P205 ISCS D2.2 SRS Rev0.4.0

WILLOWGLEN (MALAYSIA) SDN BHD
ISCS
Software Requirements
Specification
Document No. : P205_ISCS_D2.2_SRS

Rev. No. : 0.4.0
Date Issued : 14 July 2023
Prepared By 1st Reviewed By 2nd Reviewed By Approved By
Yaw Choon Kit Norjannah Hazali Liong Zhong Jin Han Chung Siew
Requirement Manager Verifier Validator Project Manager
14 July 2023 14 July 2023 14 July 2023 14 July 2023
Document Title ISCS Software Requirement Specification
Document No. P205_ISCS_D2.2_SRS
Rev. No. 0.4.0
Revision History
Rev. No. Rev. Date Rev. Description Revised By
0.0.0 20 Sept First Issue Siti Nuraini

2022
0.0.1 21 Sept Revised based on comments on Siti Nuraini
2022 DRF_TECH_P205_ISCS_D2.2_SRS_Rev0.0.0
0.0.2 25 Nov Revised based on comments on Yaw Choon Kit
2022 DRF_SWAC_P205_ISCS_D2.2_SRS_Rev0.0.1
0.0.3 20 Dec Revised based on comments on Yaw Choon Kit
2022 DRF_QAQC_P205_ISCS_D2.2_SRS_Rev0.0.2
0.1.0 20 Dec Document baseline. Yaw Choon Kit
2022
0.1.1 20 Feb Yaw Choon Kit
1. Address Software Requirement Verification Report
2022 (SRVerR) comments.
2. Add statement “This document will supersede the
documents submitted during Final Design stage” in
Section 1.1.
0.1.2 14 Apr Yaw Choon Kit

1. Revised based on
2023 P205_ISCS_D1.2.3_CRF_00004 to
P205_ISCS_D1.2.3_CRF_00006.
1. Updated all denotations of Data Flow Diagram
in Section 5 according to SSADM when
applicable. Added Sequence Diagram and
Data Flow Diagram for:
(a) TETRA (Section 5.1.6)
-ISCS-SWRS-301060
(b) VRS (Section 5.1.7)
-ISCS-SWRS-301070
(c) RS (Section 5.2.6)
-ISCS-SWRS-302060
2. Removed content for Specification ID below
from SRS:
(a) Section 4.6.1,
-ISCS-SWRS-206010-11
-ISCS-SWRS-206030-13-01
-ISCS-SWRS-206030-13-02
-ISCS-SWRS-206030-13-03
-ISCS-SWRS-206030-13-04
-ISCS-SWRS-206030-13-05
(b) Section 5.1.9.1,
- ISCS-SWRS-301091-08
- ISCS-SWRS-301091-08-01
- ISCS-SWRS-301091-08-02
- ISCS-SWRS-301091-08-03
Page 2 of 171
Copyright © 2023. All rights reserved.
Rev. No. 0.4.0
Rev. No. Rev. Date Rev. Description Revised By
- ISCS-SWRS-301091-08-04
(c) Section 5.2.2 & 5.2.13,

- ISCS-SWRS-302020-03
- ISCS-SWRS-302130-03
3. Revised clause ISCS-SWRS-302070-11.
4. Revised ISCS-SWRS-302120-01 from [BI] to
[SIL2].
5. Revised content of ISCS SRS Specification ID
below by adding a [NOTE] remark.
-ISCS-SWRS-301030-06-06
-ISCS-SWRS-301030-06-07
-ISCS-SWRS-301030-06-08
6. Updated Section 9 based on the changes
above.
2. Removed IEC 829 from Section 1.4.2 as ISCS test
documentation follow compliance of EN
50128:2011+A2:2020 standard.
0.1.3 18 Apr Revised based on comments on Yaw Choon Kit
2023 DRF_VV_P205_ISCS_D2.2_SRS_Rev0.1.2
0.2.0 19 Apr Document baseline. Yaw Choon Kit
2023
0.2.1 26 Apr Yaw Choon Kit
1. Revised based on Inspection Note No.
2023 21RTS01TN021:
1. Revised Section 1.2.
2. Revised Table 1-3. Added ISCS SVVP into list
of reference documents.
3. Revised Table 2-1.
4. The requirement of EN 50128 7.2.4.11 and
7.2.4.12 are added in Section 3.12 (3) and (4).
2. Updated Section 9 based on updated ISCS SysRS

Revision 0.2.1.
0.3.0 8 June Document baseline. Yaw Choon Kit

2023
0.3.1 13 July Revised based on Inspection Note No.: 21RTS01TN02 Yaw Choon Kit
2023 dated 20230706,
1. Updated Table 1-3: List of Reference
Documents.
2. Updated Section 9 based on updated ISCS
SysRS rev 0.4.0.
0.4.0 14 July Document baseline. Yaw Choon Kit

2023
Page 3 of 171
Rev. No. 0.4.0
Contents
1 Introduction ................................................................................................................................... 9
1.1 Purpose of Document ........................................................................................................... 9
1.2 Scope of Works ..................................................................................................................... 9
1.3 Acronyms, Abbreviations and Terms .................................................................................. 10
1.3.1 Acronyms and Abbreviations ...................................................................................... 10
1.3.2 Terms .......................................................................................................................... 14
1.4 References .......................................................................................................................... 15
1.4.1 Reference Documents ................................................................................................ 15
1.4.2 Standards .................................................................................................................... 15
1.5 Requirement ID ................................................................................................................... 16
2 Document Structure .................................................................................................................... 17
3 Overall Description [ISCS-SWRS-100000] ............................................................................................. 18
3.1 General [ISCS-SWRS-101000] ....................................................................................................... 18
3.2 ISCS HMI [ISCS-SWRS-102000] .................................................................................................... 19
3.3 System Integration [ISCS-SWRS-103000] ...................................................................................... 20
3.4 Standard Conformance [ISCS-SWRS-104000]............................................................................... 21
3.5 Software Version / License [ISCS-SWRS-105000] ......................................................................... 21
3.6 Source Code Escrow [ISCS-SWRS-106000] .................................................................................. 22
3.7 Constraints and Assumptions [ISCS-SWRS-107000] ..................................................................... 22
3.8 Software Failure Reports [ISCS-SWRS-108000] ............................................................................ 22
3.9 Software Management Control [ISCS-SWRS-109000] ................................................................... 23
3.9.1 General [ISCS-SWRS-109010] ............................................................................................... 23
3.9.2 Software Quality Assurance Plan [ISCS-SWRS-109020] ....................................................... 23
3.9.3 Software Release and Management Control [ISCS-SWRS-109030]...................................... 24
3.9.4 Software Progress Tracking [ISCS-SWRS-109040] ............................................................... 24
3.9.5 Software Audit [ISCS-SWRS-109050] .................................................................................... 25
3.9.6 Software Documentation [ISCS-SWRS-109060] .................................................................... 26
3.9.7 Safety Integrity Level [ISCS-SWRS-109070] ......................................................................... 26
3.9.8 Software Deliverables and Licenses [ISCS-SWRS-109080] ................................................. 26
3.9.9 Backup [ISCS-SWRS-109090] ............................................................................................... 27
3.10 General Software Requirements [ISCS-SWRS-110000] ................................................................ 27

3.11 Software Design Requirements [ISCS-SWRS-111000] .................................................................. 27
3.12 Software Quality Assurance [ISCS-SWRS-112000] ....................................................................... 28
4 Functional Requirements [ISCS-SWRS-200000] .................................................................................... 29
4.1 HMI Functionality Requirements [ISCS-SWRS-201000] ................................................................ 29
Page 4 of 171
Rev. No. 0.4.0
4.1.2 User HMI Functionality [ISCS-SWRS-201020] ....................................................................... 29

4.1.3 Alarm Inhibition, Scan Suspension, Force Value, LOTO [ISCS-SWRS-201030] ................... 29
4.1.4 Audio Alert [ISCS-SWRS-201040] .......................................................................................... 30
4.2 Access Authority / User Access Control Requirements [ISCS-SWRS-202000] ............................. 30
4.2.2 User Access Management System [ISCS-SWRS-202020] .................................................... 30
4.2.3 Area of Authority [ISCS-SWRS-202030] ................................................................................. 31
4.2.4 Login / Logout [ISCS-SWRS-202040] ..................................................................................... 32
4.2.5 Changeover [ISCS-SWRS-202050] ........................................................................................ 32
4.3 Automation & Scheduling Requirements [ISCS-SWRS-203000] .................................................... 33
4.4 Processing Function Requirements [ISCS-SWRS-204000] ............................................................ 34
4.4.1 Analogue Point [ISCS-SWRS-204010] ................................................................................... 34
4.5 Graphic Display Requirements [ISCS-SWRS-205000] ................................................................... 34
4.5.2 Modification [ISCS-SWRS-205020] ......................................................................................... 35
4.5.3 User Control [ISCS-SWRS-205030] ........................................................................................ 35
4.5.4 Consistency [ISCS-SWRS-205040] ........................................................................................ 35
4.5.5 Feedback [ISCS-SWRS-205050] ............................................................................................ 36
4.5.6 Windows [ISCS-SWRS-205060] ............................................................................................. 36
4.5.7 Screen Layout [ISCS-SWRS-205070] ..................................................................................... 37
4.5.8 Navigation [ISCS-SWRS-205080] ........................................................................................... 38
4.5.9 Layering [ISCS-SWRS-205090] .............................................................................................. 38
4.5.10 Menus and Control Buttons [ISCS-SWRS-205100] ................................................................ 38
4.5.11 Colours [ISCS-SWRS-205110]................................................................................................ 39

4.5.12 Font and Text Design [ISCS-SWRS-205120] ......................................................................... 39
4.5.13 Curser and Pointer [ISCS-SWRS-205130] .............................................................................. 39
4.5.14 Animation [ISCS-SWRS-205140] ............................................................................................ 40
4.6 Event & Alarm Requirements [ISCS-SWRS-206000] ..................................................................... 40
4.6.2 Time Stamp [ISCS-SWRS-206020]......................................................................................... 41
4.6.3 Event & Alarm Display [ISCS-SWRS-206030] ........................................................................ 41
4.6.4 Alarm Log [ISCS-SWRS-206040]............................................................................................ 42
4.6.5 Event Log [ISCS-SWRS-206050] ............................................................................................ 43
4.6.6 Historical Log [ISCS-SWRS-206060] ...................................................................................... 43
4.6.7 Avalanche Alarm [ISCS-SWRS-206070] ................................................................................. 43
4.6.8 Alarm Severity [ISCS-SWRS-206080]..................................................................................... 44
4.6.9 Alarm Acknowledgement [ISCS-SWRS-206090] .................................................................... 44
4.6.10 Pre-Set Delay [ISCS-SWRS-206100]...................................................................................... 44
Page 5 of 171
Rev. No. 0.4.0
4.6.11 Alarm Group [ISCS-SWRS-206110]........................................................................................ 44

