radiochemistry laboratory gamma spectrometry suite. Uses Stirling-cycle electromechanical cryocoolers (one per detector, replacing legacy LN2 dewars) eliminating liquid nitrogen handling hazards in a nuclear facility. Each unit consumes ~200W electrical, maintains crystal temperature within +/-2K of setpoint, with MTBF >30,000 hours. Vibration isolation mounts minimise microphonic noise contribution to spectral resolution. Temperature monitoring with auto-shutdown on cooling failure to protect detector crystal from thermal damage. Backup LN2 fill port retained on each dewar for emergency cooling during cryocooler maintenance. |
| Digital MCA and Signal Processing System | 54F77218 | Digital multi-channel analyser and pulse processing electronics for 8 HPGe gamma spectrometry detectors in a UK nuclear dockyard radiochemistry laboratory. Each channel comprises: digital signal processor performing trapezoidal shaping with programmable rise/flat-top times, pile-up rejection, baseline restoration, and live-time correction. 16384-channel ADC resolution per detector. Ethernet-connected to acquisition workstations via dedicated network segment. Supports simultaneous acquisition on all 8 detectors with independent preset real-time, live-time, and peak-area stop conditions. MCA provides detector HV bias control (0-5000V, 0.1V stability), amplifier gain and shaping parameters, and dead-time correction. Real-time spectral display during acquisition. Key inputs: preamplifier pulses from HPGe detectors. Key outputs: digital gamma-ray spectra (energy vs counts) to analysis workstation. |
| Discharge Monitoring and Control System | 55F77A51 | PLC-based control system governing the authorised discharge of treated radioactive effluent from the radiochemistry laboratory to the site active drainage system. Includes continuous-flow proportional sampling during discharge, in-line total alpha (ZnS scintillation) and total beta-gamma (plastic scintillation) monitors with alarm setpoints at 80% of Environment Agency discharge limits. Flow measurement via electromagnetic flowmeters (±1% accuracy) for totalised volume recording. Automatic isolation via fail-safe discharge valve (closes on high activity, loss of power, or loss of signal). Generates statutory discharge records including batch ID, volume, activity concentrations, date/time, and authorising operator. Interfaces with site-wide environmental monitoring database. Designed to SIL 2 per IEC 61511 for the discharge isolation safety function. |
| Dose Rate and Contamination Screening Station | 54E53859 | Incoming sample screening station at a UK nuclear dockyard radiochemistry laboratory. Measures external dose rate (ambient H*(10) from 0.05 microSv/h to 10 mSv/h), surface contamination (alpha: 0.04 Bq/cm2 detection limit, beta-gamma: 0.4 Bq/cm2), and performs preliminary gamma isotopic identification using a handheld NaI spectrometer. Results recorded against sample ID in LIMS. Determines appropriate handling category (contact-handled vs remote-handled) and directs samples to correct preparation workflow. Located in the C2/C3 boundary airlock. |
| Effluent Collection and Delay Tanks | CE953259 | Bank of 4 x 5000L stainless steel tanks operating in fill-sample-hold-discharge cycle for radioactive liquid waste from the radiochemistry laboratory. Tanks are double-contained within bunded enclosures sized to 110% of largest tank volume. Instrumented with ultrasonic level measurement, pH probes, temperature sensors, and conductivity monitoring. Each tank has dedicated sample lines to the Batch Sampling Station. Tanks allow minimum 24-hour delay for short-lived isotope decay and batch analysis before discharge authorization. Agitation provided for representative sampling. Operating under nuclear site licence LC34 (leakage/escape) and Environment Agency RSR permit conditions. |
| Electrical Power Distribution System | 54C53858 | Normal and essential electrical power distribution for a nuclear-regulated radiochemistry laboratory in a UK naval dockyard. Receives 11kV from dockyard HV ring, transforms to 415V/230V via dedicated transformer. Provides normal supply to laboratory benches, instruments, lighting, and sockets via distribution boards. Essential supply busbars feed safety-related loads (ventilation drives, radiation monitors, LIMS servers) via automatic changeover from diesel generator. UPS units provide <10ms break-free supply to ICP-MS, gamma spectrometers, and LIMS. Must meet BS 7671, nuclear site licence conditions, and ONR safety case requirements. Total connected load approximately 500kVA. |
| Electrodeposition and Source Preparation Station | 54D53219 | Wet chemistry station with 8-cell electrodeposition apparatus for preparing thin alpha spectrometry sources from separated actinide fractions in a UK nuclear dockyard radiochemistry laboratory. Electrodeposits actinide ions (Pu, Am, Cm, U, Np) from ammonium sulphate electrolyte onto polished stainless steel discs at controlled current density (0.5 A at 12V, 90 minutes). Also equipped for NdF3 microprecipitation as an alternative rapid source preparation method (30 minutes versus 90 minutes). Critical that source thickness is less than 50 micrograms per cm2 to avoid alpha energy degradation. Operates inside a fume cupboard due to handling of unsealed actinide solutions. Key inputs: purified actinide fractions from separation chemistry, stainless steel planchets, reagents. Key outputs: electrodeposited alpha sources on discs ready for counting. |
| Emergency Communications and Alarm System | 54FF7A59 | Site-wide emergency communications and alarm system for a nuclear-licensed radiochemistry laboratory within a Royal Navy dockyard. Comprises public address loudspeakers in all zones including high-noise areas, visual alarm beacons (xenon strobes) for hearing protection zones, distinctive alarm tones for different emergency types (criticality: warbling siren per ONR guidance; fire: two-tone; contamination: intermittent; evacuation: continuous). Includes emergency telephones on each floor and in refuge areas, direct hard-wired link to dockyard emergency control centre, and automated pre-recorded evacuation messages. System operates on dedicated emergency power with minimum 8-hour battery backup. Muster accounting via RFID badge readers at assembly points. |
| Emergency Power System | 51F73A58 | Dedicated emergency power supply system for safety-critical loads in a nuclear-licensed radiochemistry laboratory. Three-tier architecture: Tier 1 — online double-conversion UPS with sealed lead-acid battery banks providing 30-minute full-load and 4-hour reduced-load backup for criticality detectors, fire panel, safety interlocks, and radiation monitors. Tier 2 — automatic diesel generator with 8-second start-to-load capability, 72-hour fuel autonomy, providing backup for ventilation extract fans (maintaining containment), emergency lighting, and communications. Tier 3 — manual changeover to dockyard ring main as ultimate backup. Automatic transfer switching with break-before-make sequencing to prevent backfeed. Load shedding priority managed by dedicated safety PLC. Tested weekly per ONR LC28 requirements. |
| Extract Fan System | D5D71018 | Primary extract fan system for a nuclear radiochemistry laboratory. Comprises duty/standby centrifugal fan pairs (backward-curved impellers, direct drive) providing the motive force for the entire extract ventilation network. Maintains the depression cascade by drawing air from C4 (glove boxes, highest activity) through C3 (fume cupboards) and C2 (general lab) zones. Variable speed drives allow cascade pressure modulation. Total extract duty approximately 10,000 m³/h at 2.5 kPa. Fans rated for continuous operation with vibration monitoring, bearing temperature monitoring, and automatic changeover on duty fan failure. Located in dedicated fan room with secondary containment. |
| Facility Safety and Emergency Response System | 40B57A51 | Integrated safety system addressing nuclear, radiological, chemical, and conventional hazards within the laboratory. Includes: criticality safety assessment and controls (fissile material limits per workstation, geometry control), fire detection and suppression (aspirating smoke detection in extract ductwork, water mist suppression avoiding water damage to instruments), chemical spill containment (bunded areas, neutralisation kits), emergency ventilation shutdown interlocks, contamination spread prevention (emergency isolation dampers), and personnel emergency procedures (evacuation routes, muster points, emergency dosimetry). Links to dockyard emergency scheme and site emergency control centre. Safety case maintained under nuclear site licence Conditions 14 (safety documentation) and 28 (examination, maintenance, inspection and testing). ALARP demonstration required for all safety-significant modifications. |
| Fire Detection and Suppression System | 55F77A58 | |
| Fume Cupboard and Glove Box Extract Network | 5A851018 | Dedicated extract ductwork network connecting individual radiochemical containment devices to the main extract ventilation system in a nuclear radiochemistry laboratory. Comprises: (1) C3 zone fume cupboards (typically 8-12 units, face velocity 0.5 m/s at 500mm sash opening, each extracting 500-800 m³/h), (2) C4 zone glove boxes (typically 4-6 units, maintained at -250 Pa relative to room, nitrogen-inerted for pyrophoric materials, each extracting 50-100 m³/h via dedicated HEPA-filtered extract), (3) 316L stainless steel ductwork with welded joints and decontaminable internal surfaces, (4) individual volume control dampers and flow monitoring on each device. Total network serves as the primary operator-device interface for containment of alpha-bearing materials during radiochemical separations. |
| Gamma Spectrometry Suite | 54E53058 | |
