Image map created by yEd

........... System integration by
"FGV"

VV NTZ, Anlage 13
technical system integration
is checked by the assessor
who is contracted by supplier.

participate as part of
Projektteam in proving the safety
of solutions, which are not
code of practice.

announce that to EBA

VV NTZ, §35

in case of not using code of
practice

Announce 'FGV'

VV NTZ, §34

Implementation process
ISO 15288 6.4.7

create Prüfungerklärung
by FGV

announce that to EBA

announce that to EBA

VV NTZ, §32

Create Prüfungerklärung by
"FGV" where he adapts
"Erläuterungsbericht" from
supplier

VV NTZ, §32

participate as part of
Projektteam in proving safety
for what is not of code of
practice

VV NTZ, §31

announce that to EBA
(done by FGV)

VV NTZ, §31

if not code of practice

prove if systems
specification fulfills
the requirement specification

VV NTZ, Anlage 3

Announce "FGV"

VV NTZ, §30

Design Process
ISO 15288 6.4.5
(for suppliers)

System Specification
(Basis of Design)
"Pflichtenhaft"

Subsystem 50126
Hazard log v.2
RAM plan v.3
Safety plan v.3
SRAC's
Validation report
RAM validaton plan
Safety validation plan

Create "Prüfungserklärung"
by FGV
(somehow the same but for
external use)

VV NTZ, §28

Create "Erläuterungsbericht"
by "FGV"
(summarizes who performed
which task and the results)

VV NTZ, §28

Systems Assessor
does his job

VV NTZ, §27

Prove the safety of the
requirement that are not code
of practice (done by Projektteam)

VV NTZ, §27

Announce that to EBA
(done by FGV)

VV NTZ, §27

Document of specification
roles in "Prüfungplan"

VV NTZ, §27

Contract System Assessor
create "Projektteam"

VV NTZ, §27

In case of requirements
which are not code of
practice

Assessor does his job

VV NTZ, §26

Contract Assessor

VV NTZ, §26

Impact analysis on
current rules ("Regelwerke")
and neighbouring specifications

VV NTZ, §26

Provide proof that code
of practice (aRdt) are
used

VV NTZ, §26

Provide proofs that
laws are fulfilled.

VV NTZ, §26

Announce "Freigabe
variantwortlicher"
(FGV, responsible for
approval)

VV NTZ, §26

Create Specification

VV NTZ, §26

(6) (7) collect from tech circles

Inter Subsystem
NFR's (6)

no pressure to write
something down as
NFR assumption
though we don't know (10)

Define the Specification
procedure
ISO 15288 64:9:3:2:1

Tracing of System
safety functions, Apportionment of THR (14)

Subsystem 50126
RAM plan v.2
Safety plan v.2
ISA plan
Hazard lay

Update safety documentation & plans

AMOD-018 DB future process framework

AMOD-019 SysABB long term system concept

AMOD-015 Example CONOPS of other railway

ARCH.900 Determine the operational needs

ISO 15288 6.4.1.3 e 1)

ARCH.901 Capture existing and initial operational understanding

AMOD-022 [OAB]
[OEBD]
Enterprise and environment definition

AMOD-021 Operational capabilities definition [OCB]

AMOD-023 Operational entity/actor states [O.MS]

AMOD-024 Operational activity definition & allocation [OAB]

AMOD-025 Abstract concepts [O.CDB]

ARCH.005 Define set of system of interest lifecycle variants

ARCH.003 Create initial set of operational actors & operational entities

ARCH.006 Create initial set of operational modes for operational entities/actors

ARCH.001 Define boundary of wider system of interest (operating entity of SysABB)

AMOD-012 System lifecycle model

ARCH.002
Create initial set of operational capabilities

ARCH.007 Create set of initial operational activities

ARCH.008 Define abstract concepts

CSM-SMS Guidance 1.1a)
EN 50126-1 7.2.2 a)
ISO 27001 4.2

CSM-SMS Guidance 1.1a)
EN 50126-1 7.2.2 a)
ISO 15288 6.4.1.3 b 2)

CSM-SMS Guidance 1.1a)
EN 50126-1 7.2.2 a)
CSM-SMS Guidance 1.1f)
ISO 27001 4.3

ISO 15288 6.4.1.3 c 1)
EN 50126-1 7.3.2 a)

CSM-RA Guidance 3.11
CSM-SMS Guidance 1.1 a)
EN 50126-1 7.2.2 a)