4.6.12 Filtering [ISCS-SWRS-206120] ............................................................................................... 44
4.7 Database Management Requirements [ISCS-SWRS-207000] ....................................................... 45
4.8 Reporting Requirements [ISCS-SWRS-208000] ............................................................................. 45
4.9 Trending Requirements [ISCS-SWRS-209000] .............................................................................. 46
4.10 Help Functionality Requirements [ISCS-SWRS-210000] ................................................................ 46
4.11 System Management Functionality Requirements [ISCS-SWRS-211000] ..................................... 47
4.12 Training Simulator Requirements [ISCS-SWRS-212000] ............................................................... 47

4.12.1 Recorder / Playback [ISCS-SWRS-212010] ........................................................................... 47
4.13 Log Book Requirements [ISCS-SWRS-213000] ............................................................................. 47
4.14 Printing Requirements [ISCS-SWRS-214000] ................................................................................ 48
4.15 Redundancy and Failover Requirements [ISCS-SWRS-215000] ................................................... 48
5 External Interface Requirements [ISCS-SWRS-300000] ........................................................................ 50
5.1 Interface with COMMS Subsystems [ISCS-SWRS-301000] ........................................................... 50
5.1.1 Communication Backbone Network (CBN) Interface [ISCS-SWRS-301010] ......................... 50
5.1.2 Wireless Data Communication System (WDCS) Interface [ISCS-SWRS-301020] ................. 50
5.1.3 Public Address (PA) System Interface [ISCS-SWRS-301030] ............................................... 51

5.1.4 Passenger Information Display System (PIDS) Interface [ISCS-SWRS-301040] ................... 53
5.1.5 Private Automatic Branch Exchange System (PABX) Interface [ISCS-SWRS-301050] ......... 55
5.1.6 TETRA Radio System (TETRA) Interface [ISCS-SWRS-301060] .......................................... 57

5.1.7 Multi-channel Voice Recorder System (VRS) Interface [ISCS-SWRS-301070] ..................... 57
5.1.8 Master Clock System (MCS) Interface [ISCS-SWRS-301080] ............................................... 58
5.1.9 Video Surveillance System (VSS) Interface [ISCS-SWRS-301090] ....................................... 58
5.1.10 Video Wall Display Interface [ISCS-SWRS-301100] ............................................................... 61
5.1.11 Self-Monitoring Interface [ISCS-SWRS-301110]..................................................................... 61
5.2 Interface with External Systems [ISCS-SWRS-302000] ................................................................. 61
5.2.1 Tunnel Ventilation System / Tunnel Lighting System/ Viaduct Lighting System Interface
[ISCS-SWRS-302010] ............................................................................................................................. 61
5.2.2 High Voltage System (HV) /Integrated Building Management System (iBMS)/ Electrical
System (ES)/ Low Voltage System (LV) [ISCS-SWRS-302020] ............................................................. 63
5.2.3 Traction Power System (TPS) Interface [ISCS-SWRS-302030] ............................................. 63
5.2.4 Access Management System (AMS) Interface [ISCS-SWRS-302040] ................................... 64
5.2.5 Automatic Fare Collection System (AFC) Interface [ISCS-SWRS-302050] ............................ 65
5.2.6 Rolling Stock (RS) Interface [ISCS-SWRS-302060] ............................................................... 65
5.2.7 Signalling System (SS) Interface [ISCS-SWRS-302070] ........................................................ 66
5.2.8 Platform Screen Door (PSD) Interface [ISCS-SWRS-302080] ............................................... 67
5.2.9 Depot Equipment, Service Vehicle (TWP) Interface [ISCS-SWRS-302090] .......................... 67
5.2.10 Maintenance Management System (NOT USED) [ISCS-SWRS-302100] .............................. 67
Page 6 of 171
Rev. No. 0.4.0
5.2.11 Uninterruptible Power System (UPS) Interface [ISCS-SWRS-302110] .................................. 67

5.2.12 Fire System Interface [ISCS-SWRS-302120] .......................................................................... 67
5.2.13 Water Handling Equipment (WHE) Interface [ISCS-SWRS-302130] ...................................... 68
6 Non-Functional Requirements [ISCS-SWRS-400000] ............................................................................ 69

6.1 Performance Requirements [ISCS-SWRS-401000] ........................................................................ 69
6.1.1 Response Time [ISCS-SWRS-401010] ................................................................................... 69

6.1.2 Degraded Modes [ISCS-SWRS-401020] ................................................................................ 69
6.1.3 System Capacity and Loading [ISCS-SWRS-401030] ............................................................ 70
6.1.4 Expandability and Scalability [ISCS-SWRS-401040] .............................................................. 70
6.2 System Security Requirements [ISCS-SWRS-402000] .................................................................. 71
6.3 System Safety Requirements [ISCS-SWRS-403000] ..................................................................... 72
6.4 Design Review Requirements [ISCS-SWRS-404000] .................................................................... 72
6.4.1 HMI Demonstration [ISCS-SWRS-404010] ............................................................................. 73
6.5 Software Maintenance Requirements [ISCS-SWRS-405000] ........................................................ 73
7 Requirements Techniques and Measures [ISCS-SWRS-500000] .......................................................... 75
8 SIL Requirement Tracking [ISCS-SWRS-600000] .................................................................................. 76
9 Requirement Traceability Matrix ................................................................................................. 78
Figures
Figure 1-1: Requirement ID Example ................................................................................................. 16
Figure 5-1: Sequence Diagram for Monitoring of the CBN Systems .................................................. 50
Figure 5-2: Data Flow Diagram for Monitoring of the CBN Systems .................................................. 50
Figure 5-3: Sequence Diagram for Monitoring of the WDCS Systems .............................................. 50
Figure 5-4: Data Flow Diagram for Monitoring of the WDCS Systems .............................................. 51
Figure 5-5: Sequence Diagram for Message Display and Audio Announcement Synchronization ... 51
Figure 5-6: Data Flow Diagram for Message Display and Audio Announcement Synchronization ... 51
Figure 5-7: Sequence Diagram for Train Information Status .............................................................. 53
Figure 5-8: Data Flow Diagram for Train Information Status .............................................................. 53
Figure 5-9: Sequence Diagram for Monitoring of the Monitoring and Annunciation of PABX and System
Alarms ................................................................................................................................................. 56
Figure 5-10: Data Flow Diagram for Monitoring of the Monitoring and Annunciation of PABX and
System Alarms .................................................................................................................................... 56
Figure 5-11: Sequence Diagram for “District map” Display ................................................................ 57
Figure 5-12: Data Flow Diagram for “District map” Display ................................................................ 57
Figure 5-13: Sequence Diagram for Voice Recording ........................................................................ 58
Figure 5-14: Data Flow Diagram for Voice Recording ........................................................................ 58
Figure 5-15: Sequence Diagram for ESP Activation .......................................................................... 60
Figure 5-16: Data Flow Diagram for ESP Activation .......................................................................... 60
Figure 5-17 : Sequence Diagram for “Triggering of TVS Mode” ......................................................... 62
Figure 5-18: Data Flow Diagram for “Triggering of TVS Mode” .......................................................... 62
Figure 5-19: Sequence Diagram for Monitoring of the Traction Power Network ................................ 63
Figure 5-20: Data Flow Diagram for Monitoring of the Traction Power Network ................................ 63
Figure 5-21: Sequence Diagram for Control Output Circuit ................................................................ 63
Figure 5-22: Data Flow Diagram for Control Output Circuit ................................................................ 64
Page 7 of 171
Rev. No. 0.4.0
Figure 5-23 : Sequence Diagram for Traction Power Status .............................................................. 64

Figure 5-24: Data Flow Diagram for Traction Power Status ............................................................... 64
Figure 5-25: Sequence Diagram for Monitoring of the Rolling Stock Systems .................................. 65
Figure 5-26: Data Flow Diagram for Monitoring of the Rolling Stock Systems .................................. 65
Figure 5-27 : Sequence Diagram for “Fire Alarm” Status ................................................................... 67
Figure 5-28 : Data Flow Diagram for “Fire Alarm” Status ................................................................... 67
Tables
Table 1-1: Table of Abbreviations ....................................................................................................... 10
Table 1-2: Table of Definitions ............................................................................................................ 14
Table 1-3: List of Reference Documents ............................................................................................ 15
Table 1-4: List of Standards ................................................................................................................ 15
Table 2-1: Document Structure with the Section Number and Content Descriptions ......................... 17
Table 3-1: ISCS Integrated Systems .................................................................................................. 20
Table 5-1: PA Announcement Priority Levels ..................................................................................... 52
(The remainder of the page is intentionally left blank)
Page 8 of 171
Rev. No. 0.4.0
1 Introduction
The Government of the Republic of Singapore and the Government of Malaysia have agreed to jointly
develop the RTS Link project to enhance connectivity between Malaysia and Singapore, to benefit
commuters who travel between Singapore and Johor Bahru. The RTS Link will primarily serve as an
alternative mode of transport for commuters currently utilising the Johor Bahru-Singapore Causeway
to cross the border. The RTS Link is intended to be a convenient, safe, and cost-effective system that
integrates well with other transportation services in Woodlands and Johor Bahru.
The RTS Link will be a shuttle link with double tracks that crosses the Straits of Johor via a high bridge.
It will serve two terminal stations, one in Woodlands, Singapore and the other in Bukit Chagar, Johor
Bahru, Malaysia. The proposed link will be approximately 4.6km in length, and the crossing will take
approximately 5-10 minutes. The RTS Link Operator (who will be the Employer) will be required to
operate the RTS Link all year round.
1.1 Purpose of Document
The purpose of ISCS Software Requirement Specification (SRS) is to define software requirements
for ISCS to fulfill the system requirements specification stated in ISCS System Requirements
Specification (P205_ISCS_D2.1_SysRS).
This document shall categorize all requirements as [INFO] Information, [BI] Basic Integrity, or [SIL 2]
SIL 2 according to EN 50128:2011 + A2:2020 standard. Basic Integrity requirements shall be used for
development of non-safety related software.
In addition, any software requirements that involves configuration data that shall be used by project to
fulfill the system requirements via application data configuration shall be tagged additionally as [CD]
Configuration Data.
This document will supersede the Software Requirement Specifications of Integrated Supervisory
Control System (ISCS) (RTS-SY03-SYS-EIC-SPC-30001) Revision 05.
1.2 Scope of Works

In accordance with RTS SY03 Works, RTS Integrated Supervisory and Control System (ISCS)
contractor is responsible for the Design, Manufacture, Supply, Delivery, Installation, Testing,
Commissioning, Interfacing, Warranty, the rectification of defects during the Defect Liability Period and
Other Related Works on the associated equipment necessary to facilitate operation and maintenance
of the ISCS system which include special tools and testing equipment, spare parts, Operation and
Maintenance Manuals and training.
This document shall describe ISCS software functional requirements, software non-functional
requirements and interface requirements.
Page 9 of 171
Rev. No. 0.4.0
1.3 Acronyms, Abbreviations and Terms

The following tables provide definitions for acronyms, abbreviations and terms used in this document.
1.3.1 Acronyms and Abbreviations
Table 1-1: Table of Abbreviations
Acronyms & Definition