| Gamma Spectroscopy Analysis and QA Workstation | 50A53058 | Networked analysis workstation cluster (3 PCs) running validated gamma spectroscopy software for nuclide identification, efficiency calibration, activity quantification, and uncertainty calculation in a UK nuclear dockyard radiochemistry laboratory. Performs peak search (Gaussian fitting with automated multiplet deconvolution), nuclide identification against a 300+ nuclide library tailored to reactor and submarine systems, efficiency calibration using LabSOCS/ISOCS mathematical models validated against NIST-traceable multi-nuclide standards. Calculates minimum detectable activity (MDA), combined measurement uncertainty (k=2), and cascade summing corrections. Generates ISO 17025-compliant analysis certificates. Maintains efficiency calibration database, QC control charts (daily energy/resolution checks using Eu-152), and audit trail. Interfaces with LIMS for sample data import and result export. Key inputs: spectral data from MCA, sample geometry/density from LIMS. Key outputs: nuclide-specific activity results with uncertainties, analysis certificates, QC status. |
| Health Physics Central Alarm and Display System | 50F57B58 | Centralised data acquisition, alarm management, and display system for all radiation monitoring instruments in the radiochemistry laboratory. Receives inputs from CAMs (RS-485 Modbus), area gamma monitors (4-20mA and Modbus), HFC monitors, portal monitors, and EPD dispensing stations. Provides: mimic display panel in HP control room showing real-time status of all monitoring points colour-coded by alarm state; alarm annunciation (audible and visual) with acknowledgement and reset logic; 10-year historian for trending and regulatory reporting; automatic generation of statutory returns data for EA/SEPA discharge reporting. Redundant server architecture (active-standby) with UPS-backed operation for 4 hours post-mains failure. OPC-UA interface to LIMS for sample-associated dose data. SCADA-grade system with SIL 1 classification for alarm functions per IEC 61508. |
| HEPA Filtration Assembly | C6853058 | Twin-bank High Efficiency Particulate Air filtration assembly on extract pathways from C3 and C4 containment zones of a nuclear radiochemistry laboratory. Each bank contains H14-grade HEPA filters (99.995% retention at 0.3μm MPPS). Twin-bank arrangement provides: (1) primary filtration removing >99.995% of particulate from contaminated extract air, (2) secondary filtration providing defence-in-depth before stack discharge. Each filter housing includes DOP/PAO test ports for in-situ integrity testing per ISO 14644-3. Safe-change (bag-in/bag-out) filter housings on primary bank to prevent personnel exposure during filter replacement. Differential pressure monitoring across each bank with alarms at 250 Pa (advisory) and 500 Pa (mandatory change). Design throughput per bank: 5,000 m³/h at 250 Pa clean filter pressure drop. |
| HPGe Detector Array | D6E51018 | |
| ICP-MS and Elemental Analysis Suite | 54E53018 | Inductively Coupled Plasma Mass Spectrometry suite for ultra-trace elemental and isotopic analysis. Houses quadrupole ICP-MS with collision/reaction cell (e.g. Agilent 7900 or Thermo iCAP) for determination of long-lived radionuclides (I-129, Tc-99, U isotopes, Pu isotopes) and stable elements at ng/L levels. Includes clean-room sample preparation area (ISO Class 6) with laminar flow hoods, acid purification systems (sub-boiling quartz distillation), and ultra-pure water supply (18.2 MOhm-cm). Isotope dilution mass spectrometry (IDMS) capability for nuclear material accountancy. Autosampler capacity: 200+ samples. Detection limits: <0.1 pg/mL for actinides. Argon plasma at 6000-8000 K with RF power 1200-1600 W. Requires dedicated ventilation extract for acid fumes and argon gas supply at 15 L/min. |
| ICP-MS Data Acquisition and Processing Workstation | 50A53318 | Vendor software workstation controlling ICP-MS data acquisition and performing quantitative analysis. Functions include method setup (masses, dwell times, sweeps), tuning optimisation, calibration curve generation from certified reference materials, interference correction equation application, internal standard normalisation, isotope ratio calculation with mass bias correction, and result reporting with full uncertainty. Interfaces with LIMS for result transfer. Processes 50-100 sample analyses per day. |
| ICP-MS Instrument | D4E53018 | Quadrupole or sector-field inductively coupled plasma mass spectrometer for ultra-trace elemental and isotopic analysis. Used for actinide isotope ratio measurements (U-234/U-238, Pu-239/Pu-240), trace element confirmation of separation chemistry yields (stable Sr, Cs carriers), and Am-241 analysis as alternative to alpha spectrometry. Detection limits sub-pg/L for actinides. Operates with collision/reaction cell for polyatomic interference removal (e.g., UH+ on Pu-239, ArCa on Sr-90). Located in clean-room grade environment within a UK nuclear dockyard radiochemistry laboratory. |
| ICP-MS Sample Introduction System | D4851018 | Autosampler and nebuliser system for ICP-MS. Includes CETAC ASX-560 or similar 240-position autosampler, self-aspirating concentric nebuliser with cyclonic spray chamber, internal standard mixing tee for online Bi-209 or Tl-205 addition. Handles dissolved sample solutions in 2-5% HNO3 matrix from radiochemical separations. Rinse protocol between samples to reduce memory effects from high-concentration actinide solutions below 0.01% carryover. Sample consumption approximately 0.5 mL/min. Peristaltic pump with acid-resistant tubing. |
| Inactive Drain Diversion System | 54B63250 | Separate drainage network for non-radioactive laboratory liquids (cooling water, handwash, non-active reagent waste) with continuous activity monitoring at collection points using flow-through gross gamma detectors. If contamination above 0.1 Bq/mL gross beta-gamma is detected, motorised divert valves automatically route the affected drain to the active effluent collection tanks within 5 seconds. Provides physical separation between active and inactive drainage systems with air-break interfaces to prevent cross-contamination. Inactive effluent that passes monitoring is discharged to the site trade effluent system. Includes monthly verification testing of divert function and detector calibration per the facility's maintenance schedule. |
| Interim Waste Store | CE851059 | Shielded interim storage facility for packaged radioactive waste drums and containers awaiting off-site transfer at a UK nuclear dockyard. Provides criticality-safe storage geometry with spacing controls for fissile material packages. Environmental monitoring includes temperature, humidity, and area gamma dose rate. Designed for multi-decade storage of ILW packages in 500L drums and LLW in 200L drums. Capacity for approximately 200 drum positions. Includes overhead crane or forklift access for package placement and retrieval. Floor bunding and drainage to active drain system. Regular package condition surveillance programme. |
| Laboratory Gas Supply System | 46C53858 | Centralised piped gas distribution for a nuclear dockyard radiochemistry laboratory. Supplies compressed air (7 bar, oil-free, ISO 8573 Class 1) for pneumatic valve actuators and instrument air. Nitrogen manifold (oxygen-free, 99.999%) for sample inerting, glove box atmospheres, and ICP-MS collision cell. Hydrogen generator for potential flame ionisation detection. External bulk gas storage compound with manifold changeover, pressure regulation at point of use, and gas detection/isolation in laboratories. All gas lines traced, labelled per BS 1710, with automatic isolation on fire alarm or gas leak detection. Safety case requires no flammable gas accumulation in radiological zones. |
| Laboratory Information Management System | 50AD7B58 | |
| Laboratory Utilities and Building Services | 50851018 | Supporting infrastructure providing essential services to the radiochemistry laboratory. Comprises: electrical power distribution with UPS for critical instruments (gamma spec, LIMS servers) and emergency generator backup, deionised water supply (18.2 MOhm-cm for ICP-MS, general-purpose DI for rinsing), compressed air and nitrogen supply, argon gas supply for ICP-MS (bulk liquid argon with vaporiser), laboratory gas supplies (hydrogen for ICP-MS, acetylene), chilled water for instrument cooling, building management system (BMS) for HVAC control and environmental monitoring (temperature 20±2°C, humidity 40-60% RH for counting rooms), access control (proximity card with zone restrictions per IRR17 designation), and physical security (CCTV, intruder alarms) meeting ONR security requirements for nuclear material. |
| Lead Shielding and Counting Chambers | CE851018 | Graded-Z shielding assemblies (100mm Pb / 1mm Cd / 1mm Cu) forming counting caves for HPGe gamma spectrometry detectors in a nuclear dockyard radiochemistry laboratory. Each chamber houses one HPGe detector with motorized sample positioning tray providing reproducible geometry at fixed distances (5cm, 10cm, 25cm). Shielding reduces environmental background by factor >1000, critical for measuring low-activity decommissioning samples. 8 chambers total: 6 standard counting caves for routine analysis, 1 large-geometry cave for bulky samples (Marinelli beakers), 1 ultra-low-background cave with aged lead and active muon veto for environmental monitoring samples. Key inputs: prepared samples from separations lab, detector positioning commands. Key outputs: controlled counting geometry, reduced background environment. |
| LIMS Client Workstations | D0AD3018 | Desktop workstations deployed across the radiochemistry laboratory for LIMS access. Thin-client web browser interface for sample login, work order management, result entry with double-entry verification, certificate generation, and management reporting. Located at sample receipt, each analytical laboratory, the QA office, and the laboratory manager office. Approximately 15 terminals. Role-based access control with individual user authentication via dockyard Active Directory integration. |
| LIMS Instrument Interface Module | 40A57918 | Software middleware connecting analytical instruments to LIMS. Receives results electronically from gamma spectrometry (Alpha/Gamma MCA workstations), liquid scintillation counters, ICP-MS data acquisition systems, and HP monitoring equipment. Parses vendor-specific data formats, validates results against method-defined acceptance criteria, and imports validated data into LIMS with full audit trail. Supports bidirectional communication: pushes work orders to instruments and receives results back. |