CSM-SMS Guidance 1.1 a), f)
ISO 27001 4.3
RiL 114.0210 05 (6)
EN 50126-1 7.2.2 a)

ARCH.009 Define measures of effectiveness

AMOD-026 Service reliability/
availability targets

ARCH.004 Analyse trade space factors

EN 50126-1 7.2.2 b)
ISO 15288 6.4.1.3 b 1)

AMOD-013 BL6 actors definition

AMOD-014 BL7 actors definition

AMOD-106 Enterprise goals [TRAK EV-01]

AMOD-010 Trade space assessment [fragment]

ARCH.144
Define enterprise goals

ARCH.189 Create templates and static text for CONOPS, CONUSE and CONEMP

ARCH.902 Analyse the operational capabilities to determine detailed operational needs

AMOD-021 Operational capabilities definition

Business chain process model & verification GoA4 (22)

AMOD-105 Operational data objects [O.CDB]

AMOD-025 Abstract concepts [O.CDB]

AMOD-110 Operational exchange items [O.CDB]

AMOD-028 Operational activities and interaction definition (single operational capability) [OAIB]

AMOD-027 Operational bare business scenario [O.ES]

AMOD-029 Operational bare business process [OPD]

CSM-SMS Guidance 1.1a)
EN 50126-1 7.2.2 a)
ISO 15288 6.4.1.3 b 2)

CSM-SMS Guidance 1.1a)
EN 50126-1 7.2.2 a)
ISO 15288 6.4.2.3 c 1)

ARCH.153 Model operational data

ARCH.080 Model operational activities and interactions

ARCH.079 Create bare business operational process

ARCH.078 Create bare business operational scenario

AMOD-018 DB future process framework

AMOD-019 SysABB long term system concept

AMOD-015 Example CONOPS of other railway

ARCH.159 Model operational states

AMOD-023 Operational entity/actor states [O.MS]

ARCH.161 Map operational activities to operational states

AMOD-137 Single operational capability context

ARCH.177 Complete the definition of the operational capability of interest

RiL 114.0210 05 (6)
[ISO 27001]

ARCH.903 Assess & mitigate the operational risks

Whole page:
RiL 451.0100

CSM-SMS guidance 1.1 b), 3.1.1.1 a)

CSM-SMS guidance 3.1.1.1 c)

CSM-SMS guidance 1.1 c), 2.3.1, 2.3.4, 3.1.1.1 e)

RiL 114.0210 05 (10,11)
ISO 27001 6.1.1

RiL 114.0210 05 (15)

AMOD-030 Accident and hazard state model [MSM]

ARCH.011 Assess operational performance risks of scenario

ARCH.014 Evaluate risks to business effectiveness

ARCH.015 Define business risk control measures

ARCH.017 Assess security risks of scenario

ARCH.021 Evaluate security risks

ARCH.022 Define operational security measures

ARCH.024 Assess operational safety risks of scenario

ARCH.027 Evaluate operational safety risks

ARCH.028 Define operational safety measures

AMOD-028 Operational activities and interaction definition (single operational capability) [OAIB]

AMOD-027 Operational bare business scenario [O.ES]

AMOD-029 Operational process description (bare business process) [OPD]

ARCH.020 Identify & classify operational deviations

AMOD-110 Operational exchange items

ARCH.171 Prepare business risk analysis

ARCH.012 Determine measure of effectiveness target values

ARCH.013 Identify risks to business effectiveness (loss-risk mapping)

AMOD-130 Business loss and risk state model

ARCH.172 Prepare security risk analysis

ISO 27001 4.1
RiL 114.0210 05 (5)

Needs a system under consideration (move to system level)
IEC 62443
RiL 114.0210 05 (6)

ARCH.018 Identify internal & external issues affecting successful security

ARCH.019 Determine need for information availability, confidentiality, integrity

AMOD-131 Security loss and threat state model

ARCH.170 Identify security losses and threats

MR: This should result in a viewpoint that stores the result of the security evaluation on data objects

AMOD-145 Security compliance strategy

ARCH.173 Prepare safety risk analysis

CSM-SMS guidance 1.1 d)