Abbreviation
ACS Access Control System
AFC Automatic Fare Collection
AMS Access Management System
API Application Programming Interface
ATS Automatic Train Supervision
BDCC Backup Depot Control Centre
BI Basic Integrity
BMS Building Management System
BOCC Backup Operation Control Centre
CAD Computer-Aided Design
CBN Communication Backbone Network
COMMS Communications System
CPU Central Processing Unit
CRIS Control Room Server IP
CSV Comma Separated Values
DESV Depot Equipment & Service Vehicle
DSS Decision Support System
DVAS Digital Voice Announcement System
ECS Environmental Control System
EMC Electromagnetic Compatibility
ESP Emergency Stop Plunger
GUI Graphic User Interface
Page 10 of 171
Rev. No. 0.4.0

Abbreviation
HA High Availability
HMI Human Machine Interface
HV High Voltage
iBMS Integrated Building Management System
IED Intelligent Electronic Device
IMR Incident Management Room
I/O Input / Output
IP Internet Protocol
IPS Intrusion Protection System
ISCS Integrated Supervisory and Control System
JPEG Joint Photographic Experts Group
LAN Local Area Network
LOTO Lock Out Tag Out
MCS Master Clock System
NA Not Applicable
NTP Network Time Protocol
NVR Network Video Recorder
OCC Operation Control Centre
ONVIF Open Network Video Interface Forum
O&M Operation & Maintenance
PA Public Address
PABX Private Automatic Branch Exchange System
PHP Passenger Help Point
PID Passenger Information Display
PIDS Passenger Information Display System
PLC Programmable Logic Controller
Page 11 of 171
Rev. No. 0.4.0

Abbreviation
PMT Portable Maintenance Unit
PSC Passenger Service Centre
PSD Platform Screen Door
PSTN Public Switched Telephone Network
PTZ Pan Tilt Zoom
RS Rolling Stock
RTU Remote Terminal Unit
SCADA Supervisory Control and Data Acquisition
SCR Station Control Room
SIL Safety Integrity Level
SSIL Software Safety Integrity Level
SS Signalling System
TETRA RS Terrestrial Radio System
TMS Train Management System
TPS Traction Power System
TTNT Time-To-Next-Train
TVS Tunnel Ventilation System
TWP Train Wash Plant
UPS Uninterruptible Power Supply
USB Universal Serial Bus
VCP Video Control Panel
VRS Voice Recorder System
VCA Video Content Analysis
VDU Video Display Unit
VSS Video Surveillance System
VWDP Video Wall Display Panel
Page 12 of 171
Rev. No. 0.4.0

Abbreviation
WDCS Wayside Data Communication System
WPC Works Package Contractor
WYSIWYG What You See is What You Get
(Remaining page is intentionally left blank)
Page 13 of 171
Rev. No. 0.4.0
1.3.2 Terms
Table 1-2: Table of Definitions
Term Definition
COMMS WPC Sapura Rail Systems Sdn. Bhd.
Employer Means RTS Operations Pte Ltd, its subsidiary or designated

representative
ISCS Integrated Supervisory and Control System
ISCS Contractor Willowglen (Malaysia) Sdn. Bhd.
MAY This word, or the adjective “OPTIONAL”, denotes a truly optional item.
One developer may choose to include the item because it is required
by a specific requirement or because the project owner/manager
believes it improves the product, while another developer may choose
to leave it out.
MUST This word, or the phase “REQUIRED” or “SHALL”, denotes that the
definition is a requirement of the specification in its entirety.
MUST NOT This term, or the word “SHALL NOT”, indicates that the specification’s
definition is an absolute prohibition.
Owner Means Rapid Transit Operator
Project Means the "RTS Link between Malaysia and Singapore”
SHOULD This word or the “RECOMMENDED” adjective means that good

reasons can exits to ignore a certain thing in particular situations, but
the entire consequences must be understood and evaluated carefully
before selecting another option.
SHOULD NOT The phrase, or the phrase “NOT RECOMMENDED”, indicates that
there may be valid reasons for a particular behaviour to be acceptable
or even useful in specific circumstances, but the full implications
SHOULD be understood and the case carefully weighed before
implementing any behaviour described with this label.
Site The ‘Site’ may be considered the whole site of the project, a particular
worksite, a sub-set of a worksite or a smaller section of a worksite that
may be specific to a particular part of the project or WPC
Systems Consultant Ch2M Sdn Bhd or other persons appointed from time to time by the
Employer and notified to the WPC.
Xentral Software ISCS Software Platform (Generic Software) developed by Willowglen

Platform MSC Berhad.
Page 14 of 171
Rev. No. 0.4.0
1.4 References
1.4.1 Reference Documents

Table 1-3: List of Reference Documents
Document Number Revision Document Title
RTSO/TDR/SB/COMMS/CPX/2021/003 NA Part 1: General Specification with

Appendices
RTSO/TDR/SB/COMMS/CPX/2021/003 NA Part 2: Particular Specification with

Appendices
RTS-SY03-SYS-GRA-REP-20003 02 Safety Integrity Level Determination

Report
P205_ISCS_D2.1_SysRS 0.4.0 ISCS System Requirements Specification
P205_ISCS_D1.1_SQAP 0.6.0 ISCS Software Quality Assurance Plan
P205_ISCS_D1.3_SVVP 0.5.0 ISCS Software Verification and Validation

Plan
1.4.2 Standards
Table 1-4: List of Standards
Document Number Document Title
EN 50128:2011 + Railway applications – Communications, signalling and processing

A2:2020 systems – Software for railway control and protection systems.
IEC61131-3:2013 Programmable controllers – Part 3: Programming languages
ISO 9000:2015 All parts Quality Management and Quality Assurance Standards
ISO 9001:2015 Quality Management Systems - Requirements
ISO 11064:2008 Ergonomic Design of Control Centres
ISO 9241-303:2011 Ergonomics of Human-System Interaction
*Note: The latest version of the standard and applicable test as of the contract effective date shall be
used.
Page 15 of 171
Rev. No. 0.4.0
1.5 Requirement ID
Every requirement specification in this document shall be assigned with a unique identification (ID) for
traceability of subsequent documents including design, implementation and testing phase.
In this document, every requirement shall be assigned the ID format as follows:
ISCS-SWRS-ABBCCD-EE-FF-GG
where;
A – SWRS Heading Level 1
The numbering assignment starts from Section 3.
BB – SWRS Heading Level 2
CC – SWRS Heading Level 3
D – SWRS Heading Level 4
EE – SWRS Item Number Level 1
FF – SWRS Item Number Level 2
GG – SWRS Item Number Level 3
Example:
Figure 1-1: Requirement ID Example

Referring to Figure 1-1, below are examples of how the Software Requirement ID is allocated:
1. System requirement:
“Real time train movement using track section status.”
The System Requirements ID shall be ISCS-SWRS-205070-04-01.
2. System requirement:
“Malfunction power failure.”
The System Requirements ID shall be ISCS-SWRS-205070-04-05-01.

Page 16 of 171
Rev. No. 0.4.0
2 Document Structure
The following table summarizes the document structure:
Table 2-1: Document Structure with the Section Number and Content Descriptions
Section Content
Number
Section 1 This section introduces the document by providing domain background and
documents references to be considered.
Section 2 This section briefs the content of each section in the document.
Section 3 This section briefs on the overall description of the software.
Section 4 This section details all functional requirements of the software. These are specific
software functions that must be implemented to enable users to accomplish their
tasks, which are further categorized into different features.
Section 5 This section details all the external interface requirements of the software. These
are specific types of functional requirements to outline how the software interfaces
with other components.
Section 6 This section details all non-functional requirements of the software. These are
performance attributes of the software and define how the software should perform
to satisfy user expectations. If a performance attribute is specific to a certain
component, it shall be listed under the functional requirements.
Section 7 This section refers to the techniques and measures used to produce this
document.
Section 8 This section summarizes SIL 2 related requirements.
Section 9 This section refers to the traceability matrix for the requirements in the Software
Requirement Specification to the System Requirement Specification
Page 17 of 171
Rev. No. 0.4.0
3 Overall Description [ISCS-SWRS-100000]

3.1 General [ISCS-SWRS-101000]
1) [INFO] The ISCS design shall include:

1. [BI] High availability (HA) HyperVisor Server infrastructure matrix at stations and control centres
2. [BI] Database Management System
3. The ISCS system is used for railway command center for the operators to monitor and/or
control all subsystems in the entire railway line, such as interfaces to:
1. [BI] Building Management System (BMS)
2. [BI] Environmental Control System (ECS)
3. [SIL2] Tunnel Ventilation System (TVS)
4. [SIL2] Power SCADA (PSCADA)
5. [BI] Video Surveillance System (VSS)
6. [BI] Passenger Information Display System (PIDS)
7. [BI] Public Address System (PA System)
8. [BI] Radio System
9. [BI] Central Transmission System (CTS)
4. [INFO] RTU /PLC/ FEP and Marshalling Panel (for non-Power SCADA Application)
5. [INFO] Printers
6. [INFO] Display/Monitor unit

7. [INFO] Network Services Server
2) [BI]
The ISCS shall provide full and seamless control and/or monitoring of plant and equipment
throughout the RTS Link, and facilities at OCC, BOCC, Depot, SCR, IMR, PSC and other
locations as required.
3) [BI] Open and industry standard protocols shall be implemented for all interfaces between systems.
4) [BI]
The WPC shall undertake all necessary software development in order to integrate the ISCS
and sub-system functionalities, as required by the Employer, into the ISCS Platform. These shall
include but not be limited to the development and implementation of:
1. Drivers;
2. SDK;
3. API;
4. database integration;
5. GUI integration;
6. peripheral integration.
5) [INFO]
A systematic approach shall be adopted in conducting analysis and design during the
software requirement phase and throughout the software design process.
6) [INFO]
If the modifications to previously developed software adopted within the Contract, the
impacts to the existing system software and hardware caused by shall be assessed and clearly
identified in the lifecycle document.
7) [INFO]
A procedure shall be defined and implemented to cover the production, collation, and
analysis of software metrics.
Page 18 of 171
Rev. No. 0.4.0
8) [BI] The ISCS software shall be able to be run in a virtualized environment.