| LIMS Reporting and Regulatory Compliance Engine | 40E77B59 | Reporting module within LIMS generating analysis certificates, regulatory discharge reports (for Environment Agency and SEPA), inter-laboratory comparison submissions, UKAS accreditation records, and management KPI dashboards. Produces reports in PDF format with electronic signatures. Calculates cumulative site discharge against annual authorised limits. Generates quarterly RIFE (Radioactivity in Food and the Environment) programme submissions. Maintains regulatory reporting calendar with automatic reminders. |
| LIMS Server and Database | 50853118 | Central Oracle or SQL Server database hosting the Laboratory Information Management System. Stores sample records, analytical results, QA/QC data, instrument logs, and reporting templates. Dual-server active-passive failover configuration for high availability. Database capacity for minimum 10 years of operational records (approximately 50,000 samples/year). Nightly incremental and weekly full backups to separate storage. Runs on virtualised infrastructure within the dockyard IT environment. Compliant with ONR SYAPS requirements for nuclear safety-related software. |
| Liquid Scintillation Counter Array | D4E51018 | Bank of 2-3 ultra-low-background liquid scintillation counters (e.g., Perkin Elmer Quantulus or Hidex 300SL). Detects beta emissions from H-3 (max 18.6 keV) and C-14 (max 156 keV) in scintillation cocktail vials. Features pulse shape analysis for alpha/beta discrimination, automatic external standard quench correction, and multi-sample changers (up to 500 vials). Count times 100-1000 minutes per sample. Located in temperature-controlled low-background counting room in a UK nuclear dockyard radiochemistry laboratory. |
| Liquid Scintillation Counting Facility | 54E51059 | |
| Liquid Waste Conditioning System | 57D73259 | Processing system for radioactive liquid waste concentrates from radiochemistry laboratory operations at a UK nuclear dockyard. Receives high-activity liquors from chemical separation processes, evaporator concentrates, and decontamination solutions. Employs evaporation and cementation to immobilise liquid waste into solid wasteform. Includes thin-film evaporator with off-gas condensation, cement mixing and grouting station, and wasteform quality verification. Designed for alpha-bearing liquors up to 1E9 Bq/L. All operations in shielded containment with HEPA-filtered extract. |
| LSC Background and QC Reference System | 40A53A50 | Quality control system for LSC counting. Sealed NPL-traceable H-3 and C-14 reference vials, unquenched/quenched standard sets for quench curve calibration, continuously monitored background vials, chi-squared acceptance criteria. Detects instrument drift, contamination, cosmic ray variation. Background target below 2 CPM in H-3 window. QC checks every 24h or per batch per ISO 17025. |
| LSC Data Analysis and QA Workstation | 50A53118 | Software workstation running vendor spectral analysis software plus in-house validation tools. Performs spectral unfolding for H-3/C-14 dual-label counting, quench correction curve management, background subtraction, decay correction, uncertainty calculation per GUM. Generates analysis certificates with full uncertainty budgets. Interfaces with LIMS. Validates against NPL traceable standards. Processes 50-100 result sets/day. |
| LSC Sample Preparation Station | 54841218 | Dedicated sample preparation area for liquid scintillation counting. Receives purified H-3 and C-14 fractions from Radiochemical Separations Laboratory. Operations: cocktail dispensing with Ultima Gold, dark adaptation (min 2 hours to reduce chemiluminescence), spike/standard preparation for QA/QC. Equipped with automated cocktail dispenser, anti-static vial handling, fume extraction for volatile tritiated water. Throughput ~100 vials/day in a UK nuclear dockyard radiochemistry laboratory. |
| Personal Dosimetry and Dose Record System | 54F57B59 | Personal dose monitoring and recording system for radiochemistry laboratory personnel. Electronic personal dosimeters (EPDs, Thermo EPD Mk2 or equivalent) issued at controlled area entry via automated dosimeter dispensing station, providing real-time Hp(10) and Hp(0.07) dose readout with audible dose rate warning at 10 microSv/h and integrated dose alarm at daily investigation level (200 microSv). Passive TLD badges (Harshaw 6600 reader) as legal dose of record, exchanged monthly. Dose data uploaded to CADOR (Central Approved Dosimetry Organisation Record) quarterly. System maintains local dose database with running annual totals, dose constraint tracking (6 mSv/year investigation, 15 mSv/year limit), and automatic work restriction flagging at 80 percent of constraint. Interfaces with laboratory access control to enforce radiological work permits. |
| Physical Security and Access Control System | 54BF7859 | Integrated physical protection system for a nuclear-licensed radiochemistry laboratory within a UK naval dockyard. Controls entry to radiological controlled areas, nuclear material accountability zones, and high-activity sample storage via proximity card readers with PIN and biometric verification for inner zones. CCTV coverage of all access points, sample receipt bay, waste stores, and perimeter with 30-day recording retention. Intruder detection (PIR, magnetic contacts, vibration sensors) on external doors and windows, linked to dockyard central alarm station. Must comply with Nuclear Industries Security Regulations 2003 (NISR), ONR security assessment principles, and dockyard-specific physical protection requirements. Manages approximately 40 access-controlled doors across 3 security tiers. |
| Radiation Protection and Health Physics Monitoring System | 54F57A59 | Integrated radiation monitoring and dose management system for laboratory personnel and work areas. Comprises: fixed area gamma monitors (ionisation chambers) with local and remote alarms, hand/foot/clothing contamination monitors at zone exits, continuous air monitors (CAMs) with moving filter paper and alpha/beta detection, personal electronic dosimeters (EPDs) for real-time dose tracking, TLD/OSL badges for legal dose of record, and neutron survey instruments for fuel-handling areas. Links to central radiation monitoring computer (CRMC) for real-time display, alarm management, and dose record keeping. Supports ALARP dose management with investigation levels at 1 mSv/quarter and dose constraint at 10 mSv/year (well below the 20 mSv/year UK legal limit). Contamination clearance levels per IRR17 Schedule 7. |
| Radioactive Source Inventory and Calibration System | 44A57A58 | Sealed source inventory management and instrument calibration facility for the radiochemistry laboratory. Maintains a database of all sealed radioactive sources held under IRR17 registration, including source identity, nuclide, activity at reference date, location, leak test schedule, and disposal records. Physical calibration facility comprises a shielded calibration jig with NPL-traceable Cs-137 and Am-241 reference sources for annual calibration of all portable and fixed radiation monitoring instruments. Source movement tracking via barcode scanning at source store entry/exit. Automated alerts for: overdue leak tests (6-monthly per IRR17 Schedule 4), sources approaching disposal activity thresholds, and calibration due dates. Reports to Radioactive Substances Compliance Officer for ONR inspection readiness. |
| Radioactive Waste Management Facility | 46853A5D | Facility for characterisation, segregation, packaging, interim storage, and consignment of radioactive waste generated by laboratory operations. Waste streams: liquid organic (scintillation cocktails, solvents), solid LLW (contaminated glassware, PPE, filters), solid ILW (ion exchange resins, highly contaminated items), and liquid aqueous waste (routed to effluent treatment). Characterisation using gamma assay (segmented gamma scanner or in-situ HPGe), dose rate mapping, and sampling for difficult-to-measure nuclides. Packaging to RWM/LLWR waste acceptance criteria. Interim storage in designated storage facility with fire protection and criticality safety assessment. Waste records maintained in UKRWI-compatible database. Consignment notes per Carriage of Dangerous Goods regulations. Annual waste arisings: typically 5-20 m3 LLW, <1 m3 ILW. |
| Radiochemical Separations Laboratory | 40853219 | |
| Radiochemistry Laboratory for a UK Nuclear Dockyard v2 | 40853859 | A radiochemistry laboratory facility within a UK naval nuclear dockyard (e.g. HMNB Devonport or Rosyth) providing analytical radiochemistry services in support of reactor refuelling, defuelling, and submarine decommissioning. The laboratory performs quantitative determination of radioactive isotopes (alpha, beta, gamma emitters and actinides) in environmental, process, and waste samples. Key constraints: ONR nuclear site licence conditions, EA/SEPA active effluent discharge consents, ALARP dose management for laboratory staff, IRR17 compliance, nuclear material accountancy requirements, and integration with dockyard Health Physics organisation. Operates as a controlled area with classified work zones (C1-C4), depression cascade ventilation, and HEPA-filtered extract systems. Scale: approximately 20-30 staff, processing 5000-10000 samples per year across multiple analytical disciplines. |
| Safety Interlock and Trip System | 50F77859 | Hardwired relay-based and programmable safety interlock system for a UK nuclear dockyard radiochemistry laboratory. Implements safety functions including: workstation fissile material mass limit interlocks using load cells and gamma counters, ventilation isolation trips on high airborne contamination, process isolation on seismic event or fire detection, containment barrier interlock sequencing (glove box, fume cupboard sash position). Safety Integrity Level 2 per IEC 61511 for nuclear-related functions, with SIL 3 for criticality-related interlocks. Uses 2oo3 voting logic for trip initiation. Independent of the LIMS and building management systems. Powered from dedicated UPS with 4-hour battery backup. Provides trip status to the emergency communications system and the health physics central alarm panel. |