ARCH.023 Identify relevant safety legislation and regulation

ARCH.026 Define the state model of accidents, hazardous and safe states

AMOD-128 Safety compliance strategy

AMOD-129 Relevant safety legislation/regulations

ARCH.025 Create foundation for safety risk model

AMOD-109 Accident hazard record

ARCH.175 Produce consolidated operational deviation analysis report

AMOD-135 Consolidated operational deviation analysis report

AMOD-136 Single OC deviation analysis report

AMOD-024 Operational activity definition & allocation [OAB]

AMOD-022 [OAB]
[OEBD]
Enterprise and environment definition

ARCH.029 Allocate risk control responsibilities (op. activity to op. entity/actor)

AMOD-032 Allocated risk control measures

A risk reduction measure could be either
a) a new operational activity, to be carried out with a certain level of integrity, or
b) a certain integrity level to be applied to an existing operational activity.

Open issues:
- aMOD-130 must be updated along ARCH.011.
- aMOD-131 must be updated along ARCH.017.
- aMOD-030 must be updated along ARCH.024.

CSM-SMS guidance 1.1 b), 3.1.1.1 a)

ARCH.904 Incorporate risk control measures in the operational processes

AMOD-105 Operational data objects [O.CDB]

AMOD-110 Operational exchange items [O.CDB]

AMOD-033 Operational business scenario with risk control measures[O.ES]

AMOD-035 Operational business process with risk control measures [OPD]

ARCH.160 Update operational states

ARCH.031 Create operational scenario with risk control measures

ARCH.032 Create operational process with risk control measures

ARCH.033 Update operational activities and interactions

ARCH.147 Update operational data

AMOD-023 Operational entity/actor states [O.MS]

ARCH.162 Update operational activity to state/mode mapping

ARCH.178 Update dependencies and pre/post conditions

AMOD-137 Single operational capability context

AMOD-027 Operational bare business scenario

AMOD-028 Operational activities and interaction definitions (single operational capability)

AMOD-029 Operational bare business process

AMOD-022 Enterprise & environment definition

AMOD-021 Operational capabilities definition

ARCH.905 Consolidate the operational needs

AMOD-010 Trade space assessment

AMOD-037 DBB concept of operations

AMOD-101 Consolidated operational activities & interactions [OAIB]

AMOD-024 Operational activity definition & allocation [OAB]

ARCH.034 Produce concept of operations (CONOPS)

ARCH.121 Consolidate operational activities and interactions

ARCH.140 Consolidate the allocation of operational activities

AMOD-035 Operational business process with risk control measures [OPD]

ARCH.183 Consolidate operational data

AMOD-105 Operational data objects [O.CDB]

AMOD-025 Abstract concepts [O.CDB]

AMOD-110 Operational exchange items [O.CDB]

AMOD-033 Operational business scenario with risk control measures[O.ES]

AMOD-021 Operational capabilities definition

AMOD-012 System lifecycle model

AMOD-022 Enterprise & environment definition

AMOD-023 Operational entity/actor states

Updates after consolidation
AMOD-028 Operational activities and interaction definitions [OAIB]
AMOD-027 Operational bare business scenario [O.ES]
AMOD-029 Operational bare business process [OPD]
AMOD-033 Operational business scenario with risk control measures [O.ES]
AMOD-035 Operational business process with risk control measures [OPD]

ARCH.R.1.14 Operational feature review concluded

ARCH.R.2.14 Operational consolidated review concluded

ARCH.R.2 Carry out operational consolidated review

ARCH.R.2.O4
Review artefacts produced in phase O4 of EN 50126

ARCH.R.2.O1/2
Review artefacts produced in the O1 and O2 phases of EN 50126

ARCH.R.2.O3
Review artefacts produced in phase O3 of EN 50126

O1/2 artefacts for review:
AMOD-021
AMOD-022
AMOD-023
AMOD-024
AMOD-025
AMOD-105

O3 artefacts for review:
AMOD-128
AMOD-129
AMOD-145
AMOD-130
AMOD-131
AMOD-030
AMOD-135

ARCH.R.1 Carry out operational capability-based review

ARCH.R.1.O1/2
Review artefacts produced in phase O1/O2 of EN 50126

ARCH.R.1.O3
Review artefacts produced in phase O3 of EN 50126

ARCH.R.1.O4
Review artefacts produced in phase O4 of EN 50126

O4 artefacts for review
AMOD-101
AMOD-105
AMOD-024
AMOD-025
AMOD-037

O1/2 artefacts for review:
Capability-based compliance:
AMOD-021
AMOD-022
AMOD-023
AMOD-025
AMOD-105
AMOD-110
Full compliance:
AMOD-137
AMOD-027
AMOD-028
AMOD-029