9) [BI]
The ISCS software shall provide functions or tools to facilitate diagnostic, fault tracing,
troubleshooting and analysis of the system.
10) [BI] The ISCS system shall support distributed client-server architecture.
11) [BI] The
ISCS shall be supplied with open protocol interfaces in-built to support the future interfaced
systems.
12) [INFO]The design life of the Communication System shall be a minimum of fifteen (15) years and
all components, materials, software, and other support required shall be available for at least
fifteen (15) years from the Completion of the Works.
13) [INFO]
The updated components shall be fully backwards compatible with the original installed
components and the originally installed Operating System.
14) [INFO]Intellectual property rights for bespoke software components design and development,
including all design documentation, source codes, development environment and simulators,
shall be transferred to Employer on completion of the works.
15) [BI] Spare capacity of 30% shall be provided and is considered in the design.
16) [BI] The availability target for ISCS is 99.99%.
17) [INFO] Documentor demonstration regarding the development status and suitability of the software
to be reused shall be provided upon request from the Employer.
18) [INFO]The design and supply of the ISCS shall include, as a minimum, the following
plans/strategies:
1. Alarm Management Strategy
2. Database Management Plan
3. Integration Plan
4. Access Authority Strategy
5. HMI Specification
6. Functional Architecture
7. Future Expansion Strategy
19) [INFO]
All ISCS system equipment and software shall be proven in use in a similar railway
environment and be able to provide a demonstrably stable and reliable platform.
20) [INFO]
The ISCS system shall be suitable for the operational requirements of the RTS Link taking
into account the environmental and operational conditions as set out in contract requirements.
21) [INFO]
The ISCS system shall provide operators with an efficient method of controlling and
monitoring equipment and the various subsystems throughout the railway system.
22) [INFO]
All software required to allow the ISCS to interface with other sub systems shall be defined
and/or developed during the final design phase.
3.2 ISCS HMI [ISCS-SWRS-102000]
1) [INFO]
For systems requiring operational control, the ISCS HMI shall be the primary method of
operator control.
2) [BI] All
normal operator functions available within each of the controlled systems must be provided
at a minimum by the ISCS HMI.
Page 19 of 171
Rev. No. 0.4.0
3) [BI]The ISCS HMI shall provide all required operator functionalities, inputs, and outputs to allow
full operation of the interfaced subsystems, so that the operator is not required to operate the
interfaced subsystems' equipment directly in normal operation.
4) [BI] Anysub-system functionality that the operator requires shall be incorporated into the ISCS, so
that the functions and features are presented consistently across the ISCS HMI.
3.3 System Integration [ISCS-SWRS-103000]
1) [INFO] Foralarm and status monitoring, as well as system control, the ISCS system shall interface
with all other rail systems, as defined by the systems' interface requirements.
2) [INFO] The
ISCS system shall interface to the following systems to provide the required alarm and
status monitoring and / or operational control functionality.
Table 3-1: ISCS Integrated Systems
Alarm and Status Operation

No. System
Information Control
1 Video Surveillance System (VSS) Yes Yes
2 Private Automatic Branch Exchange (PABX) System Yes Yes
3 Multi-channel Voice Recorder System (VRS) Yes Yes
4 Passenger Information Display System (PIDS) Yes Yes
5 Public Address (PA) System Yes Yes
6 TETRA Radio System Yes Yes
Communication Backbone Network (CBN) / Railway

7 Yes No
LAN / Wayside Data Communication System (WDCS)
8 Master Clock System (MCS) Yes No
9 Cybersecurity System Yes No
10 OCC and BOCC (Video Wall Display System) Yes No
11 Access Management System (AMS) Yes No
12 Tunnel Ventilation System Yes Yes
13 Traction Power System Yes Yes
14 Uninterruptible Power System (UPS) Yes No
15 Depot Equipment Yes No
16 Signalling Control System Yes No
Page 20 of 171
Rev. No. 0.4.0
Alarm and Status Operation

No. System
Information Control
17 Platform Screen Door (PSD) Yes No
18 Fire Protection System Yes No
19 Rolling Stock TMS Yes No
20 Automatic Fare Collection System Yes No
21 Tunnel Lighting System / Viaduct Lighting System Yes Yes
22 HV System Yes No
3) [BI]
As a minimum, the ISCS HMI shall provide all operator functions available within each of the
interfaced systems that are required for day-to-day operation.
3.4 Standard Conformance [ISCS-SWRS-104000]
1) [INFO] The
user interface shall be designed and developed in line with ISO 11064-5 to provide the
operator a consistent look and feel throughout all functionalities and views within the ISCS.
2) [INFO]
All ISCS displays and GUI shall also undergo an ergonomic design approach following the
Ergonomic & Human Factors Guidelines for Control Rooms and Control Centres and shall comply
with the requirements for electronic visual displays in ISO 9241-303.
3) [INFO]
During software programming, proven programming languages and methods defined in an
internationally recognised standard shall be used.
4) [INFO] Defined Codes of Practice shall be used to develop or modify the software.
5) [INFO]
For any developed and customised software, the WPC shall comply with the requirements
of EN 50128 and produce the specified output documents. These documents shall be submitted
to the Employer for review and acceptance.
3.5 Software Version / License [ISCS-SWRS-105000]
1) [INFO]
With the exception of operating systems, all commercial "off the shelf" third-party software
shall be the most recent version.
2) [INFO]
Communication Systems shall have no physical dongle license and not dependent on the
identification and attribute of the hardware/equipment specific.
3) [INFO]
All equipment license shall be transferred to the end user that enable full setup on
replacement server, workstation, and spare parts.
4) [INFO] The baseline version shall be identified and documented in the Software Product Definition
if a previously developed software shall be reused.
5) [INFO] The supply of the ISCS shall include all necessary software perpetual licenses.
6) [INFO] All licenses shall be fully transferred to the Employer on completion of the works.
Page 21 of 171
Rev. No. 0.4.0
3.6 Source Code Escrow [ISCS-SWRS-106000]
1) [INFO]
For proprietary software that are used in vital systems, the WPC and the Employer shall
enter into an agreement with the Source Code Escrow for placing the proprietary software source
code used in the ISCS system as a minimum for a period equal to the design life of the ISCS
system.
2) [INFO]
The Escrow agreement shall enable the release of the sources code to the Employer from
the Sources Code Escrow under the condition that the WPC is in breach of the obligation of
maintenance and support of the software in the ISCS system as required in the Contract and in
the Escrow agreement.
3) The WPC shall provide the proposed Escrow agreement for the Employer’s review and
[INFO]
acceptance and shall incorporate any requirement from the Employer as necessary.
4) [INFO] The
WPC shall be responsible for the costs involved in establishing the Source Code Escrow
agreement and for the period of the whole period of the Escrow program.
3.7 Constraints and Assumptions [ISCS-SWRS-107000]

There are no constraints identified at software requirement phase.
The assumption applied to ISCS is the communication interface used for the safety functions shall
need to comply to SIL 2 requirements according to the system’s specification. The SIL 2 requirements
shall be end-to-end basis.
The communication protocols between ISCS and the safety related subsystems are industry standard
protocols such as IEC 60870-5-104, Modbus, and JMS API. The SIL 2 compliance of the external
interfacing systems is out of the scope of ISCS.
All functional and non-functional requirements specified for ISCS requires to be configured and
installed in the appropriate hardware configuration and specification which can yield the desired
outcome.
3.8 Software Failure Reports [ISCS-SWRS-108000]
1) [INFO] The
WPC shall generate a software failure report for each software failure that occurs, once
the software has been approved for inclusion into the system and is subject to configuration
control.
2) [INFO]
All such reports shall be retained as part of the testing and commissioning records for the
system and subject to inspection by the Employer.
3) [INFO] The report shall clearly show:
1. The observed symptoms
2. The likely cause
3. The fault category
4. The operator input
4) [INFO] Thereport shall also clearly show the following information which shall be entered when the
failure has been investigated:
1. The actual cause of the failure
2. The corrective action taken
Page 22 of 171
Rev. No. 0.4.0
3. All software modules affected
3.9 Software Management Control [ISCS-SWRS-109000]
3.9.1 General [ISCS-SWRS-109010]

1) [INFO]
The WPC shall establish, implement and maintain a software management system to the
requirements of ISO 90003 to ensure that all software supplied under the Contract shall comply
with the required quality and safety standards.
3.9.2 Software Quality Assurance Plan [ISCS-SWRS-109020]

1) [INFO]
The WPC shall submit a Software Quality Assurance Plan to the Employer for approval on
the earliest of the following scenarios:
1. Not later than one (1) month after the completion of the Software Requirement Specification;
or
2. Four (4) months after the date of the Letter of Acceptance of each relevant Designated
Contractor or Designated Supplier.
2) [INFO] Atypical contents list for the Software Quality Assurance Plan shall define, but shall not be
limited to:
1. The organisation of the WPC’s software development and testing personnel including his
subcontractors of any tier, to illustrate the division of the works among the team members,
and full details of the qualifications and experience of all software team leaders shall be
included in the Plan.
2. The WPC software development lifecycle processes, including those of his subcontractors,
in accordance with the requirements of ISO 12207 and/or EN 50128, whichever is applicable;
the WPC shall explain in the Plan the reason(s) for any specific development lifecycle
processes and/or documents that are to be combined or further split.
3. The software verification and validation processes in accordance with the requirements of
ISO 12207 and/or EN 50128 whichever is applicable, indicating clearly the parties involved
for each process.
4. The WPC configuration management processes in accordance with the requirements of ISO
10007 for the configuration management of software and documentation; the WPC
configuration management processes shall be extended to manage the software
configuration of his subcontractors of any tier.
5. An automated tool proposed by the WPC for keeping track of software changes and the full
history of software versions.
6. The proposed format for recording the configuration status of each software configuration
item which shall be reported in the Monthly Progress Report.
7. The proposed format for recording the software installation status of all software after the
commencement of Partial Acceptance Tests (PAT) which shall include, but shall not be
limited to, system/subsystem name; software name; software version/ baseline number,
installed locations, and key software changes. A softcopy of the software installation status
shall be provided to the Employer monthly and/or as requested by the Employer.
8. The proposed format of a software release note for notifying the Employer on the release of
each new version of software for Factory Acceptance Tests (FAT) and/or on-site tests; the
software release note shall include, but shall not be limited to, reference to baseline
Page 23 of 171
Rev. No. 0.4.0
document, software configuration items and versions, dependent software packages,

implemented changes, operational restrictions, and installation procedures.
9. The proposed format of a defects register showing the status and a full description of all
software defects identified and releases correcting the defect from the commencement of
FAT up to the issue of the Completion Certificate for the Works; the defects register shall be
in electronic format and shall be provided to the Employer for information on monthly basis
and/or as requested by the Employer.
10. The proposed list of software development lifecycle documentation for submission to the
Employer for review
3) [INFO]
The WPC shall, at least once every six (6) months and/or as requested by the Employer,
review and update the Software Quality Assurance Plan to meet the requirements and
development of the Works throughout the Contract. For any amendments to the Plan, the WPC
shall as soon as practicable submit the proposed amendments for approval by the Employer.
4) [INFO]
For any proposed replacement of the software team leader(s), the WPC shall submit full
details of the qualifications and experience of the proposed replacement to the Employer for
approval. The replacement once approved, shall report for duty at least one (1) month prior to
the departure of the original team leader(s).
3.9.3 Software Release and Management Control [ISCS-SWRS-109030]