| Sample Preparation Laboratory | 44851259 | Wet chemistry preparation area within a UK nuclear dockyard radiochemistry laboratory, C3 containment zone. Performs sample dissolution (acid digestion in HNO3/HF/HCl), sub-sampling, spiking with tracers (Am-243, Pu-242, Sr-85), dilution, and homogenisation. Contains fume cupboards with 0.5 m/s face velocity, hotplate banks rated to 300 degC, analytical balances (0.1 mg resolution), and volumetric glassware. Processes both primary coolant water samples and solid samples from reactor decommissioning. Maximum sample activity at workstation: 100 MBq beta-gamma, 10 MBq alpha. |
| Sample Receipt, Registration and Preparation Facility | 40853259 | Front-end of the radiochemistry laboratory handling receipt of radioactive samples from reactor operations (primary coolant, fuel pool water, swabs, fuel elements), environmental monitoring (air filters, soil, vegetation, marine biota), and decommissioning waste streams. Includes sample logging and registration against LIMS, chain-of-custody controls, preliminary dose rate screening with hand-held monitors, and initial preparation steps: drying, ashing, dissolution (acid digestion in HF/HNO3/HCl), fusion, and radiochemical separation. Operates in C3/C4 containment zones with fume cupboards rated to handle alpha-contaminated materials. Throughput: ~20-40 samples/day. |
| Sample Receiving Bay | 4C851010 | Physical reception area at the entrance to a UK nuclear dockyard radiochemistry laboratory. Receives containerised radioactive samples from reactor compartments, primary coolant circuits, and decommissioning activities. Features pass-through airlock with C2/C3 zone boundary, incoming sample registration desk with barcode scanner, and preliminary external dose rate screening using a calibrated dose rate meter (0.1 microSv/h to 100 mSv/h range). Handles up to 50 sample containers per day. Must maintain negative pressure relative to corridor. Criticality-safe geometry for receipt of multiple fissile-bearing samples. |
| Sample Registration and Chain-of-Custody System | 40AD7B58 | Software and barcode-based tracking system within a UK nuclear dockyard radiochemistry laboratory. Assigns unique sample identifiers, records sample origin (reactor, coolant system, decommissioning waste), requested analyses, custody transfers, and timestamps. Interfaces with LIMS for work order generation. Maintains regulatory chain-of-custody for evidential samples under ONR oversight. Prints barcode labels for sample containers. Handles up to 200 sample registrations per week. |
| Sample Storage and Archive Facility | 4C851218 | Climate-controlled storage area within a UK nuclear dockyard radiochemistry laboratory for both queued samples awaiting analysis and archived post-analysis retention samples. Temperature maintained at 15-25 degC, relative humidity below 60%. Criticality-safe storage geometry with neutron-absorbing cadmium-lined shelving. Capacity for 500 sample containers across low-activity and intermediate-activity storage bays. Retention period: minimum 2 years for routine samples, indefinite for evidential/legal-hold samples. Continuous area gamma monitoring. |
| Separation Chemistry Fume Cupboard Array | D4851058 | Array of 8 walk-in fume cupboards within the radiochemical separations laboratory of a UK nuclear dockyard. Six standard fume cupboards rated for mineral acid work (HNO3, HCl, HF) with 0.5 m/s face velocity at 500mm sash opening. Two perchloric acid-rated fume cupboards with integral washdown systems and dedicated stainless steel ductwork. All cupboards have continuous airflow monitoring with local alarm, automatic sash closure on extract failure, and connection to the C3 zone extract system via the fume cupboard extract network. Bunded bases draining to active drain. |
| Separations Waste Segregation Point | 40853859 | Waste collection and segregation station within the radiochemical separations laboratory. Provides segregated collection for: aqueous radioactive waste (routed to active drain), organic solvent waste (collected in dedicated containers for incineration), solid dry active waste (compactible), mixed waste requiring special treatment, and sharp items. Each waste stream has a dedicated shielded collection container with fill-level monitoring. Waste characterisation data (source separation, estimated activity) recorded against sample work order for waste tracking. Interfaces with Radioactive Waste Management Facility. |
| Solid Waste Characterization and Segregation Station | 54E53859 | Gamma assay and surface contamination survey station for solid radioactive waste arising from radiochemistry laboratory operations. Uses a sodium iodide or HPGe detector in a shielded enclosure to measure gamma-emitting radionuclides, combined with surface contamination probes for alpha/beta screening. Classifies waste into VLLW, LLW, or ILW categories per UK Radioactive Substances Regulation and site-specific waste acceptance criteria. Key outputs: waste categorisation record, estimated activity inventory per package. Operates in a controlled area with local extract ventilation to minimise airborne contamination during handling. |
| Solid Waste Packaging and Compaction System | 56D53859 | Packaging line for solid radioactive waste including compactible dry active waste, non-compactible items, and sealed sources. Features hydraulic drum compactor (200L drums, 50kN) for volume reduction, and manual packaging station for 200L/500L drums. Packages weighed, sealed, labelled with unique IDs for tracking. Operates under local extract ventilation. Output packages must meet waste acceptance criteria for interim store and national disposal (GDF for ILW, LLWR for LLW). Includes contamination monitoring of external drum surfaces. |
| Spill Containment and Emergency Decontamination System | C68D3858 | Passive and active spill containment and personnel decontamination system for a radiochemistry laboratory handling alpha-bearing liquids (Pu/Am in nitric acid) and beta/gamma solutions. Passive elements: stainless steel bunded containment trays under all fume cupboards and glove boxes rated to 110% of largest vessel, sealed floor coatings (epoxy resin) with raised thresholds at zone boundaries, floor drains routed to active drain collection network. Active elements: emergency personnel decontamination showers (tepid water, minimum 75 L/min flow rate) at each zone exit, emergency eyewash stations to ANSI Z358.1, portable spill kits with absorbent media and chelating agents, designated decontamination change room with monitoring portal. Floor drainage from decontamination areas routes to active effluent treatment system. |
| Stack Monitoring and Discharge System | 55F77A51 | Continuous emission monitoring system on the ventilation exhaust stack of a nuclear radiochemistry laboratory. Provides real-time measurement of radioactive discharge to atmosphere via: (1) isokinetic particulate sampler with moving filter paper and alpha/beta detector for continuous airborne activity monitoring, (2) noble gas monitor (Kr-85, Xe-133) using shielded beta scintillation detector, (3) tritium-in-air monitor using ionisation chamber, (4) stack flow measurement using averaging pitot tube array. All measurements logged to LIMS at 1-minute intervals. Automatic stack isolation (damper closure within 5 seconds) if discharge rate exceeds 10% of derived air concentration limit. Located at stack base with access platform for maintenance. Stack height 25m above local ground level. |
| Standby Ventilation and Emergency Isolation System | 51F73A59 | Backup and emergency ventilation provisions for a nuclear radiochemistry laboratory. Comprises: (1) standby extract fan with automatic start on duty fan failure (changeover <10 seconds, maintaining containment throughout), (2) UPS-backed damper actuators on critical zone boundaries ensuring fail-safe closure on total power loss, (3) emergency diesel generator connection for extended outage ventilation (minimum 72-hour fuel capacity), (4) fire dampers on all zone boundary penetrations (rated 2-hour EI 120) with fusible links and remote release, (5) smoke extract mode overriding normal cascade to remove combustion products while maintaining radioactive containment. Safety Integrity Level 2 for containment preservation function. Interfaces with Facility Safety and Emergency Response System for fire/evacuation scenarios. |
| Strontium and Caesium Separation Station | 54C53019 | Radiochemical separation workstation for isolation of Sr-89/90 and Cs-134/137 from dissolved nuclear samples. Uses crown ether chromatography (Sr Resin) for strontium separation, ammonium molybdophosphate precipitation for caesium, and oxalate precipitation for strontium purification. Produces purified fractions for liquid scintillation counting (Sr-90 via Y-90 ingrowth) and gamma spectrometry (Cs-137). C3 containment zone. Lower activity than actinide separations — typical workstation activity 10 MBq beta-gamma. |
| Supply Air Handling Unit | D7D71018 | |
| Tritium and Carbon-14 Preparation Station | 54951019 | Specialised preparation station for volatile radionuclides (H-3, C-14) from reactor coolant and environmental samples. Performs azeotropic distillation for tritium recovery from aqueous samples, and acid digestion with CO2 trapping for C-14. Uses sealed distillation apparatus with condensate collection in liquid scintillation vials. Low radioactivity workstation (max 1 MBq) but requires careful containment of tritiated water vapour. Dedicated extract ventilation with molecular sieve trapping to prevent tritium discharge via stack. |
| Waste Records and Consignment System | 40A57B59 | Information system for tracking radioactive waste from generation through characterization, packaging, interim storage, and consignment for disposal. Maintains nuclear material accountancy records, waste package data records per RWM requirements, consignment notes for transport under CDG regulations. Interfaces with LIMS for analytical results and the site nuclear material accountancy system. Records radionuclide inventory, waste form, dose rate, surface contamination, and package condition for each drum. Generates regulatory returns for EA/SEPA annual waste arisings reports. |