O3 artefacts for review:
Capability-based compliance:
AMOD-030
AMOD-130
AMOD-131
AMOD-031

Full compliance:
AMOD-136

O4 artefacts for review:
Capability-based compliance:
AMOD-021
AMOD-023
AMOD-024
AMOD-025
AMOD-105
AMOD-110
Full compliance:
AMOD-137
AMOD-028
AMOD-033
AMOD-035

ARCH.910 Determine the system requirements

ISO 15288 6.4.3.3 d) 2

Maintain traceability of system requirements

ARCH.911 Identify the system's contribution to the operational needs

CSM-SMS Guidance 3.1.1.1 c), 3.1.5
CSM-RA guidance 3.4, 3.5

ARCH.042 Select system boundary (or set of variants)

ISO 15288 6.4.3.3 a 1), 6.4.1.3 d), 6.4.4.3 c) 1
EN 50126-1 7.3.2 a)

AMOD-041 System boundary options

AMOD-046 Selected system boundary tradeoff record

ARCH.043 Define set of potential system actors

ISO 15288 6.4.2.3 a 1)

Begin involvement of VVNTZ assessor for system
[proposed for smoother acceptance]

ISO 15288 6.4.2.3 d 1)
EN 50126-1 7.3.2 b), 7.3.7 c)

ARCH.049 Define set of potential system capabilities/missions

ARCH.039 Define set of potential system and actor functions

AMOD-010 Trade space assessment [fragment]

AMOD-116 System implementation constraints

AMOD-101 Consolidated operational activities & interactions

AMOD-120 Record of system capabilities and missions

AMOD-021 Operational capabilities definition

AMOD-121 Record of system and actor functions

AMOD-012 System lifecycle model

ARCH.036 Identify all alternative system boundaries

ISO 15288 6.4.1.3 c 2)

ARCH.035 Identify constraints on the system solution

AMOD-024 Operational activity definition and allocation

AMOD-122 Record of system actors

AMOD-035 Operational business process with risk control measures

ARCH.912 Finalise the system context and constraints

AMOD-012 System lifecycle model

AMOD-010 Trade space assessment [fragment]

ARCH.045 Define complete set of system-level actors

ARCH.044 Define requirements from non-actor stakeholders

ISO 15288 6.4.2.3 b 2)-4), d 2)-3), e 2)-4)
EN 50126-1 7.2.2 c)-e)

AMOD-050 Stakeholder non-functional requirements

ARCH.048 Identify system implementation constraints

AMOD-049 Non-functional requirements implementation

AMOD-045 System capabilities

AMOD-119 System context definition [SAB]

AMOD-121 Record of system and actor functions

AMOD-046 Selected system boundary tradeoff record

HOM-xxxx Set of standards necessary for homologation

ARCH.041 Transfer or trace upper level model elements to system level

ARCH.119 Define consolidated set of system capabilities/missions

AMOD-044 Actor functions overview

AMOD-104 System level - operational level traceability report

ARCH.051 Align the system boundary, capabilities and actors with collobaration projects

AMOD-120 Record of system capabilities and missions

AMOD-122 Record of system actors

AMOD-103 Consolidated system functions

In case of Child model
These viewpoints are truncated according to the scope of the child model
AMOD-025 Abstract concepts
AMOD-081 Logical functional flow definition (single system capability realisation)
AMOD-082 Logical functional chain definition
AMOD-084 Logical exchange scenario definition
AMOD-088 Consolidated logical functional flow definition
AMOD-091 Logical data objects [L.CDB]
AMOD-092 Logical exchange items [L.CDB]
AMOD-125 Logical architecture definition
AMOD-147 Logical capability realisation

ARCH.913 Analyse the system capabilities to determine detailed system needs

AMOD-045 System capabilities [MCB]

ISO 15288 6.4.2.3 b 1), c 2)
EN 50126-1 7.2.2 a), 7.3.2 a)

AMOD-056 System functional flow (single operational capability) [SDFB]

AMOD-058 Initial system usage scenario [S.ES]

AMOD-059 Initial system functional chain description [SFCD]