1) [INFO]Software Control and associated control processes and procedures shall be a requisite for
all software used within the Systems Works scope.
2) [INFO] After
the commencement of PAT on the equipment and/or system on Site, requests for any
new installation and/or amendments to the software already installed in the equipment and/or
system concerned shall be made by submission of a “software installation/modification request”
together with a software release note and other supporting documents, at least two (2) working
days prior to the installation. Unless otherwise directed by the Employer, the WPC shall not
proceed with the installation or modification of software until an “Approved” response has been
obtained from the Employer.
3) [INFO] After
the issue of the Completion Certificate for the Works, requests for any new installation
and/or amendment to the software already installed in the equipment and/or system concerned
shall be made by submission of a “software installation/modification request” together with a
software release note and other supporting documents, at least seven (7) working days prior to
the installation. The proposed date of software installation shall be subject to the availability of
the concerned system to be advised by the Railway Operator or the Employer. Unless otherwise
directed by the Employer, the WPC shall not proceed with the installation or modification of
software until an “Approved” response has been obtained from the Employer. In addition, the
WPC shall provide the results of internal validation, installation methods, fall-back procedures
and an assessment of the impact on the system operations for the new software.
4) [INFO] TheWPC shall ensure that the version number of each item of software for the Works shall
be auditable without additional software or hardware tools. For all computer software, facilities
shall be provided within the software for determining the software version. For all firmware and
PLC equipment, unless an indication of the version number is built into the equipment, a label
showing the software version shall be securely affixed on the firmware or equipment.
5) [INFO]
The WPC shall ensure that all software and source codes are protected by and therefore
can be made available, through a third party software escrow agreement.
3.9.4 Software Progress Tracking [ISCS-SWRS-109040]

1) [INFO]
Prior to the conclusion of each phase for software requirements specification and software
architecture design, the WPC shall make a presentation on the results of the WPC software
requirements analysis and software architecture design to the Employer in Kuala Lumpur,
Malaysia. The WPC presentation shall be in sufficient detail to enable the Employer to obtain a
Page 24 of 171
Rev. No. 0.4.0
clear understanding of the software scope, software architecture and the planning of development
activities.
2) [INFO]
The WPC shall elaborate the entire software development efforts in detail in the Works
Programme, highlighting the critical path for the activities. The Works Programme shall include,
but shall not be limited to, the following activities:
1. software activities of all software components at each development lifecycle phase;
2. software related Milestones
3. internal software audit and software assessment
4. any other details as directed by the Employer
3) [INFO]
The WPC shall establish and implement metrics for the measurement of the quality and
progress of software activities. All metrics shall be based on auditable data. The metrics which
shall be reported in the Monthly Progress Report, as a minimum, shall include:
1. number of total, passed and failed FAT cases
2. number of total, passed and failed PAT cases
3. number of total, passed and failed SAT cases
4. number of passed test cases per month for FAT, PAT and SAT
5. number of outstanding software defects
6. number of software defects rectified per month
3.9.5 Software Audit [ISCS-SWRS-109050]

1) [INFO]
For the development of non-safety related software, the WPC shall assign an internal
software auditor to conduct internal software audits at least at quarterly intervals to ensure that
the WPC processes are compliant with the requirements of the ISO 12207 Standard and the
Contract requirements.
2) [INFO]
For the development of safety-related software, the WPC shall assign a software assessor
to conduct a software assessment at least at quarterly intervals to ensure that the WPC processes
are compliant with the requirements of the EN 50128 standard and the Contract requirements.
3) [INFO] Software
audits and assessment reports shall be submitted to the Employer within fourteen
(14) days of completion of each software audit or assessment.
4) [INFO]The internal software auditor and software assessor shall have at least five (5) years of
experience in the establishment, maintenance and monitoring of software quality assurance
systems based on international software quality assurance standards. The software assessor
shall be independent from the development organisation in accordance with EN 50128 and shall
in addition have at least five (5) years’ experience in the establishment, maintenance and
monitoring of software quality assurance systems conforming to EN 50128 Standard. The WPC
shall submit full details of the qualifications and experience of the software assessor and software
auditor to the Employer for approval, prior to carrying out any software audit and/or assessment.
If the software auditor and/or the software assessor become unavailable, the WPC shall submit
to the Employer for approval, details of the qualifications and experience of his proposed
replacement.
5) [INFO]
The WPC and his subcontractors of any tier shall be subject to software audits conducted
by the Employer or his delegates at six (6) month intervals, or at such other intervals as may be
required by the Employer. The WPC and his subcontractors shall afford to the auditor timely
access to all personnel, activities, software, source codes, documentation, procedures and
records in connection with the software development activities during the audits.
6) [INFO] A
Software Corrective Action Request (CAR) or Software Observation Report (OBS) will be
raised respectively by the auditors for each non-conformity or potential non-conformity identified
Page 25 of 171
Rev. No. 0.4.0
during the audits. The WPC shall submit proposed corrective and preventive actions within seven
(7) days from the receipt of the CAR or OBS, to the Employer for review. The WPC shall take
timely corrective and preventive actions to rectify the CAR or OBS and to prevent any re-
occurrence and shall provide evidence of such to the Employer. The WPC shall maintain
communications with the auditor to ensure that all CAR/OBS are closed in a timely manner.
3.9.6 Software Documentation [ISCS-SWRS-109060]

1) [INFO]
For any customised or newly developed software, the WPC shall submit the software
development lifecycle documentation of the software to the Employer for review.
2) [INFO] For
safety-related software, the WPC shall include a requirements traceability matrix in each
of the software lifecycle documents, to show the requirement traceability at individual requirement
levels between the document concerned and the associated input documents.
3) [INFO]A diagram of the hardware configuration and a list of applicable software shall be included
in the test specifications for all software-related tests. Each test case, together with the sequence
of actions and the expected results, shall be clearly defined.
4) [INFO]
For all software-related tests, the version of applicable software and site-specific data
configuration shall be clearly recorded in the test record.
5) [INFO]
Where safety-related software is within the scope of the Contract, the WPC shall
demonstrate that the software quality assurance system and development methods implemented
throughout the software development lifecycle conform to the Contract requirements.
3.9.7 Safety Integrity Level [ISCS-SWRS-109070]
1) [INFO] Unless the Safety Integrity Level (SIL) of software is specified in the Contract, the WPC shall,
prior to the commencement of software requirement phase, assess the SIL for the software in
accordance with EN 50128 and IEC 61508. Each software component within a system shall by
default have the same SIL as that of the system. The assessment result, together with
justification, shall be recorded in a SIL assessment report and submitted to the Employer for
review.
3.9.8 Software Deliverables and Licenses [ISCS-SWRS-109080]
1) [INFO] The WPC shall submit the following items to the Employer for review at least three (3) months
prior to the issue of the Completion Certificate for the Works:
1. Inventory list(s) of all software components installed for the Works
2. Licences of software
3. A backup copy of all delivered software in secondary storage media together with installation
instructions to enable complete and/or partial re-installation of all software components for
the Works
4. All software source codes together with all necessary development tools
5. A backup copy of the required software source files in secondary storage media.
2) [INFO] For
any further software modifications after the items have been approved by the Employer,
the WPC shall re-submit the revised items to the Employer by the end of the Defects Liability
Period or as requested by the Employer.
3) [INFO] TheRailway Operator shall be granted a royalty-free, non-exclusive and irrevocable licence
to use all software delivered for the Contract for an unlimited period.
4) [INFO]
In order to allow for future software maintenance by the Railway Operator, the WPC shall
deliver to the Employer the software source files of project specific software as required by the
Specifications. As a minimum, the source files of the following project specific software shall be
delivered:
Page 26 of 171
Rev. No. 0.4.0
1. PLC programme and data

2. All software associated with the configuration for the operational user interface of the
computer-based application
3. A system parameters
4. "Operational parameters database.
For the software source files to be delivered, the WPC shall also deliver the associated
hardware and software development tools, documents and training courses to the Railway
Operator to facilitate future modification of such software. In addition, the Railway Operator
shall be vested with the right to modify, enhance and regenerate any part or whole of the
software for his own use."
3.9.9 Backup [ISCS-SWRS-109090]
1) [INFO] The
WPC shall perform at least a fortnightly backup for the outputs of software development
works including those in progress, and shall also maintain backup copies of all software baselines
produced in the past six months. The WPC back-up process shall ensure zero data loss.
3.10 General Software Requirements [ISCS-SWRS-110000]
1) [INFO] TheWPC shall follow the requirements specified in the GS and the requirements of this PS
for the development and management of all software elements supplied under the Contract.
2) [INFO] The WPC shall produce a list of safety related software modules.
3) [INFO]
Based on the list, the WPC shall analyse the possible effects of each failure on these
components on the systems.
4) [INFO]
The analysis shall show that the software architecture has been thoroughly analysed to
ensure that all credible faults are identified, the fault control methods are effective, and the
residual faults are non-hazardous.
5) [INFO] The WPC shall remove all the dormant or unused code from the software before testing.
3.11 Software Design Requirements [ISCS-SWRS-111000]
1) [INFO]The software shall take into account hardware systematic, random, and common mode
failures.
2) [INFO]
Data-driven software (including parametric or configurable software) shall be protected
against possible errors arising from entry of incorrect data through accepted procedures.
3) [INFO] If
vital and non-vital software is to be implemented on a single hardware platform, then all of
the software shall meet the requirements for vital software unless appropriate techniques are
used to ensure vital software is unaffected by the non-vital software.
4) [INFO] Safety
of software design shall be assured by the incorporation of fail-safe principles in the
design of safety-critical modules.
5) [INFO]
Fail-safe designs shall ensure that any failure, or combination of failures, shall result in a
condition that is known to be safe.
6) [INFO]
The software design shall adopt the Checked-Redundancy Design principle. The checking
process shall encompass the complete subsystem, and/or all components, related to performing
safety-critical functions.
Page 27 of 171
Rev. No. 0.4.0
7) [INFO]
The checking process shall detect any failure of the subsystem which may degrade the
integrity of the safety function. Where software is used to implement a system function, then
software errors shall be considered as failures.
8) [INFO]
Common mode failures shall be eliminated by ensuring that the independence of the
checked-redundant paths of the safety-critical subsystem is maintained. This independence shall
be extended to include the subsystem power supplies and software components of the checked-
redundant elements, such that no common faults, environmental conditions, power fluctuation, or
EMI give rise to common mode failure.
9) [INFO]
The checking process shall be comprehensive and frequent. It shall be performed at least
as often as the function which is being checked and sufficiently frequently that the probability of
an unsafe failure shall satisfy the safety design requirement.
10) [INFO]Critical decision processes, which directly impact the system safety, within the software
program, shall be structured to ensure minimum complexity and thus allow for review and explicit
testing of the logic paths.
11) [INFO]
The dependence of safety of the system on a single software decision process, logic path,
or critical data element shall be avoided, where possible, by incorporating diversity within the
software design.
12) [INFO] Databases which contain information that can impact the safety performance of the supplied
system, shall be considered safety-critical, and shall be appropriately protected during data
storage, retrieval, communications, and processing.
13) [INFO] The
software system shall be designed to ensure that all such data is accurate during initial
data entry, processing, utilisation, and update, and a process shall be established for appropriate
data management of this safety-critical data.
3.12 Software Quality Assurance [ISCS-SWRS-112000]
1) [INFO]
The WPC shall implement a quality assurance system in compliance with the following
requirements and specified in the GS.
2) [INFO] In
addition to the requirements of GS, the WPC shall also submit the following for review and
acceptance of the Employer, to describe the software management methodology:
1. Software Management Plan
2. Software Development Plan
3. Software Configuration Management Plan
4. Software Verification & Validation Plan
3) [INFO]
Periodic testing of functions shall be carried out in accordance with the requirement in EN
50128 for ensuring that software functions are properly tested and meet safety requirements.
4) [INFO] All safety-related functions shall be allowed for testing during overall system operation.
Page 28 of 171
Rev. No. 0.4.0
4 Functional Requirements [ISCS-SWRS-200000]