| Component | Belongs To |
|---|---|
| Sample Receipt, Registration and Preparation Facility | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Gamma Spectrometry Suite | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Alpha Spectrometry Laboratory | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Liquid Scintillation Counting Facility | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| ICP-MS and Elemental Analysis Suite | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Radiochemical Separations Laboratory | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Active Ventilation and Containment System | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Radiation Protection and Health Physics Monitoring System | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Active Effluent Treatment and Discharge System | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Laboratory Information Management System | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Radioactive Waste Management Facility | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Facility Safety and Emergency Response System | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Laboratory Utilities and Building Services | Radiochemistry Laboratory for a UK Nuclear Dockyard v2 |
| Supply Air Handling Unit | Active Ventilation and Containment System |
| Extract Fan System | Active Ventilation and Containment System |
| HEPA Filtration Assembly | Active Ventilation and Containment System |
| Depression Cascade Control System | Active Ventilation and Containment System |
| Stack Monitoring and Discharge System | Active Ventilation and Containment System |
| Fume Cupboard and Glove Box Extract Network | Active Ventilation and Containment System |
| Standby Ventilation and Emergency Isolation System | Active Ventilation and Containment System |
| Continuous Air Monitor Network | Radiation Protection and Health Physics Monitoring System |
| Area Gamma Dose Rate Monitoring Array | Radiation Protection and Health Physics Monitoring System |
| Contamination Monitoring Stations | Radiation Protection and Health Physics Monitoring System |
| Personal Dosimetry and Dose Record System | Radiation Protection and Health Physics Monitoring System |
| Health Physics Central Alarm and Display System | Radiation Protection and Health Physics Monitoring System |
| Radioactive Source Inventory and Calibration System | Radiation Protection and Health Physics Monitoring System |
| Active Drain Collection Network | Active Effluent Treatment and Discharge System |
| Effluent Collection and Delay Tanks | Active Effluent Treatment and Discharge System |
| Chemical Treatment Plant | Active Effluent Treatment and Discharge System |
| Batch Sampling and Analysis Station | Active Effluent Treatment and Discharge System |
| Discharge Monitoring and Control System | Active Effluent Treatment and Discharge System |
| Inactive Drain Diversion System | Active Effluent Treatment and Discharge System |
| Criticality Warning System | Facility Safety and Emergency Response System |
| Fire Detection and Suppression System | Facility Safety and Emergency Response System |
| Safety Interlock and Trip System | Facility Safety and Emergency Response System |
| Emergency Communications and Alarm System | Facility Safety and Emergency Response System |
| Emergency Power System | Facility Safety and Emergency Response System |
| Spill Containment and Emergency Decontamination System | Facility Safety and Emergency Response System |
| Solid Waste Characterization and Segregation Station | Radioactive Waste Management Facility |
| Liquid Waste Conditioning System | Radioactive Waste Management Facility |
| Solid Waste Packaging and Compaction System | Radioactive Waste Management Facility |
| Interim Waste Store | Radioactive Waste Management Facility |
| Waste Records and Consignment System | Radioactive Waste Management Facility |
| Sample Receiving Bay | Sample Receipt, Registration and Preparation Facility |
| Sample Registration and Chain-of-Custody System | Sample Receipt, Registration and Preparation Facility |
| Sample Preparation Laboratory | Sample Receipt, Registration and Preparation Facility |
| Dose Rate and Contamination Screening Station | Sample Receipt, Registration and Preparation Facility |
| Sample Storage and Archive Facility | Sample Receipt, Registration and Preparation Facility |
| Acid Digestion and Dissolution Station | Radiochemical Separations Laboratory |
| Actinide Separation Chemistry Station | Radiochemical Separations Laboratory |
| Strontium and Caesium Separation Station | Radiochemical Separations Laboratory |
| Tritium and Carbon-14 Preparation Station | Radiochemical Separations Laboratory |
| Separation Chemistry Fume Cupboard Array | Radiochemical Separations Laboratory |
| Separations Waste Segregation Point | Radiochemical Separations Laboratory |
| Lead Shielding and Counting Chambers | Gamma Spectrometry Suite |
| Detector Cryogenic Cooling System | Gamma Spectrometry Suite |
| Digital MCA and Signal Processing System | Gamma Spectrometry Suite |
| Gamma Spectroscopy Analysis and QA Workstation | Gamma Spectrometry Suite |
| Alpha Detector Chamber Array | Alpha Spectrometry Laboratory |
| Electrodeposition and Source Preparation Station | Alpha Spectrometry Laboratory |
| Alpha Spectrometry Vacuum System | Alpha Spectrometry Laboratory |
| Alpha MCA and Spectral Processing Unit | Alpha Spectrometry Laboratory |
| Liquid Scintillation Counter Array | Liquid Scintillation Counting Facility |
| LSC Sample Preparation Station | Liquid Scintillation Counting Facility |
| LSC Data Analysis and QA Workstation | Liquid Scintillation Counting Facility |
| LSC Background and QC Reference System | Liquid Scintillation Counting Facility |
| ICP-MS Instrument | ICP-MS and Elemental Analysis Suite |
| ICP-MS Sample Introduction System | ICP-MS and Elemental Analysis Suite |
| ICP-MS Data Acquisition and Processing Workstation | ICP-MS and Elemental Analysis Suite |
| Argon Gas Supply and Plasma System | ICP-MS and Elemental Analysis Suite |
| LIMS Server and Database | Laboratory Information Management System |
| LIMS Client Workstations | Laboratory Information Management System |
| LIMS Instrument Interface Module | Laboratory Information Management System |
| LIMS Reporting and Regulatory Compliance Engine | Laboratory Information Management System |
| Electrical Power Distribution System | Laboratory Utilities and Building Services |
| Laboratory Gas Supply System | Laboratory Utilities and Building Services |
| Deionised Water Treatment and Distribution System | Laboratory Utilities and Building Services |
| Building Management System | Laboratory Utilities and Building Services |
| Physical Security and Access Control System | Laboratory Utilities and Building Services |
| Chilled Water and Heating System | Laboratory Utilities and Building Services |
| From | To |
|---|---|
| Extract Fan System | HEPA Filtration Assembly |
| Depression Cascade Control System | Extract Fan System |
| Fume Cupboard and Glove Box Extract Network | HEPA Filtration Assembly |
| HEPA Filtration Assembly | Stack Monitoring and Discharge System |
| Depression Cascade Control System | Supply Air Handling Unit |
| Standby Ventilation and Emergency Isolation System | Depression Cascade Control System |
| Continuous Air Monitor Network | Health Physics Central Alarm and Display System |
| Area Gamma Dose Rate Monitoring Array | Health Physics Central Alarm and Display System |
| Contamination Monitoring Stations | Health Physics Central Alarm and Display System |
| Personal Dosimetry and Dose Record System | Health Physics Central Alarm and Display System |
| Radioactive Source Inventory and Calibration System | Area Gamma Dose Rate Monitoring Array |
| Radioactive Source Inventory and Calibration System | Continuous Air Monitor Network |
| Health Physics Central Alarm and Display System | Laboratory Information Management System |
| Health Physics Central Alarm and Display System | Facility Safety and Emergency Response System |
| Active Drain Collection Network | Effluent Collection and Delay Tanks |
| Effluent Collection and Delay Tanks | Batch Sampling and Analysis Station |
| Effluent Collection and Delay Tanks | Chemical Treatment Plant |
| Chemical Treatment Plant | Effluent Collection and Delay Tanks |
| Effluent Collection and Delay Tanks | Discharge Monitoring and Control System |
| Batch Sampling and Analysis Station | Laboratory Information Management System |
| Discharge Monitoring and Control System | Facility Safety and Emergency Response System |
| Inactive Drain Diversion System | Effluent Collection and Delay Tanks |
| Chemical Treatment Plant | Radioactive Waste Management Facility |
| Criticality Warning System | Safety Interlock and Trip System |
| Criticality Warning System | Emergency Communications and Alarm System |
| Fire Detection and Suppression System | Safety Interlock and Trip System |
| Fire Detection and Suppression System | Emergency Communications and Alarm System |
| Safety Interlock and Trip System | Emergency Communications and Alarm System |
| Emergency Power System | Criticality Warning System |
| Emergency Power System | Safety Interlock and Trip System |
| Emergency Power System | Fire Detection and Suppression System |
| Emergency Power System | Emergency Communications and Alarm System |
| Spill Containment and Emergency Decontamination System | Active Drain Collection Network |
| Fire Detection and Suppression System | Standby Ventilation and Emergency Isolation System |
| Safety Interlock and Trip System | Depression Cascade Control System |
| Solid Waste Characterization and Segregation Station | Solid Waste Packaging and Compaction System |
| Solid Waste Characterization and Segregation Station | Waste Records and Consignment System |