ISO 15288 6.4.3.3 b 1)
EN 50126-1 7.3.2 a), d), e), 7.5.2

ISO 15288 6.4.4.3 c 1)
CSM-RA guidance 1.2

ARCH.058 Define measures of performance

AMOD-057 Measures of performance

ARCH.055 Model states on system level

ARCH.056 Map system functionality to states

AMOD-060 System/actor states [S.S]

ARCH.158 Model external interface layers

Capture of functionality and exchanges that are only there for servicing external interfaces. Include all data/message definitions (even at system level - these are fixed for the system due to external constraints so this is not too much detail to include)

ARCH.057 Model non-payload data on external interfaces

AMOD-112 System data objects [S.CDB]

AMOD-025 Abstract concepts [O.CDB]

AMOD-113 System exchange items [S.CDB]

AMOD-114 System interface definition [SAB]

AMOD-115 External interface behaviour [S.ES]

AMOD-055 System functions to state allocation map [Matrix]

ARCH.052 Create initial system usage scenarios

ARCH.053 Create initial system functional chains

ARCH.054 Model data flowing between system functions

ARCH.088 Define system functions and functional exchanges

AMOD-023 Operational entity/actor states [O.MS]

AMOD-119 System context definition [SAB]

ARCH.179 Complete the definition of the system capability of interest

AMOD-138 Single system capability context [CC]

AMOD-105 Operational data objects [O.CDB]

AMOD-110 Operational exchange items [O.CDB]

ARCH.914 Produce the unregulated system documents

ARCH.062 Produce the concept of use (CONUSE)

ARCH.061 Produce the concept of employment (CONEMP)

AMOD-066 Concept of employment

AMOD-065 Concept of use

AMOD-122 Record of system actors

AMOD-121 Record of system and actor functions

AMOD-120 Record of system capabilities and missions

AMOD-045 System capabilities

AMOD-119 System context definition

AMOD-138 Single system capability context

AMOD-060 System/actor states

ARCH.915 Assess & mitigate the risks of system failure

ARCH.065 Assess systen failure risk of a functional chain

ARCH.066 Identify system level deviations

ARCH.067 Populate the fault tree

ARCH.068 Assess deviation probability

ARCH.069 Add system
level risk measure

AMOD-071 System failure modes & effects analysis

Two types of risk control measure:
- measures needed to maintain the required level of system performance (that is, to compensate for foreseen system failure modes)
- measures needed to control risk introduced by the system's own existence (like meeting electrical safety standards, IT access control, access for maintenance)

AMOD-031 Unified risk model
(to be discussed)

ARCH.070 Calculate system deviation probability

EN 50126-1 6.3.3
ISO 15288 6.4.3.3

AMOD-004 Fault tree (per operational deviation)

AMOD-059 Initial system functional chain description [SFCD]

AMOD-115 External interface behaviour [S.ES]

AMOD-056 System functional flow (single operational capability) [SDFB]

ARCH.916 Incorporate risk control measures in system scenarios/functional chains

ARCH.141 Update system functions with risk control measures

ARCH.142 Create system exchange scenarios with risk control measures

ARCH.143 Create system functional chains with risk control measures

AMOD-056 System functional flow (single operational capability) [SDFB]

AMOD-118 System functional chain descriptions with risk control measures [SFCD]

AMOD-112 System data objects [S.CDB]

AMOD-025 Abstract concepts [O.CDB]

AMOD-113 System exchange items [S.CDB]

AMOD-114 System interface functionality [SAB]

AMOD-115 External interface behaviour [S.ES]

ARCH.149 Update system data with risk control measures

ARCH.150 Update system interface model with risk control measures

ARCH.163 Update system states

ARCH.164 Update function mapping to system states

AMOD-060 System/actor modes/states [S.MS]

AMOD-117 System exchange scenarios with risk control measures [S.ES]

AMOD-059 Initial system functional chain description [SFCD]

ISO 15288 6.4.3.3 b) 3

AMOD-055 System functions to state / mode allocation map [Matrix]

ARCH.917 Finalise the system requirements

ARCH.082 Trade off system requirements and constraints

ISO 15288 6.4.3.3 c) 1

ARCH.083 Agree the system requirements with stakeholders

ISO 15288 6.4.3.3 d) 1

AMOD-079 Agreed system requirements baseline (functional + non functional)

Stakeholder set here is the wider business plus regulators.
Principle should be that the whole system is signed off by the sponsors here, but that they should not need to be consulted much during subsequent phases because the system boundary and scope is now established - the internal architectural design of the system makes no difference to the business stakeholders.

