This document consolidates the identification and allocation of mitigation requirements for hazards associated with a hypothetical operation involving routine inspections in a nuclear facility — a critical scenario for the operational integrity of nuclear plants. The operation involves regular inspections in a space containing radioactive material, with the primary objective of capturing high-quality images for analysis and assessment. This includes parent and child requirements, grouping associated requirements, and the allocation of these requirements to systems, the rules-based reasoning Safety System (SS) and the Safety Related Autonomous System (SRAS).
Note. The acronyms used for the requirement groups are:
| Source | Safety Function | Requirement | Group | System |
|---|---|---|---|---|
| H1. Collisions with physical obstacles damaging the robot, equipment, and dispersing radioactive material. | SF 1 Prevent collision | R1 The robot shall avoid physical obstacles. | RGPR | SRAS |
| R1.1 The robot shall maintain a safe distance from obstacles. | RGPR | SRAS | ||
| R1.1.1 The robot shall have an emergency stop mechanism that activates when an obstacle is detected within a critical range of distance. | SR | SS | ||
| R1.1.2 The robot shall return to the initial position when an obstacle is detected within a defined range of distance. | SR | SS | ||
| R1.2 Initial robot position shall be obstacle-free. | RGPR | SRAS | ||
| R1.3 Current robot position shall be accurate. | RGPR | SRAS | ||
| R1.4 The vision subsystem shall confirm that the robot's initial recognised position matches the predefined starting position. | RGPR | SRAS | ||
| R1.5 The vision subsystem shall report that the current position is not a position with an obstacle. | RGPR | SRAS | ||
| R1.6 The path to the next destination shall be calculated from the current robot position that the robot believes its location to be. | RGPR | SRAS | ||
| R1.7 All obstacles shall be correctly identified. | RGPR | SRAS | ||
| R1.8 An obstacle shall not be in the same location as an inspection point. | RGPR | SRAS | ||
| R1.9 The calculated path to the destination shall not include a location with an obstacle. | RGPR | SRAS | ||
| R1.10 The robot shall not go faster than X kmph. | RGPR | SRAS | H2. Running out of battery could leave the robot stranded in a hazardous area, posing risks to retrieval personnel and causing environmental radiation exposure. H3. Power supply issues may result in reduced operational time, potentially stranding the robot in hazardous areas. |
SF 2 Prevent running out of power | R2 The robot shall maintain a sufficient power level throughout the mission. | OR | SRAS |
| R2.1 The robot shall monitor its battery level and activate a recharge process when it falls below a predefined threshold. | RGPR | SRAS | ||
| R2.3 The robot shall update its estimated battery charge every m minutes based on both the current battery sensor and the robot's history of activity. | RGPR | SRAS | ||
| R2.4 The robot shall return to the initial position if battery levels become critically low. | SR | SS | ||
| R2.6 The charging station shall be selected as the next destination whenever the recharge flag is set to true. | RGPR | SRAS | ||
| R2.7 The battery monitor shall show the battery charge 5% lower than currently estimated. | RGPR | SRAS | ||
| R2.8 The interface recharge output shall be set to true when the current battery charge is lower than the battery needed to reach the charging station from the current position plus 5% battery charge. | RGPR | SRAS | ||
| R2.9 Once at the charging station, the robot shall remain there until the battery reaches full charge. | RGPR | SRAS | ||
| R2.10 Each step in the plan shall not use more than 1/n amounts of battery. | RGPR | SRAS | H4. Radioactive contamination from particles adhering to surfaces, equipment, and personnel, leading to contamination spread and an increased risk of radiation exposure. H5. Contaminated equipment and personnel due to robot manual retrieval in hazardous environments. |
SF 3 Prevent the robot from being exposed to excessively high levels of radiation | R3 The robot and personnel shall be protected from harmful radiation exposure. | RGPR | SRAS |
| R3.1 The robot shall continually monitor radiation levels in its environment. | RGPR | SRAS | ||
| R3.2 Initial robot position shall not be a location with out-of-range radiation levels. | RGPR | SRAS | ||
| R3.3 The radiation monitor subsystem shall ensure that the initial robot measurement is equal to the manual set level. | RGPR | SRAS | ||
| R3.4 The radiation monitor subsystem shall ensure that the current position is not a position with out-of-range radiation levels. | RGPR | SRAS | ||
| R3.4.1 If radiation levels have exceeded, the robot shall go to the exit immediately. | SR | SS | ||
| R3.5 Room radiation levels shall be correctly identified. | RGPR | SRAS | ||
| R3.6 The radiation level at the inspection points shall be within acceptable ranges. | RGPR. | SRAS | ||
| R3.7 The calculated path to the destination shall not include a location with out-of-range radiation levels. | RGPR | SRAS | ||
| R3.8 Radiation levels shall be under R. | RGPR | SRAS | ||
| R3.9 The robot shall perform regular checks on its equipment's performance and return to the initial position if anomalies are detected. | RGPR | SRAS | ||
| R3.10 The robot shall undergo thorough decontamination procedures before and after each mission. | RGPR | SRAS | H6. Operational failure in the robot's navigation and inspection tasks could result in wrong navigation, and equipment damage. | SF 4 Ensure all reachable inspection points are visited | R4 The robot shall visit all reachable inspection points. | OR | SRAS |
| R4.1 All inspection points shall be correctly identified. | OR | SRAS | ||
| R4.2 A valid inspection point shall not be at the same location as a valid obstacle. | OR | SRAS | ||
| R4.3 Visited inspection points shall be removed from the list of destinations to visit. | OR | SRAS | ||
| R4.4 The closest inspection point that was not visited before shall be the current goal when the recharge flag is false. | OR | SRAS | ||
| R4.5 The shortest path to the current goal shall be selected. | OR | SRAS | ||
| R4.6 The interface subsystem shall set the Goal flag to true only when the current robot position is equal to the current goal position. | OR | SRAS |