| Liquid Waste Conditioning System | Interim Waste Store |
| Solid Waste Packaging and Compaction System | Interim Waste Store |
| Interim Waste Store | Waste Records and Consignment System |
| Liquid Waste Conditioning System | Active Drain Collection Network |
| Waste Records and Consignment System | Laboratory Information Management System |
| Sample Receiving Bay | Dose Rate and Contamination Screening Station |
| Dose Rate and Contamination Screening Station | Sample Preparation Laboratory |
| Sample Registration and Chain-of-Custody System | Laboratory Information Management System |
| Sample Preparation Laboratory | Radiochemical Separations Laboratory |
| Sample Preparation Laboratory | Active Drain Collection Network |
| Sample Preparation Laboratory | Fume Cupboard and Glove Box Extract Network |
| Acid Digestion and Dissolution Station | Actinide Separation Chemistry Station |
| Acid Digestion and Dissolution Station | Strontium and Caesium Separation Station |
| Actinide Separation Chemistry Station | Alpha Spectrometry Laboratory |
| Actinide Separation Chemistry Station | ICP-MS and Elemental Analysis Suite |
| Strontium and Caesium Separation Station | Liquid Scintillation Counting Facility |
| Strontium and Caesium Separation Station | Gamma Spectrometry Suite |
| Tritium and Carbon-14 Preparation Station | Liquid Scintillation Counting Facility |
| Separations Waste Segregation Point | Radioactive Waste Management Facility |
| Separation Chemistry Fume Cupboard Array | Fume Cupboard and Glove Box Extract Network |
| BMS-to-Safety Unidirectional Data Diode | Safety Interlock and Trip System |
| HPGe Detector Array | Lead Shielding and Counting Chambers |
| HPGe Detector Array | Digital MCA and Signal Processing System |
| Detector Cryogenic Cooling System | HPGe Detector Array |
| Digital MCA and Signal Processing System | Gamma Spectroscopy Analysis and QA Workstation |
| Gamma Spectroscopy Analysis and QA Workstation | Laboratory Information Management System |
| Strontium and Caesium Separation Station | Lead Shielding and Counting Chambers |
| Electrodeposition and Source Preparation Station | Alpha Detector Chamber Array |
| Alpha Spectrometry Vacuum System | Alpha Detector Chamber Array |
| Alpha Detector Chamber Array | Alpha MCA and Spectral Processing Unit |
| Alpha MCA and Spectral Processing Unit | Laboratory Information Management System |
| Actinide Separation Chemistry Station | Electrodeposition and Source Preparation Station |
| Electrodeposition and Source Preparation Station | Fume Cupboard and Glove Box Extract Network |
| LSC Sample Preparation Station | Liquid Scintillation Counter Array |
| Liquid Scintillation Counter Array | LSC Data Analysis and QA Workstation |
| LSC Background and QC Reference System | Liquid Scintillation Counter Array |
| LSC Data Analysis and QA Workstation | Laboratory Information Management System |
| ICP-MS Sample Introduction System | ICP-MS Instrument |
| Argon Gas Supply and Plasma System | ICP-MS Instrument |
| ICP-MS Instrument | ICP-MS Data Acquisition and Processing Workstation |
| ICP-MS Data Acquisition and Processing Workstation | Laboratory Information Management System |
| LIMS Client Workstations | LIMS Server and Database |
| LIMS Instrument Interface Module | LIMS Server and Database |
| LIMS Reporting and Regulatory Compliance Engine | LIMS Server and Database |
| Building Management System | BMS-to-Safety Unidirectional Data Diode |
| Building Management System | Chilled Water and Heating System |
| Building Management System | Laboratory Gas Supply System |
| Electrical Power Distribution System | Building Management System |
| Chilled Water and Heating System | Supply Air Handling Unit |
| Electrical Power Distribution System | Emergency Power System |
| Physical Security and Access Control System | Health Physics Central Alarm and Display System |
| Laboratory Gas Supply System | Argon Gas Supply and Plasma System |
| Deionised Water Treatment and Distribution System | Acid Digestion and Dissolution Station |
| Component | Output |
|---|---|
| Supply Air Handling Unit | Filtered conditioned supply air to controlled zones |
| Extract Fan System | Negative pressure differential across zone boundaries |
| HEPA Filtration Assembly | Decontaminated extract air for stack discharge |
| Depression Cascade Control System | Cascade pressure setpoint maintenance and alarm signals |
| Stack Monitoring and Discharge System | Continuous discharge activity measurements and isolation commands |
| Continuous Air Monitor Network | Airborne contamination alarm and DAC-fraction readings |
| Area Gamma Dose Rate Monitoring Array | Real-time area dose rate readings and gamma alarms |
| Contamination Monitoring Stations | Personnel and surface contamination clearance decisions |
| Personal Dosimetry and Dose Record System | Individual dose records, dose constraint warnings, CADOR submissions |
| Health Physics Central Alarm and Display System | Aggregated radiation status display, alarm annunciation, statutory returns |
| Radioactive Source Inventory and Calibration System | Source inventory register, calibration certificates, leak test records |
| Active Drain Collection Network | Collected radioactive liquid waste routed to delay tanks |
| Effluent Collection and Delay Tanks | Batch-isolated held effluent for sampling and decay, tank status data |
| Chemical Treatment Plant | Treated effluent with reduced activity levels, ILW sludge for waste facility |
| Batch Sampling and Analysis Station | Sample analysis results, batch disposition recommendation, archived samples |
| Discharge Monitoring and Control System | Statutory discharge records, real-time activity monitoring, isolation commands |
| Inactive Drain Diversion System | Segregated inactive effluent for trade discharge, contamination divert alerts |
| Criticality Warning System | Criticality alarm activation, neutron flux readings, detector status, evacuation trigger signals |
| Fire Detection and Suppression System | Fire zone alarm signals, suppression activation status, smoke damper commands, dockyard fire service alerts |
| Safety Interlock and Trip System | Trip initiation commands, interlock status, fissile mass limit enforcement, process isolation commands |
| Emergency Communications and Alarm System | PA announcements, visual alarm indications, muster status reports, dockyard ECC notifications |
| Emergency Power System | Uninterruptible power to safety-critical loads, diesel generator backup power, load shedding commands |
| Spill Containment and Emergency Decontamination System | Contained spill drainage to active effluent system, personnel decontamination capability, contamination boundary isolation |
| Solid Waste Characterization and Segregation Station | waste categorisation record and activity inventory |
| Liquid Waste Conditioning System | cemented wasteform packages |
| Solid Waste Packaging and Compaction System | sealed waste drums meeting WAC |
| Waste Records and Consignment System | waste package data records and consignment notes |
| Sample Receiving Bay | received sample containers |
| Dose Rate and Contamination Screening Station | sample handling category assignment |
| Sample Preparation Laboratory | prepared aliquots for analysis |
| Sample Registration and Chain-of-Custody System | unique sample identifiers and work orders |
| Acid Digestion and Dissolution Station | dissolved sample solutions |
| Actinide Separation Chemistry Station | purified actinide fractions |
| Strontium and Caesium Separation Station | purified Sr and Cs fractions |
| Tritium and Carbon-14 Preparation Station | prepared H-3 and C-14 counting samples |
| HPGe Detector Array | shaped voltage pulses proportional to gamma-ray energy |
| Lead Shielding and Counting Chambers | controlled low-background counting geometry |
| Detector Cryogenic Cooling System | stable cryogenic temperature for HPGe crystals |
| Digital MCA and Signal Processing System | digital gamma-ray energy spectra |
| Gamma Spectroscopy Analysis and QA Workstation | nuclide-specific activity results with uncertainties and analysis certificates |
| Alpha Detector Chamber Array | alpha particle energy spectra for actinide quantification |
| Electrodeposition and Source Preparation Station | thin electrodeposited alpha sources on stainless steel discs |
| Alpha Spectrometry Vacuum System | chamber vacuum below 5 Pa for alpha counting |
| Alpha MCA and Spectral Processing Unit | actinide activity results with tracer recovery and uncertainty |
| Liquid Scintillation Counter Array | beta emission count spectra for H-3 and C-14 quantification |
| LSC Sample Preparation Station | cocktail-mixed vials ready for LS counting |
| LSC Data Analysis and QA Workstation | activity results with GUM uncertainty budgets and analysis certificates |
| LSC Background and QC Reference System | instrument QC status and quench correction curves |
| ICP-MS Instrument | isotope ratio measurements and elemental concentrations at sub-ppt sensitivity |
| ICP-MS Sample Introduction System | nebulised aerosol from dissolved sample solutions |
| ICP-MS Data Acquisition and Processing Workstation | quantitative results with mass bias corrected isotope ratios and uncertainties |
| Argon Gas Supply and Plasma System | stable 6000-8000K argon plasma for sample ionisation |
| LIMS Server and Database | persistent sample tracking and analytical data records |
| LIMS Client Workstations | sample login entries, work orders, and approved result records |
| LIMS Instrument Interface Module | validated analytical results imported from instrument workstations |
| LIMS Reporting and Regulatory Compliance Engine | analysis certificates, regulatory discharge reports, and accreditation records |
| Electrical Power Distribution System | 415V/230V electrical supply |
| Laboratory Gas Supply System | regulated compressed air, nitrogen, hydrogen |
| Deionised Water Treatment and Distribution System | 18.2 MOhm·cm ultra-pure water |
| Building Management System | utility monitoring, control, and energy reporting |
| Physical Security and Access Control System | access authorisation and intrusion detection |