ARCH.081 Update constraints on system solution

EN 50126-1 7.5.2
ISO 15288 6.4.8.3 a) 5, 6.4.11.3 a) 5, 6.4.10.3 a) 4

ARCH.109 Consolidate traceability between model elements at system level and model elements at operational level

ARCH.152 Consolidate system functionality

AMOD-103 Consolidated system functions [SDFB]

AMOD-050 Stakeholder non-functional requirements

ARCH.157 Consolidate system data

AMOD-112 System data objects [S.CDB]

AMOD-113 System exchange items [S.CDB]

AMOD-049 Non-functional requirements implementation

AMOD-066 Concept of employment

AMOD-065 Concept of use

AMOD-133 Consolidated system function allocation

AMOD-012 System lifecycle model

AMOD-010 Trade space assessment [fragment]

AMOD-116 System implementation constraints

[D.IVV-Ref.004] Reference specification V&V Strategy

AMOD-146 System needs and constraints tradeoff decision record

Updates after consolidation
AMOD-055 System functions to state allocation map [Matrix]
AMOD-056 System functions and exchanges (single system capability)
AMOD-058 Initial system exchange scenario
AMOD-059 Initial system functional chain description
AMOD-044 Actor functions (system level)
AMOD-115 External interface behaviour [S.ES]
AMOD-117 System exchange scenarios with risk control measures [S.ES]
AMOD-118 System functional chain descriptions with risk control measures [SFCD]

AMOD-104 System level - operational level traceability report

AMOD-044 Actor functions overview

AMOD-121 Record of system and actor functions

AMOD-122 Record of system actors

AMOD-120 Record of system capabilities and missions

AMOD-045 System capabilities

ARCH.R.3.14 System capability-based review concluded

ARCH.R.4.14 System consolidated review concluded

ARCH.R.3 Carry out system capability-based review

ARCH.R.3.S1
Review artefacts produced in phase S1 of EN 50126

ARCH.R.3.S4
Review artefacts produced in phase S4 of EN 50126

ARCH.R.3.S3
Review artefacts produced in phase S3 of EN 50126

ARCH.R.3.S2
Review artefacts produced in phase S2 of EN 50126

S1 artefacts for review:
Capability-based compliance:
AMOD-045
AMOD-025
AMOD-119
Full compliance:
AMOD-138

S2 artefacts for review:
Capability-based compliance:
AMOD-045
AMOD-025
AMOD-060
AMOD-112
AMOD-113
AMOD-114
AMOD-115
AMOD-105
AMOD-110
AMOD-119

Full compliance:
AMOD-138
AMOD-056
AMOD-058
AMOD-059

S3 artefacts for review:
Capability-based compliance:
AMOD-004
AMOD-056

S4 artefacts for review:
Capability-based compliance:
AMOD-045
AMOD-025
AMOD-060
AMOD-112
AMOD-113
AMOD-114
AMOD-115
AMOD-105
AMOD-110
AMOD-057
AMOD-119

Full compliance:
AMOD-138
AMOD-056
AMOD-117
AMOD-118

S1 artefacts for review:

Full compliance:
AMOD-116
AMOD-025
AMOD-045
AMOD-104

ARCH.R.4 Carry out system review (consolidated)

ARCH.R.4.S1 Carry out system consolidated review at phase S1

ARCH.R.4.S2 Carry out system consolidated review at phase S2

ARCH.R.4.S3 Carry out system consolidated review at phase S3

ARCH.R.4.S4 Carry out system consolidated review at phase S4

S2 artefacts for review:

Full compliance:
AMOD-045
AMOD-104
AMOD-046
AMOD-044
AMOD-103
AMOD-049
AMOD-050
AMOD-119
AMOD-058
AMOD-059
AMOD-056
AMOD-115
AMOD-114
AMOD-112
AMOD-113
AMOD-138
AMOD-025

S3 artefacts for review:

Full compliance:
AMOD-004
AMOD-071
AMOD-045
AMOD-104
AMOD-046
AMOD-044
AMOD-103
AMOD-049
AMOD-050
AMOD-119
AMOD-056
AMOD-115
AMOD-114
AMOD-112
AMOD-113
AMOD-138

S4 artefacts for review:

Full compliance:
AMOD-004
AMOD-025
AMOD-071
AMOD-045
AMOD-104
AMOD-046
AMOD-142
AMOD-044
AMOD-103
AMOD-049
AMOD-050
AMOD-119
AMOD-056
AMOD-115
AMOD-114
AMOD-112
AMOD-113
AMOD-138
AMOD-065
AMOD-066
AMOD-117
AMOD-060
AMOD-118

ARCH.R.9 Carry out system handover review

ARCH.R.9.14 System handover review completed

ARCH.920 Define the logical architecture

ARCH.923 Apportion the non-functional requirements

AMOD-081 Logical functional flow definition [LDFB]

ARCH.107 Apportion non-functional requirements to logical functions

ARCH.108 Define acceptance criteria for non-functional requirements

Logical component NFRs (2)
(originally PER s/sys NFRs)

AMOD-084 Logical exchange scenario definition [L.ES]

AMOD-082 Logical functional chain definition [LFCD]

AMOD-091 Data object definition [L.CDB]

AMOD-092 Logical exchange items [L.CDB]

ARCH.924 Finalise requirements at logical level

ARCH.110 Consolidate traceability between model elements at logical level and model elements at system level

AMOD-082 Logical functional chain definition [LFCD]

ARCH.154 Consolidate logical functional flow

Updates after consolidation
AMOD-081 Logical functional flow definition (single system capability realisation)
AMOD-082 Logical functional chain definition
AMOD-084 Logical exchange scenario definition
AMOD-125 Logical architecture definition

AMOD-088 Consolidated logical functional flow definition [LDFB]

AMOD-084 Logical exchange scenario definition [L.ES]

AMOD-125 Logical architecture definition [LAB]

ARCH.086 Create or update exchange scenarios at logical level

ARCH.096 Allocate logical functions to logical components (including alternative allocations)

Consider interface defintions from system level

AMOD-126 Logical level - system level traceability report

ARCH.190 Consolidate logical data

AMOD-091 Logical Data objects [L.CDB]

AMOD-092 Logical exchange items [L.CDB]

ARCH.099 Define behaviour for logical functions

AMOD-083 State-based behaviour definition (logical function)

ARCH.R.5 Carry out logical capability-based review

ARCH.R.6 Carry out logical consolidated review

ARCH.R.5.14 Logical capability-based review concluded

ARCH.R.6.14 Logical consolidation review concluded

ARCH.921 Decompose system functionality

ARCH.084 Execute automatic transition of system elements to logical level

ARCH.085 Create or update functional chains at logical level

AMOD-082 Logical functional chain definition [LFCD]

ISO 15288 6.4.4.3 c) 3, d)
EN 50126-1 7.6.1

DR - decision on dynamic data (weather, adhesion, obstacles...) (4)

ARCH.087 Update logical data model

AMOD-025 Abstract concepts [O.CDB]

AMOD-081 Logical functional flow definition

AMOD-091 Logical Data objects [L.CDB]

AMOD-092 Logical exchange items [L.CDB]

ISO 15288 6.4.4.3 a)

ISO 15288 6.4.4.3 c) 4

AMOD-056 System functional flow (single operational capability) [SDFB]

AMOD-118 System functional chain descriptions with risk control measures [SFCD]

ARCH.182 Split the system functions

AMOD-112 System common data objects [S.CDB]

ISO 15288 6.4.4.3 c)

AMOD-113 System exchange items [S.CDB]

ARCH.191 Refine logical capability realisations

AMOD-147 Logical capability realisation [L.CRB]

AMOD-045 System capabilities [MCB]

ARCH.922 Define logical components

ARCH.187 Adopt logical component definitions from collaboration projects

ARCH.180 Define logical component candidates

AMOD-125 Logical architecture definition [LAB]

ARCH.181 Reconcile candidate logical components

ISO 15288 6.4.4.3 c)

ISO 15288 6.4.4.3 c) 4
ISO/IEC/IEEE 42010 5.8

ARCH.930 Define the physical architecture

ARCH.935 Assess risks associated with physical architecture

ARCH.135 Carry out HAZID on tenderable elements

ARCH.105 Identify new non-functional requirements needed to mitigate hazards introduced by physical architecture choice

ARCH.104 Identify new non-functional requirements needed for robustness to failures

ARCH.106 Identify new logical functions/data needed for mitigating hazards introduced by physical architecture choice

ARCH.103 Identify new physical functions/data needed for robustness to failures

ARCH.101 Carry out failure modes, effects and criticality analysis (FMECA) on physical functional chains