4.1 HMI Functionality Requirements [ISCS-SWRS-201000]

1) [BI]
The HMI workstation or equipment display in the system is specifically designed to individual
user requirements based on the requirements of each user’s role.
2) [BI]
The HMI design achieved consistency and conformity across the whole interface, both in
appearance and in behaviour by utilising the HMI GUI to facilitate ease of use and to provide
intuitive behaviour.
3) [BI]
The operator navigable view shall list all tagged, LOTO and inhibited equipment with filtering
capabilities.
4) [INFO]The ISCS HMI design for visual displays and operator interaction, including video feed
interaction and audio interface functionality, shall fully comply with the ergonomic and human
factors engineering design requirements.
4.1.2 User HMI Functionality [ISCS-SWRS-201020]

1) [BI]
The ISCS HMI functionality shall allow full control over, and access to, all ISCS functionality
and data.
2) [BI] This ISCS functionality includes, but not be limited to:
1. Controls
2. Event and alarm management and functionality
3. Automation / scheduling functionality
4. Printing
5. Database and Views configuration and management
6. Access authority management
7. Backup and archiving management
8. Object Tagging (to support Permit to Work (PTW) arrangements)
9. Control inhibition
10. LOTO
11. Read/Write capability
12. Alarm inhibition
13. Object state forcing; and
14. Software functions available within each of the sub-systems (as required to achieve day-to-
day operation).
4.1.3 Alarm Inhibition, Scan Suspension, Force Value, LOTO [ISCS-SWRS-201030]
1) [BI]
The ISCS allow an operator with sufficient privileges to inhibited, suspended from the scanning
process, or forced to the required value to an alarm from a certain device, for example no alarms
from this device are generated during maintenance of the device.
2) [BI]
Inhibition/scan suspension/forcing/LOTO shall be notified on the display where the device
appears by icons, text or a change in colour.
Page 29 of 171
Rev. No. 0.4.0
4.1.3.1 LOTO [ISCS-SWRS-201031]

1) [BI] The operator shall be able to apply a LOTO strategy to any controlled equipment using the
HMI.
2) [BI] HMI shall display an indication of the executed LOTO on the correlate equipment symbol.
3) [BI] The removal of LOTO shall be performed through an additional confirmation procedure.
4) [BI] All tagged, LOTO and inhibited equipment shall be listed in an operator navigable view, with
filtering capabilities
4.1.4 Audio Alert [ISCS-SWRS-201040]

1) [BI] The operator shall able to modify the sound file and volume for audio notifications.
2) [BI]
For the purpose of alarm silencing, a dedicated key on the keyboard or a soft key in the alarm
window shall be provided.
3) [INFO] All audio alarms shall be based on human factor studies.
4.2 Access Authority / User Access Control Requirements [ISCS-SWRS-202000]

1) [BI]
The operator's login profile shall decide and/or limit all ISCS functionality as well as the level
of control and authority accessible at any given workstation.
2) [BI]
Except for Security Rooms, the location and type of an ISCS workstation shall not limit the
level of functionality offered at that workstation.
3) [BI]
The functionality provided in ISCS workstations at Security Rooms is limited to the functional
requirements defined for such locations. The functional requirements for such locations shall be
proposed by the WPC.
4) [BI]
The system administrator shall pre-define the level of control and authority for individual ISCS
operator profiles, which shall always correspond to the control levels.
5) [BI] The system administrator is able to manage and configure all of the operator profiles.
6) The access authority system shall allow only one “logged in” operator has authority over a
[BI]
defined area of control and alarm acknowledgement at any one time.

7) [BI]
The operator(s) identified as part of the WPC's detailed task analysis shall have control over
the extent of information displayed on the VCP.
8) [BI] All configuration and management functions shall be subject to sufficient login privileges.
9) The ISCS HMI for different operator’s profile and operator position shall be based of the
[BI]
workflow study.
10) [BI]
The operator shall be able to use ISCS HMI to perform operation function, control function and
monitor function on all railway system and selected E&M systems.
11) [INFO]
The operator shall be able to control and monitor all equipment and functions for operation
of the relevant area of control.
4.2.2 User Access Management System [ISCS-SWRS-202020]

1) [BI]
For system security, the ISCS shall have a configurable user access authentication system
that limits what activities individual operators can conduct on different devices in the system
based on respective operator profiles.
Page 30 of 171
Rev. No. 0.4.0
2) [BI]
The system shall allow for the creation of various operator profiles, each of which determines
the actions that an operator with that profile can execute.
3) [BI] The user access management system shall have the following typical functions:
1. Definition of User Profiles
2. Definition of Users
3. Assignment of profiles to users
4. Profiles Management:
1. Add/Remove Profiles
2. Defining profile permissions
5. Users Management:
1. Add/Remove Users
6. Centralised authentication service
4) [BI]
The system administrator shall have the authority required to manage the user access
management system.
5) [BI]
A user database containing all operators together with the allocated area(s) of authority shall
be maintained.
6) [BI]
ISCS HMIs shall be provided used to keep track of all logged-in users and their assigned areas
of authority, and the state of automated log off enable / disable.
7) [BI]
The operator shall be allowed to log-in using his/her profile in the workstation at any location
to perform the control and monitoring functions as granted under the corresponding area of
authority.
4.2.3 Area of Authority [ISCS-SWRS-202030]

1) [BI]
The operator's authority shall be restricted by the area of authority. Multiple areas of authority
may be assigned to an operator.
2) [BI]
Each operator, identified by his password (and/or passphrase), shall have the preassigned
area(s) of authority by default. This default authority shall be used for each operator’s login.
3) [BI]
By default, each operator has the preassigned area(s) of authority, as identified by his
password (and/or pass). For each operator's login, this default authority shall be used.
4) [BI]
The System Administrator shall have its own authority area, with the ability to perform all
system-related (both operating system and ISCS system) and engineering functions.
5) [BI]
The System Administrator shall be regarded as a "super user" who has the rights to perform
but not be limited to the following:
1. To on-line modify the areas of authority for each operator (both temporarily and permanently)
2. To on-line add / delete / disable operator accounts
3. To modify ISCS system functions (i.e. modify ISCS database, modify / create HMIs, modify
scan parameters, other administration functions)
4. To perform operating system functions
6) [BI]
The Operations Administrator shall be regarded as a "super operations user" who has the
rights to perform but not be limited to the following:
1. To on-line modify the areas of authority for each operator (both temporarily and permanently)
2. To on-line add / delete operator accounts
Page 31 of 171
Rev. No. 0.4.0
7) [BI] Dynamic assignment on authority area(s) is supported.

8) [BI]
The Administrators have the authority to temporarily grant/remove an operator's area of
authority, which shall remain active until the operator logs off.
9) [BI]
Control operation refers to operation which results in activation of an output device, include
the control of field equipment, alarm acknowledgement, alarm inhibition, I/O point overridden,
generation of reports, and the output of data to printers or hard disks.
10) [BI]
All Communication servers, workstations, equipment and etc. shall have multiple access levels
and each level shall have its own assigned functionalities access. These access levels design
shall be submitted to Employer for review and acceptance.
11) [BI]
An ISCS HMI related to this user database shall be accessible by Administrators functions
from the ISCS to facilitate easy monitoring and modification.
4.2.4 Login / Logout [ISCS-SWRS-202040]

1) [BI] A login procedure is required before an operator can access the ISCS functions.
2) [BI] The operator's area of authority shall be ascertained using passwords (and/or passes).
3) [BI] Simultaneous login of the same user ID at different locations is not allowed.
4) [BI] After a period of inactivity, any logged-in operator shall be automatically logged off.
5) [BI]
If this is about to occur, a warning shall be issued. Only authorised personnel shall be able to
change the time.
4.2.5 Changeover [ISCS-SWRS-202050]

1) [BI]
In projects that require redundant control center, the software can be configured to run in
similar configuration as the main control center without manual intervention.
2) [BI]
It shall be possible to transfer an operator's level of authority and area of responsibility within
the RTS Link to other operators at locations where there are more than one ISCS workstation,
provided that the receiving operator's authority level is sufficient and the receiving operator
actively accepts the transfer of responsibility.
3) [BI]
If the receiving operator's authority level is sufficient and the receiving operator actively accepts
the transfer of control, and vice versa. OCC operators shall transfer control of the RTS Link to
BOCC operators.
4) [BI]
An operator protocol and password dialogue shall be used to handle the transfer of control
and area of responsibility.
5) [BI]
A system Alarm shall notify the operators that a changeover or takeover has occurred. When
the Control Centre accepts control and relinquishes control, the system alarm shall sound.
6) [BI]
The control changeover process shall be seamless and not result in the loss of any data except
for that relating to operator actions which were being carried out just prior to or at the moment of
changeover and which had not yet been executed.
7) [BI]
The point at which all functions and indications are available to the operators is when the
process is complete, and a message is displayed at the ISCS workstation to clearly indicate
accordingly.
8) [BI]
A user with special administrative rights shall be given the authority to perform a hard takeover
of control, which shall be utilized when a cooperative control changeover is no longer possible.
9) [BI]
Only the system administrator shall be able to initiate a manual switchover of redundant
equipment.
10) [BI]
The Railway Systems shall be able to handover 100% of the OCC's functionality to the BOCC
and vice versa through a secure and quick process that takes less than 10 mouse clicks.
Page 32 of 171
Rev. No. 0.4.0
11) [BI]
The Employer's senior management shall be responsible for providing a unique password (for
the Takeover procedure).
12) [BI] The Employer shall be able to change the password as often as it is required.
13) [BI]
The WPC shall be responsible to study the OCC and BOCC change over operation, and
provide a report to Employer that shall cover of, but not limited to, the following items:
1. Manual switch over individual sub-systems
2. Failure on OCC
3. OCC server is down
4. Server change-over but operation remain at OCC and vice versa
5. OCC switchover to BOCC process
6. BOCC switch back to OCC process
14) [BI]
The control changeover shall not result in the loss of current displays and there shall be no
effect on system performance following completion of a changeover.
15) [INFO]
The ISCS equipment at BOCC shall be a direct copy of that in the OCC and provide full
redundancy.
4.3 Automation & Scheduling Requirements [ISCS-SWRS-203000]
1) [BI]
The application shall give the operator the ability to program a series of commands, save them
on disc with a given identity, and then subsequently execute them in the same order as they were
programmed, upon specific conditions.
2) [BI] The automation scheduler shall have the following typical functions:
1. Definition of complex and repetitive sequences;
2. Selection of orders on devices and management execution order;
3. Definition of actions in case of error for each command;
4. Disabling of individual commands from a command sequence list;
5. Definition of execution conditions for each action;
6. Created sequences can be used as actions in other sequences;
7. Different methods of activation:
1. Manual activation
2. Programmed activation.
3) [BI]
Depending on the operator profile, sequences shall be able to be created, modified, and
deleted as required by operators. The area of authority shall dictate what the operator could do.
4) [BI]
It shall also be possible to record operator actions, save the sequence, and then perform the
sequence as a command sequence.
5) [BI]
A command sequence shall comprise of a series of command outputs which are executed
sequentially but are initiated by a single command output.
6) [BI]
ISCS system shall be equipped with automation scheduler to enable management of task
execution based on specific calendar, event/ alarm/ set point occurrence, error condition
7) [BI]
ISCS can support the calculations using received analogue or status/alarm data, to generate
synthesized status or alarms or affect a colour change of corresponding equipment on the ISCS
HMI.
Page 33 of 171
Rev. No. 0.4.0
8) [BI]The calculation result or synthesized object status or command can be transmitted to the
related interfaced system by ISCS, which can also be used by ISCS as part of any automation or
scheduling process.
9) [BI]
The command sequences could be executed manually or automatically in response to the
system events (alarms, changes of state).
10) [BI]
The operator shall be allowed to log-in using his / her profile in the workstation at any location
to perform the command sequencer as granted under their area of authority.
4.4 Processing Function Requirements [ISCS-SWRS-204000]
4.4.1 Analogue Point [ISCS-SWRS-204010]