| Chilled Water and Heating System | chilled water 6/12C and LTHW 82/71C |
| Source | Target | Type | Description |
|---|---|---|---|
| SYS-REQ-009 | SUB-REQ-040 | derives | Spill containment prevents uncontrolled fissile material spread |
| SYS-REQ-012 | SUB-REQ-086 | derives | Decommissioning records requirement drives LIMS long-term data retention |
| SYS-REQ-009 | SUB-REQ-098 | derives | Safety response drives BMS alarm prioritization for operator awareness |
| SYS-REQ-007 | SUB-REQ-097 | derives | ICP-MS detection limit drives continuous DI water recirculation |
| SYS-REQ-009 | SUB-REQ-096 | derives | Facility safety drives automatic gas supply changeover for continuity |
| SYS-REQ-011 | SUB-REQ-093 | derives | LIMS network segmentation requirement extends to BMS OT-IT boundary |
| SYS-REQ-009 | SUB-REQ-092 | derives | Facility safety requirement drives automatic gas isolation on fire alarm |
| SYS-REQ-009 | SUB-REQ-100 | derives | Two-independent-barriers criticality safety requirement drives diverse redundancy in trip sensing |
| SYS-REQ-009 | SUB-REQ-099 | derives | Fissile material safety controls require demonstrated ongoing reliability of trip functions through periodic proof testing |
| SYS-REQ-007 | SUB-REQ-091 | derives | ICP-MS detection limit drives DI water purity requirement |
| SYS-REQ-005 | SUB-REQ-089 | derives | LIMS availability drives electrical power reliability requirement |
| SYS-REQ-004 | SUB-REQ-076 | derives | Alpha detection limit drives vacuum system contamination prevention |
| SYS-REQ-004 | SUB-REQ-075 | derives | Alpha detection limit drives MCA spectral processing requirement |
| SYS-REQ-004 | SUB-REQ-074 | derives | Alpha detection limit drives vacuum chamber pressure requirement |
| SYS-REQ-001 | SUB-REQ-071 | derives | Gamma MDA drives QA verification of analysis results |
| SYS-REQ-001 | SUB-REQ-070 | derives | Gamma MDA drives spectrum analysis automation requirement |
| SYS-REQ-001 | SUB-REQ-068 | derives | Gamma MDA drives cryogenic temperature stability requirement |
| SYS-REQ-001 | SUB-REQ-066 | derives | Gamma MDA requirement drives minimum detector count |
| SYS-REQ-009 | SUB-REQ-094 | derives | Fissile material limits require controlled access to prevent unauthorised accumulation |
| SYS-REQ-002 | SUB-REQ-095 | derives | Depression cascade depends on stable supply air from AHU which needs stable CHW |
| SYS-REQ-007 | SUB-REQ-090 | derives | ICP-MS detection limit requires stable uninterrupted power |
| SYS-REQ-001 | SUB-REQ-090 | derives | Gamma MDA requires uninterrupted power for long counting periods |
| SYS-REQ-005 | SUB-REQ-088 | derives | Regulatory reporting derives from system compliance requirement |
| SYS-REQ-005 | SUB-REQ-087 | derives | Instrument interface derives from system data integrity requirement |
| SYS-REQ-005 | SUB-REQ-086 | derives | Database availability derives from system data management requirement |
| SYS-REQ-007 | SUB-REQ-085 | derives | Argon gas stability derives from ICP-MS detection limit |
| SYS-REQ-010 | SUB-REQ-082 | derives | Uncertainty calculation derives from detection limit verification |
| SYS-REQ-010 | SUB-REQ-081 | derives | QC monitoring derives from measurement reliability assurance |
| SYS-REQ-010 | SUB-REQ-080 | derives | Dark adaptation derives from LSC background control needs |
| SYS-REQ-010 | SUB-REQ-079 | derives | Cocktail preparation quality derives from LSC detection limit |
| SYS-REQ-007 | SUB-REQ-084 | derives | Isotope ratio precision derives from waste characterisation requirements |
| SYS-REQ-007 | SUB-REQ-083 | derives | Memory effect control derives from Tc-99 detection limit |
| SYS-REQ-010 | SUB-REQ-078 | derives | Alpha/beta discrimination requirement derives from detection limit in dockyard matrices |
| SYS-REQ-010 | SUB-REQ-077 | derives | Counter efficiency and background requirements derive from system detection limit |
| SYS-REQ-004 | SUB-REQ-073 | derives | System detection limit cascades to source thickness requirement |
| SYS-REQ-004 | SUB-REQ-072 | derives | System alpha detection limit cascades to detector resolution requirement |
| SYS-REQ-001 | SUB-REQ-069 | derives | System MDA requirement cascades to MCA linearity |
| SYS-REQ-001 | SUB-REQ-067 | derives | System MDA requirement cascades to shielding background reduction |
| SYS-REQ-001 | SUB-REQ-065 | derives | System MDA requirement cascades to detector energy resolution |
| SYS-REQ-005 | SUB-REQ-051 | derives | Waste records integrate with LIMS for material accountancy |
| SYS-REQ-009 | SUB-REQ-050 | derives | Waste store capacity accommodates fissile waste generation |
| SYS-REQ-009 | SUB-REQ-049 | derives | Waste store environmental monitoring for fissile safety |
| SYS-REQ-009 | SUB-REQ-047 | derives | Surface dose rate verification on waste packages |
| SYS-REQ-009 | SUB-REQ-046 | derives | Waste packaging ensures safe geometry for fissile waste |
| SYS-REQ-009 | SUB-REQ-043 | derives | Alpha/beta screening segregates fissile waste |
| SYS-REQ-009 | SUB-REQ-042 | derives | Waste characterisation enforces fissile material tracking |
| SYS-REQ-005 | SUB-REQ-059 | derives | Sample archive conditions preserve re-analysis capability |
| SYS-REQ-005 | SUB-REQ-057 | derives | Radiotracer spiking supports LIMS quality assurance |
| SYS-REQ-005 | SUB-REQ-056 | derives | Sample preparation feeds LIMS audit trail |
| SYS-REQ-010 | SUB-REQ-063 | derives | Tritium/C-14 preparation for LSC measurement |
| SYS-REQ-010 | SUB-REQ-062 | derives | Sr/Cs separation provides purified fractions for LSC |
| SYS-REQ-004 | SUB-REQ-060 | derives | Sample dissolution is prerequisite for alpha spectrometry |
| SYS-REQ-003 | SUB-REQ-045 | derives | Waste immobilisation for safe long-term storage |
| SYS-REQ-003 | SUB-REQ-044 | derives | Liquid waste conditioning reduces volume for storage |
| SYS-REQ-006 | SUB-REQ-054 | derives | Screening station detects contamination at facility boundary |
| SYS-REQ-009 | SUB-REQ-041 | derives | Emergency communications for criticality and safety events |
| SYS-REQ-002 | SUB-REQ-004 | derives | Depression cascade setpoints derive cascade control response requirement |
| SYS-REQ-002 | SUB-REQ-006 | derives | Depression cascade requires adequate face velocities at containment devices |
| SYS-REQ-008 | SUB-REQ-003 | derives | Twin-bank HEPA system requirement derives filter efficiency specification |
| SYS-REQ-008 | SUB-REQ-008 | derives | Twin-bank HEPA requires DP monitoring for loading management |
| SYS-REQ-002 | SUB-REQ-002 | derives | Depression cascade maintenance requires fan changeover within time limit |
| SYS-REQ-002 | SUB-REQ-009 | derives | Cascade maintenance requires fan condition monitoring |
| SYS-REQ-006 | SUB-REQ-010 | derives | System airborne alpha detection requirement flows down to CAM network sensitivity |
| SYS-REQ-006 | SUB-REQ-011 | derives | System detection requirement cascades to CAM alarm response levels |
| SYS-REQ-006 | SUB-REQ-012 | derives | System RP detection requirement flows to area gamma measurement specification |
| SYS-REQ-006 | SUB-REQ-014 | derives | System detection requirement flows to personnel contamination monitoring sensitivity |
| SYS-REQ-006 | SUB-REQ-016 | derives | System RP detection flows to personal dosimetry alarm and dose constraint management |
| SYS-REQ-006 | SUB-REQ-018 | derives | System RP detection drives central monitoring system availability requirement |
| SYS-REQ-006 | SUB-REQ-013 | derives | RP detection requirement cascades to area gamma alarm threshold specification |
| SYS-REQ-006 | SUB-REQ-015 | derives | RP detection extends to controlled area exit contamination screening |
| SYS-REQ-005 | SUB-REQ-019 | derives | LIMS audit trail requirement cascades to HP Central historian and statutory returns |
| SYS-REQ-006 | SUB-REQ-020 | derives | Continuous RP detection requires UPS-backed central monitoring |
| SYS-REQ-006 | SUB-REQ-021 | derives | RP system detection capability requires calibrated instruments and managed sources |
| SYS-REQ-006 | SUB-REQ-017 | derives | RP detection function requires dose recording and statutory reporting |
| SYS-REQ-003 | SUB-REQ-022 | derives | Hold time enables batch characterisation before discharge |
| SYS-REQ-003 | SUB-REQ-026 | derives | Sampling accuracy directly implements batch analysis capability |
| SYS-REQ-003 | SUB-REQ-028 | derives | Discharge recording implements the results recording requirement |
| SYS-REQ-003 | SUB-REQ-025 | derives | Treatment capability ensures batches can meet discharge limits |
| SYS-REQ-003 | SUB-REQ-027 | derives | Discharge isolation protects the authorisation requirement |
| SYS-REQ-009 | SUB-REQ-036 | derives | Fissile mass limit enforcement via safety interlocks |
| SYS-REQ-009 | SUB-REQ-032 | derives | Criticality detection as defence-in-depth behind mass limits |
| SYS-REQ-009 | SUB-REQ-048 | derives | System fissile limits cascade to interim store criticality spacing |
| SYS-REQ-009 | SUB-REQ-052 | derives | System fissile limits require NMA tracking in waste management |
| SYS-REQ-005 | SUB-REQ-055 | derives | LIMS audit trail requirement drives chain-of-custody registration |
| SYS-REQ-009 | SUB-REQ-058 | derives | Facility criticality limit cascades to sample storage geometry |
| SYS-REQ-002 | SUB-REQ-053 | derives | Facility depression cascade drives receiving bay negative pressure |
| SYS-REQ-004 | SUB-REQ-061 | derives | Alpha spectrometry detection limits drive actinide separation recovery requirements |
| SYS-REQ-002 | SUB-REQ-064 | derives | Depression cascade drives fume cupboard extract requirements |
| SYS-REQ-002 | SUB-REQ-001 | derives | Depression cascade requires conditioned supply air |
| SYS-REQ-002 | SUB-REQ-005 | derives | Depression cascade drives stack monitoring requirements |
| SYS-REQ-008 | SUB-REQ-007 | derives | HEPA twin-bank design requires standby ventilation |
| SYS-REQ-003 | SUB-REQ-023 | derives | Batch analysis drives tank sizing and hold time |
| SYS-REQ-003 | SUB-REQ-024 | derives | Effluent containment requirement from discharge standards |
| SYS-REQ-003 | SUB-REQ-029 | derives | Contamination detection prevents uncontrolled discharge |