ARCH.931 Transfer logical level requirements to physical level

ARCH.111 Execute automatic transition of logical elements to physical level

ARCH.936 Allocation/Derivation of NFRs

AMOD-097
Computation asset structure

AMOD-096
Communication asset structure

AMOD-095
Location kind definitions

ARCH.137 Allocate interface NFRs to interface layers/interface functions

ARCH.133 Derive & allocate NFRs to computation assets

ARCH.132 Derive & allocate NFRs to communication assets

ARCH.131 Derive & allocate NFRs to location kinds

ARCH.155 Allocate hazard mitigation NFRs to tenderable elements

ARCH.R.7 Carry out physical capability-based review

ARCH.R.8 Carry out physical consolidated review

ARCH.R.7.14 Physical feature review concluded

ARCH.R.8.14 Physical consolidated review concluded

ARCH.934 Define supporting physical architecture

AMOD-097
Computation asset structure

AMOD-096
Communication asset structure

AMOD-095
Location kind definitions

ARCH.127 Define location kinds

ARCH.126 Define structure of computation assets

ARCH.125 Define structure of communication assets

DCC R:7A
Track side requirement
(7)

ARCH.933 Define the subsystem interfaces

ARCH.128 Define functions of single interface layer

ARCH.129 Define data models for interface layers

ARCH.114 Define single interface layer

AMOD-100
Interface layer definition

AMOD-099
Interface layer scenario

AMOD-094
Interface layer exchange data definition

ARCH.186 Consolidate single inter-subsystem interface

AMOD-143 Inter-subsystem interface definition

ARCH.156 Define single inter-subsystem interface

AMOD-085
Subsystems involved in single realised capability

ARCH.122 Define behaviour for interface layer functions

AMOD-144 Behaviour definition (interface layer function)

AMOD-143 Inter-subsystem interface definition

AMOD-093
Subsystems definition

AMOD-086
Interface layer internal data definition

ARCH.151 Refine system interface to subsystem interface

AMOD-100
Interface layer definition

AMOD-111 Subsystem interface definition

ARCH.932 Define the subsystem boundaries

ARCH.116 Define the subsystems

AMOD-124 Physical architecture decision analysis review

ISO 15288 6.4.4.3 a)

ISO 15288 6.4.4.3 e)

ARCH.097 Evaluate subsystem boundary options against the architectural tradeoff criteria

AMOD-080 Subsystem boundary option sketch

ISO 15288 6.4.4.3 c) 2
EN 50126-1 7.6.1

ISO 15288 6.4.4.3 c) 4

AMOD-093
Subsystems definition

ARCH.117 Adopt subsystem definition from collaborative project

ARCH.090 Identify alternative subsystem boundary options

ARCH.098 Deploy logical components to subsystems

AMOD-085 Subsystems involved in single realised capability

AMOD-010 Trade space assessment [fragment]

AMOD-116 System implementation constraints

AMOD-123
HAZID record

ARCH.938 Consolidate the overall architecture

AMOD-098
Consolidated tenderable element structure

AMOD-093
Subsystems definition

ARCH.168 Consolidate the overall generic physical architecture

ARCH.100 Obtain stakeholder acceptance of preferred architecture

ISO 15288 6.4.4.3 f)

AMOD-142
Single subsystem definition

AMOD-085
Subsystems involved in single realised capability

AMOD-143 Inter-subsystem interface definition

Supplier feedback (9)

AMOD-097
Computation asset structure

AMOD-095
Location kind definitions

ARCH.136 Puch back chosen physical architecture from child models to parent model

ARCH.169 Consolidate traceability between model elements at physical level and model elements at logical level

AMOD-127 Physical level - logical level traceability report

ARCH.192 Refine physical capability realisations

AMOD-148 Physical capability realisation

ARCH.176 Create physical exchange scenarios

AMOD-140
Physical exchange scenario

Theorem: Logical components are not the subsystems that will be contracted. Therefore we can assert that until we define the tenderable elements at physical level, we have not left the Concept part of subsystem's lifecycle.

Corollary: Risk assessments on logical level are carried out, suggesting at least a flavour of phase 3 despite the fact we have not yet really defined the subsystems.

Conclusions:
- having a third nested V is undesirable and unhelpful
- needs to be a place in the output documentation to capture risk assessment from logical and physical level in one consolidated place
- further work needed.