1) [BI]
The ISCS system shall acquire and display analogue parameters from the plant being
monitored.
2) [BI]
Each acquired analogue parameter shall have a threshold assigned to it, and the system shall
be able to generate alarms based upon these thresholds.
3) [BI]
When the thresholds are changed, the previous and new thresholds, as well as the name of
the responsible operator, shall be recorded in the event log and printed out.
4) [BI]
The total accuracy of A-D conversion, transmission of digital value, and display in workstation
should be ±0.5% full scale value.
4.5 Graphic Display Requirements [ISCS-SWRS-205000]

1) [BI]
Multiple operators shall be able to support incident management at any given workstation by
using ISCS HMI visual displays.
2) [BI]
The ISCS HMI Graphical User Interface shall provide a readily navigable series of display
pages to enable efficient operator usage of the ISCS connected systems, to enable efficient
control and monitoring of the RTS Link.
3) [BI] These display pages shall include, but not be limited to:
1. Geographical location dynamic displays showing the site or train layout, in plan view and
elevation, on to which the location of each item of monitored equipment is to be superimposed
along with the associated equipment description and identification numbers. The geographical
coordinates shall be included in this view, if applicable;
2. Coordinated plan views representing all systems in a respective location
3. Sub-system views
4. Event/status and alarm lists
5. Dynamic graphical displays;
6. Dynamic symbols;
7. Equipment tags
8. Executive summary of the RTS Link status for a quick display of key data;
9. Synoptic and schematic views of all controlled and monitored systems; and
10. Help pages
Page 34 of 171
Rev. No. 0.4.0
4) [BI]
The ISCS workstation display icons, graphic displays and pictorial representations shall be
harmonised across all ISCS subsystems.
5) [INFO]
Graphical layouts shall be developed based on coordinated CAD inputs with the Other
WPCs.
6) [INFO]
Information from all interfaced sub-systems shall be collected and integrated by ISCS in
order to display views onto the VCP.
7) [INFO]
The VCP shall be capable of displaying legible symbols and text visible from all workstations
in the Control Room.
4.5.2 Modification [ISCS-SWRS-205020]

1) [BI]
During final design, the WPC shall propose a set of pre-defined VCP display layouts that shall
be approved upon by the Employer. The operator shall be able to rearrange the windows and
adding/supressing feeds to modify the display layout.
4.5.3 User Control [ISCS-SWRS-205030]

1) [BI]
The HMI design shall be flexible enough to enable users to choose the methods of access to
functions based on their experience, personal preference and circumstances.
2) [INFO]
The common and essential functions shall be presented in a clear and logical manner. The
more sophisticated and less frequently used functions shall be hidden from immediate view but
available at all times.
3) [BI]
Users shall be able to personalize aspects of the interface, such as colour and fonts, in an HMI
application.
4) [BI]
Users shall be able to manipulate symbols on a graphical display that represent real-world
equipment to control applications. Each action shall be accompanied by a visual response. The
function shall be achieved by selecting a symbol or group of symbols and performing an action
on those symbols. This enables the user to see which elements need to be acted on prior to
taking action.
5) [BI]
The user interface shall feature simple point and click actions that minimises the use of the
keyboard.
4.5.4 Consistency [ISCS-SWRS-205040]

1) [BI]
Both within a single HMI application and among various HMIs within the same system,
consistency is important. It must be possible to achieve coherence between different screens, as
well as in the shape and colour of the symbols used.
2) [BI] Consistency shall include the following:
1. Similar components shall operate similarly and have similar uses. Components shall be
organised in a familiar manner. The user shall be able to quickly find the proper component
for each task;
2. The same action shall always have the same result;
3. The function of components shall not change based on context. The result of the action may,
however, change with context;
4. Common terminology, wording and symbols shall be used throughout;
5. The position of components shall not change based on context. Components shall not be
removed and added, rather they shall be made functional or non-functional. This shall not
apply to menus and other windows which are allowed to pop-up and pop-down;
Page 35 of 171
Rev. No. 0.4.0
6. The position of the mouse pointer shall not warp, i.e. the application shall not move the pointer;
and
7. Interaction is familiar, i.e. the same window shall have similar functionality in different
applications.
4.5.5 Feedback [ISCS-SWRS-205050]

1) [BI]
Users shall receive response from applications indicating that the computer has received their
input. The user shall be informed that the operation is being processed through feedback.
2) [BI]
Visual feedback shall be simple and appropriate for the situation, such as a pointer changing
to an hourglass shape. A feedback message in a message box may be needed for more complex
feedback.
3) [BI]The feedback message shall be presented consistently and correctly, particularly in
informational and warning dialogues.
4) [BI]
For any activity that has irreversible negative consequences, a warning message shall be
displayed, requiring the user to take an explicit action.
5) [BI]
All messages, warnings, errors or information shall be consistently presented and shall be
easy to distinguish from one another.
6) [BI] The system shall be designed so as to achieve the overall objective of providing instant
information that can be used for a meaningful action. The vital response times of time between a
change of state at a remote station and its display at the OCC/BCC, the time taken between
initiation of a command and its display on the OCC/BCC, etc. shall be considered in the design
to cater for the overall equipment response time.
4.5.6 Windows [ISCS-SWRS-205060]

1) [INFO]
The ISCS workstations shall be provided with several Visual Display Terminals (VDTs) that
work as one desktop area.
2) [BI]
The desktop area shall be able to be subdivided into split screens and resizable by the operator
to simultaneously display multiple graphical displays and optimal use of the desktop area.
3) [BI]
The multi-window screen principle shall be used in the HMI design. Windows can be classified
into primary windows and secondary windows.
4) [BI]
A primary window consists of a border which defines its extent, a title bar and a menu area.
Other components such as tool bars and status bars may also be included. The primary window
shall allow re-sizing and scroll bars shall be provided access to virtual window areas that are
beyond the displayable area of the primary window.
5) [BI]
A secondary window is a result of an action carried out on a primary window and is commonly
used to gather additional information to complete a command or revealing more information as a
result of a query command.
6) [BI]
A typical application may have several main windows in operation in the same time. One or
more screens of a multi-screen workstation shall be displayed. The focus can be moved from one
window to another either by activating the button that enabled the window, by using a two key
combination on the keyboard, or by selecting the window if part of it is visible.
7) [BI]
The keyboard, the mouse, touch screen, or a combination of these shall be used to input data
into each window. The window which receives keyboard events has the input focus. Within each
window, the keyboard focus determines which component of the window gets each keyboard
input. Only one window can have the input focus at a time, and that window must shall be
highlighted by a change in the window border's shade or colour. The keyboard focus shall only
be on one component of the window with input focus.
Page 36 of 171
Rev. No. 0.4.0
8) [BI]
The HMI's focus shall be explicit, which means the user shall have to choose which window
the keyboard focus shall be applied to.
4.5.7 Screen Layout [ISCS-SWRS-205070]

1) [INFO]
The screen layout shall be consistent within an HMI application as well as across different
HMI applications. Users shall be able to quickly assimilate all of the data provided by the
presentation.
2) [BI]
An overview screen with important information shall be displayed in the main display area. To
expose additional details on the same screen, access to a more detailed level or magnifying the
graphical view shall be allowed.
3) [BI] The general screen shall, as a minimum, display the following:
1. Real time train movement using track sections status
2. Display location and train ID of moving train
3. Location of non-communicating train
4. Position of points (locking & detection) & status of routes
5. In addition, the following alarms shall be displayed on the projection panel:
1. Malfunction power failure
2. Train ready
3. Blocking/ unblocking of points, route, signals and maintenance blocks
4. Cycles in the terminal stations and intermediate turn back location
5. Any other alarm required on operational considerations
6. All indications mentioned in the relevant Particular Specification
4) [BI]
ISCS HMI GUI design for the ISCS display screens shall include all railway systems but not
limited to the:
1. [BI] Building Management System (BMS)
2. [BI] Environmental Control System (ECS)
3. [SIL2] Tunnel Ventilation System (TVS)
4. [SIL2] Power SCADA (PSCADA)
5. [BI] Video Surveillance System (VSS)
6. [BI] Passenger Information Display System (PIDS)
7. [BI] Public Address System (PA System)
8. [BI]Radio System
9. [BI] Communication Backbone Network (CBN)
5) [BI]
For all remote sites, the OCC and BOCC ISCS HMI shall be equipped with an overall graphical
mimic.
6) [BI]
Monitored points shall be dynamically presented using appropriate symbols and analogue
displays.
7) [BI]
Each element, alarms, instructions shall be clearly readable in lighting of 550 lux to the operator
in OCC/BCC.
4.5.7.1 Access Management System (AMS) Interface [ISCS-SWRS-205071]
1) [BI] The ISCS HMI shall provide a readily navigable display via a geographical map representation
of the site layout in plan view, onto which the location of each camera and other security
equipment (such as AMS doors etc.) shall be superimposed, along with the associated equipment
identification numbers.
Page 37 of 171
Rev. No. 0.4.0
2) [BI]
The integrated GUI for AMS and VSS shall display a geographical map / layout with the exact
locations of AMS and VSS equipment.
4.5.7.2 Video Surveillance System (VSS) Interface [ISCS-SWRS-205072]
1) [BI] VSS intrusion detection zones and associated alarms shall be displayed on the geographic
map.
2) [BI]
The integrated GUI for AMS and VSS shall display a geographical map / layout with the exact
locations of AMS and VSS equipment.
4.5.7.3 Video Wall Display Interface [ISCS-SWRS-205073]
1) [BI] The VWDP shall be configurable to display the following, but not limited to:
1. Systems Network Overview
2. Critical Alarms
2) [BI] The VWDP shall provide a network overview including, but not limited to the following:
1. [BI] Changeover status
2. [SIL2] Selected alarms from other systems such as power, fire and ventilation systems
3) [BI]
The ESP shall automatically alert the operator at the OCC via the ISCS HMI when it is triggered.
The ISCS HMI shall automatically activate the adjacent VSS to display VSS images at
workstations and on the video wall.
4.5.7.4 Public Address (PA) System Interface [ISCS-SWRS-205074]
1) [BI] The ISCS HMI shall be equipped with the GUI with graphical display of site layout with icons
that represent the PA zones.
4.5.7.5 Traction Power System (TPS) Interface [ISCS-SWRS-205075]
1) [INFO] The TPS shall design and provide a single line diagram of the Traction Power Supply
distribution to COMMS WPC and assist COMMS WPC in designing the GUI on the ISCS HMI.
2) [INFO] The GUI drawing shall be reviewed and accepted by the Employer.
3) [SIL2]
On the ISCS HMI, the COMMS WPC shall be responsible to produce the GUI for all related
TPS equipment.
4.5.8 Navigation [ISCS-SWRS-205080]