| SYS-REQ-003 | SUB-REQ-030 | derives | Active drain material specification for effluent integrity |
| SYS-REQ-003 | SUB-REQ-031 | derives | Treatment sludge packaging from effluent treatment |
| SYS-REQ-009 | SUB-REQ-033 | derives | Criticality warning alarm from safety requirement |
| SYS-REQ-009 | SUB-REQ-034 | derives | Fire detection supports safety system integrity |
| SYS-REQ-009 | SUB-REQ-035 | derives | Inert gas suppression protects fissile material areas |
| SYS-REQ-009 | SUB-REQ-037 | derives | 2oo3 voting ensures reliable safety trip function |
| SYS-REQ-009 | SUB-REQ-038 | derives | Emergency power ensures safety systems survive mains loss |
| SYS-REQ-009 | SUB-REQ-039 | derives | Diesel generator backs up UPS for extended outages |
| SYS-REQ-011 | IFC-REQ-055 | derives | LIMS network segmentation requirement extends to BMS-safety system boundary enforcement |
| SYS-REQ-009 | IFC-REQ-054 | derives | Facility safety drives power changeover interface between EPDS and emergency supply |
| SYS-REQ-007 | IFC-REQ-053 | derives | ICP-MS detection limit drives DI water interface to acid digestion |
| SYS-REQ-006 | IFC-REQ-052 | derives | Radiation protection drives security-HP alarm zone data exchange |
| SYS-REQ-002 | IFC-REQ-051 | derives | Ventilation cascade drives chilled water supply interface to AHU |
| SYS-REQ-005 | IFC-REQ-028 | derives | LIMS audit trail requirement drives waste records integration |
| SYS-REQ-003 | IFC-REQ-027 | derives | Effluent sampling requirement drives distillate return activity limits |
| SYS-REQ-005 | IFC-REQ-011 | derives | LIMS integration requirement drives HP Central to LIMS data interface |
| SYS-REQ-002 | IFC-REQ-005 | derives | Depression cascade requires supply-extract coordination interface |
| SYS-REQ-002 | IFC-REQ-002 | derives | Depression cascade derives fan control interface |
| STK-REQ-007 | SYS-REQ-011 | derives | Information security stakeholder need drives LIMS access control and encryption requirements |
| STK-REQ-006 | SYS-REQ-012 | derives | Decommissioning design requirement drives need for operational records to support future characterisation |
| STK-REQ-004 | SYS-REQ-006 | derives | Stakeholder dose constraint drives RP monitoring system detection requirements |
| STK-REQ-001 | SYS-REQ-010 | derives | Coolant analysis turnaround drives LSC tritium detection requirements |
| STK-REQ-002 | SYS-REQ-009 | derives | Nuclear site licence LC24 (fissile material) drives criticality safety requirements |
| STK-REQ-004 | SYS-REQ-008 | derives | ALARP for inhalation dose drives HEPA filtration requirements |
| STK-REQ-003 | SYS-REQ-007 | derives | Discharge permit compliance for specific nuclides drives ICP-MS Tc-99 detection capability |
| STK-REQ-004 | SYS-REQ-006 | derives | ALARP dose management drives airborne contamination detection requirements |
| STK-REQ-002 | SYS-REQ-005 | derives | Nuclear site licence compliance drives LIMS audit trail requirements |
| STK-REQ-005 | SYS-REQ-004 | derives | Nuclear material assay accuracy drives alpha spectrometry detection and resolution requirements |
| STK-REQ-003 | SYS-REQ-003 | derives | Discharge permit compliance drives batch-level effluent monitoring |
| STK-REQ-004 | SYS-REQ-002 | derives | ALARP dose constraint drives depression cascade specification |
| STK-REQ-001 | SYS-REQ-001 | derives | Coolant analysis turnaround drives gamma spec sensitivity to enable 1-hour counts |
| Requirement | Verified By | Type | Description |
|---|---|---|---|
| SUB-REQ-100 | VER-REQ-070 | verifies | CCF analysis validates diverse redundancy design of safety trip channels |
| SUB-REQ-099 | VER-REQ-069 | verifies | Proof test procedure validates ongoing SIL compliance of safety functions |
| SUB-REQ-038 | VER-068 | verifies | Emergency power UPS and battery autonomy test |
| SUB-REQ-010 | VER-067 | verifies | CAM alpha sensitivity and reliability test |
| SUB-REQ-037 | VER-066 | verifies | 2oo3 voting timing and independence test |
| SUB-REQ-036 | VER-065 | verifies | Safety interlock SIL 3 proof test |
| SUB-REQ-032 | VER-060 | verifies | Criticality detection proof test |
| SUB-REQ-003 | VER-REQ-006 | verifies | End-to-end tracer test validates HEPA and containment chain |
| IFC-REQ-049 | VER-REQ-056 | verifies | Integration test for BMS-CHW BACnet/IP interface |
| IFC-REQ-055 | VER-REQ-071 | verifies | Lateral movement test during penetration testing verifies unidirectional gateway enforcement |
| IFC-REQ-054 | VER-REQ-058 | verifies | Integration test for normal-to-emergency power changeover |
| IFC-REQ-050 | VER-REQ-057 | verifies | Integration test for gas isolation on fire alarm |
| IFC-REQ-001 | VER-REQ-001 | verifies | Ductwork inspection and pressure test for IFC-REQ-001 |
| IFC-REQ-002 | VER-REQ-002 | verifies | Integration test for cascade-fan control loop |
| IFC-REQ-003 | VER-REQ-003 | verifies | Manifold commissioning test for IFC-REQ-003 |
| IFC-REQ-004 | VER-REQ-004 | verifies | Sampling point inspection for IFC-REQ-004 |
| IFC-REQ-006 | VER-REQ-005 | verifies | Emergency override independence test for IFC-REQ-006 |
| IFC-REQ-007 | VER-REQ-007 | verifies | Integration test for CAM-to-HP Central Modbus interface |
| IFC-REQ-008 | VER-REQ-008 | verifies | Dual-path diversity test for area gamma to HP Central |
| IFC-REQ-009 | VER-REQ-009 | verifies | Latency test for contamination monitoring data path |
| IFC-REQ-010 | VER-REQ-010 | verifies | OPC-UA dosimetry data and alarm notification test |
| IFC-REQ-012 | VER-REQ-011 | verifies | Hardwired evacuation relay independence test |
| IFC-REQ-013 | VER-REQ-013 | verifies | Integration test for drain-to-tank flow interface |
| IFC-REQ-014 | VER-REQ-014 | verifies | Sample line purge and cross-contamination test |
| IFC-REQ-016 | VER-REQ-015 | verifies | SIL 2 proof test for discharge isolation safety function |
| IFC-REQ-015 | VER-REQ-016 | verifies | Treatment loop transfer and DF verification |
| IFC-REQ-017 | VER-REQ-017 | verifies | OPC UA data transfer latency and integrity test |
| IFC-REQ-018 | VER-REQ-019 | verifies | Inspection verification for ILW sludge drum transfer interface |
| IFC-REQ-019 | VER-REQ-020 | verifies | Integration test for CWS-SIT hardwired interface |
| IFC-REQ-020 | VER-REQ-021 | verifies | Integration test for fire-to-ventilation damper command |
| IFC-REQ-021 | VER-REQ-022 | verifies | Power changeover test for CWS dual-redundant UPS |
| IFC-REQ-022 | VER-REQ-023 | verifies | Partial isolation containment test |
| IFC-REQ-023 | VER-REQ-024 | verifies | Drainage segregation inspection |
| IFC-REQ-024 | VER-REQ-026 | verifies | Integration test for characterization-to-packaging data transfer |
| IFC-REQ-025 | VER-REQ-027 | verifies | Integration test for packaging-to-store drum transfer |
| IFC-REQ-026 | VER-REQ-028 | verifies | Integration test for cemented wasteform transfer to store |
| IFC-REQ-027 | VER-REQ-029 | verifies | Test for distillate return activity limits and hold-and-release interlock |
| IFC-REQ-028 | VER-REQ-030 | verifies | Bidirectional data exchange test between Waste Records and LIMS |
| IFC-REQ-029 | VER-REQ-031 | verifies | Transfer interlock test for CTP to liquid conditioning |
| IFC-REQ-030 | VER-REQ-033 | verifies | Airlock interlock and clearance test for receiving-to-screening interface |
| IFC-REQ-031 | VER-REQ-034 | verifies | Data transfer timing and dual routing test for screening-to-preparation interface |
| IFC-REQ-032 | VER-REQ-035 | verifies | Message queue resilience test for registration-to-LIMS interface |
| IFC-REQ-033 | VER-REQ-037 | verifies | Acid matrix compatibility test for digestion-to-separation interface |
| IFC-REQ-034 | VER-REQ-038 | verifies | Source quality test for separation-to-counting interface |
| IFC-REQ-035 | VER-REQ-039 | verifies | Waste segregation compliance inspection |
| IFC-REQ-036 | VER-REQ-040 | verifies | Pulser test for HPGe-MCA signal interface |
| IFC-REQ-037 | VER-REQ-041 | verifies | Network transfer test for MCA-Analysis data path |
| IFC-REQ-038 | VER-REQ-042 | verifies | End-to-end result transfer demonstration to LIMS |
| IFC-REQ-039 | VER-REQ-044 | verifies | Physical inspection of planchet-chamber interface |
| IFC-REQ-040 | VER-REQ-045 | verifies | Vacuum interlock independence test per channel |
| IFC-REQ-041 | VER-REQ-047 | verifies | Interface test for separations-to-LSC handover |
| IFC-REQ-042 | VER-REQ-048 | verifies | Interface test for sample prep to counter loading |
| IFC-REQ-043 | VER-REQ-049 | verifies | Data transfer integrity test for counter-to-analysis interface |
| IFC-REQ-044 | VER-REQ-050 | verifies | LIMS transfer verification for analysis-to-LIMS interface |
| IFC-REQ-045 | VER-REQ-052 | verifies | Interface test for separations-to-ICP-MS sample transfer |
| IFC-REQ-046 | VER-REQ-053 | verifies | Data transfer test for ICP-MS instrument to workstation |
| IFC-REQ-047 | VER-REQ-054 | verifies | Integration test for LIMS-to-instrument bidirectional interface |
| IFC-REQ-048 | VER-REQ-055 | verifies | Integration test for BMS-EPDS Modbus TCP interface |
| SYS-REQ-011 | VER-REQ-071 | verifies | Penetration testing and configuration audit verify LIMS cybersecurity controls |
| SYS-REQ-010 | VER-REQ-051 | verifies | End-to-end integration test verifies system LSC detection limit |
| SYS-REQ-004 | VER-REQ-046 | verifies | End-to-end alpha spectrometry system integration test |
| SYS-REQ-001 | VER-REQ-043 | verifies | End-to-end gamma spectrometry system integration test |
| SYS-REQ-005 | VER-REQ-036 | verifies | End-to-end verification of sample receipt workflow |
| SYS-REQ-009 | VER-REQ-032 | verifies | End-to-end verification of waste lifecycle with fissile tracking |
| SYS-REQ-009 | VER-REQ-025 | verifies | End-to-end verification of criticality response chain |
| SYS-REQ-003 | VER-REQ-018 | verifies | End-to-end verification of effluent treatment batch cycle |
| SYS-REQ-006 | VER-REQ-012 | verifies | End-to-end verification of radiation protection chain |
| Ref | Document | Requirement |
|---|---|---|
| VER-REQ-059 | verification-plan | Verify end-to-end utility failure response: Simulate total normal supply loss and verify the complete chain from UPS bri... |