1) [BI]
All functions shall be accessible quickly, and "hot spots" shall be used as gateways between
functions and/or views.
2) [BI]
The navigation shall be designed to be as simple and logical as possible for the user. When
navigating inside a geographical area comprising multiple screens, facilities shall be provided for
the user to move from one screen to the next both in the forward and backward directions.
4.5.9 Layering [ISCS-SWRS-205090]

1) [BI]
Filtering coordinated plan views for symbols related to specific systems and equipment types
shall be possible.
4.5.10 Menus and Control Buttons [ISCS-SWRS-205100]

1) [BI]
The HMI shall have a menu driven. In case of vital commands such as remote control, a double
checking facility shall be available for doubly ensuring that the operator's input is valid. Various
help levels of assistance for the operator shall be available. It shall be possible to select the
required option with the minimum number of operations.
2) [BI]
A logical and easily understandable menu listing the commands available shall be provided to
the user.
Page 38 of 171
Rev. No. 0.4.0
3) [BI]
Among different types of menus, the most commonly used are drop-down menus and pop-up
menus.
4) [BI]
All menu commands shall be accessible via the keyboard, and all major system commands
shall be accessible through a menu.
5) [BI]
Keyboard shortcuts and mnemonics shall be provided. The underlined characters in menu
options or command names are keyboard mnemonics.
4.5.11 Colours [ISCS-SWRS-205110]

1) [INFO]
Appropriate colour and contrast shall be used to help the user distinguish screen objects
against the background of a window. The usage of colour shall be subject during the design
stages and shall be determined to the Employer’s review.
2) [INFO]
The GUI shall be designed with visual consistency by using neutral colours over most of its
background and most common features.
3) [BI]
Bright colours and strong contrasts shall be used in certain GUI features to draw the user's
attention, such as when an alarm is triggered. Colour shall be used to differentiate different types
of alarms. Alarms shall be divided into different priorities and shall be distinguished by different
colours.
4) [BI]
Colour shall be used to provide additional differentiation among screen objects. Differentiation
shall also be achieved by using different shape and size and dynamic behaviour of screen objects.
5) [BI]
The failure alarm shall be classified into different level of severity alarm and each alarm level
shall be displayed on the ISCS HMI display with audio and visual alerts in different colour
6) [BI]
The state of a displayed symbol shall always reflect the real time field status and shall highlight,
by means of a change in colour and an alarm, if the equipment has “lost communication” with the
ISCS.
4.5.12 Font and Text Design [ISCS-SWRS-205120]

1) [INFO]
On a high-density, high-resolution VDU, the font type and size shall be designed so that the
character can be clearly vied and distinguished at a suitable viewing distance. The font type and
size shall be determined during the design stages, and shall be subject to the Employer's
approval.
2) [BI] The character shall have a width of between 70% and 90% of its height.
3) [BI] At least 10% of the character width shall be used for spacing between 2 characters.
4) [BI] The spacing of two words shall be one upper case character.
5) [BI] The spacing between two lines shall be at least 5% of the character height.
6) [BI] The stroke width shall be a minimum of 6% of the character height.
7) [BI]
The text in both upper and lower case shall be used. The use of upper case shall be avoided
except for short captions, label or column headings.
8) [BI] Hyphenation of words that continue on the next line shall be avoided.
4.5.13 Curser and Pointer [ISCS-SWRS-205130]

1) [BI]
The user is assisted in identifying the object by the use of a pointer. The pointer's size and
border colour shall be selected such that it is easily seen on the screen among the different
objects.
2) [BI]
After any user-initiated action that takes more than one second to complete, the hourglass
pointer shall appear.
Page 39 of 171
Rev. No. 0.4.0
3) [BI]
The cursor shall be easily seen on the screen minimising the object area obscured by the
cursor.
4) [BI] A mouse or tracker ball shall be used to manipulate the pointer.
5) [INFO]
User interface applications shall take input from mouse/tracker ball and touch screen devices
and from keyboards.
4.5.14 Animation [ISCS-SWRS-205140]

1) [INFO] The WPC shall provide animation models for Employer approval.
4.6 Event & Alarm Requirements [ISCS-SWRS-206000]

1) [BI]All ISCS and interfaced systems' equipment shall have its change of status and failure
information collected and logged by the ISCS system.
2) [BI]
The system and equipment logs shall be in English, readable and understandable with proper
line arrangement for the user.
3) [INFO]
The WPC shall engage in a dialogue process with the Employer in order to determine and
agree, by means of an Alarm Management Strategy, the alarm philosophy and management to
be implemented within the ISCS.
4) [INFO] The process shall consider the following aspects as a minimum:
1. Operator profiles and corresponding authorities;
2. Alarm definition
3. Alarm types (e.g. persistent, secure, transient) and their behaviour;
4. Definition of safety critical alarms;
5. Definition of alarm system performance;
6. Alarm priority / severity rules and levels
7. Definition of colour coding;
8. Audible alarm interaction;
9. Interpretation of alarm patterns and alarm grouping/masking to reduce alarm storms;
10. Allocation of roles for management;
11. Alarm review procedures;
12. Define process for managing and implementing changes to the alarm system;
13. Logging and review of alarms to minimise spurious alarms;
14. Tagging, inhibition and Log Book functionality;
15. Categorisation/grouping of events/alarms;
16. Allocation of events/alarms to specific ISCS HMI operator;
17. Allocation of events/alarms to specific authority level / area of responsibility; and
18. Define process for handing alarms over to MMS (NOT USED)
5) [BI] The alarm system shall ensure the following design criteria, as minimum are provided for:
1. Hierarchical alarm system;
Page 40 of 171
Rev. No. 0.4.0
2. Minimise spurious alarms;

3. Ensure all alarms are actionable;
4. Identify and reduce spurious alarms;
5. Reduce alarm storms;
6. Alarm text is clear; and
7. Allow additional alarm action information to be displayed.
6) [BI] The ISCS shall possess configurable alarm processing, in order to manage the following:
1. The reduction of the number of alarms presented to the ISCS operator by suppressing
nuisance alarms and substituting a set of alarms with a single synthesised alarm
corresponding to the severity of the highest aggregated alarm (avalanche alarm suppression
scenarios);
2. Diagnose current situations occurring to convey a clearer idea of the condition causing the
alarms; and
3. Aggregate information: group alarms/events sharing the same root, to show ISCS values
before the incident.
7) [BI]
When an alarm occurs, it shall appear in the Alarm Display along with the equipment's
corresponding icon, awaiting operator acknowledgement or return to normal state.
8) [BI]
Events and alarms can be restricted or allocated to a specific operator or workstation using
the ISCS event and alarm system.
9) [BI]
The combination of privileges for both display and acknowledgement shall determine the ISCS
event and alarm restrictions.
10) [BI]
ISCS alarm management system shall able to manage the large volume of alarms likely to be
generated by the systems monitored by the ISCS system.
4.6.2 Time Stamp [ISCS-SWRS-206020]

1) [BI]
All events and alarms shall be time stamped with reference to the master clock synchronised
time.
2) [BI]All events and alarms shall be recorded, and time tagged in the order of their occurrence to
allow evaluation of incidents.
3) [BI]
Events shall be time tagged at the remote ISCS system collection point, PLC/RTU, or on
reception via a serial or Ethernet link (for connected systems).
4.6.3 Event & Alarm Display [ISCS-SWRS-206030]

1) [BI]
The ISCS HMI shall provide event/status and alarm lists, and configurable active views to allow
visual and audible interaction with the system.
2) [BI] Typical information shown in event and alarm displays shall be as follows:
1. Alarm Tag;
2. Equipment Name;
3. Alarm description;
4. Alarm Severity;
5. Activation date and time;
6. Actual status of the alarm (active unacknowledged, active acknowledged and inactive
unacknowledged);
7. Date and time of acknowledgement as applicable;
Page 41 of 171
Rev. No. 0.4.0
8. Text or symbol colour depends on severity. Unacknowledged alarms use flashing text or
symbol
9. Alarm Summary (active alarm count per sub-system, total active alarms); and
10. Filtered Alarm Summary (filtered alarm count per sub-system, total filtered alarms), when
applicable.
3) [BI]
The system shall allow multiple Event Displays and Alarm Displays to be opened at a given
time, each with different filters.
4) [BI]Each display shall be able to have independent filters applied to show only the required
information. These filters shall include the following typical criteria for each of the groups:
1. By Tag number;
2. By date and time range;
3. By Control Zone;
4. By Location;
5. By device types;
6. By particular system;
7. By particular device;
8. By alarm status; and
9. By severity/priority.
5) [BI]
In order to achieve the desired information display, any combination of these criteria shall be
able to be applied to a given filter.
6) [BI]
The operator shall be able to see the operational mimic associated with the selected alarm
after selecting it in the Alarm Display.
7) [BI]
An alarm must have been acknowledged by the operator and returned to its normal state in
order for it to disappear from the Alarm Display.
8) [BI]
The alarm windows' display order shall normally be from the most recent alarm to the last, but
other filter parameters shall be able to order the alarms displayed.
9) [BI]The Event Displays and Alarm Displays shall allow the operator to easily supervise and control
all alarms and incidents as they occur.
4.6.4 Alarm Log [ISCS-SWRS-206040]

1) [BI] All alarm shall be logged and reported.
2) [BI]
Alarm lists shall be provided to operators to provide them with warnings regarding changes
affecting their area of responsibility and to show what abnormalities are currently affecting it.
3) [BI]
Only alarms relevant to an operator's user role shall be presented to the operator as a general
philosophy. To display the most recent unacknowledged alarm, an alarm banner shall be provided.
When an unacknowledged alert occurs, this banner or window shall consistently place on all HMI
displays, irrespective of screen display.
4) [BI]
The date, time, source of the alert, and text defining the alarm condition and equipment
involved shall all be included in the alarm information.
5) [BI]
Depending on the severity of the alarm condition and the urgency of the Operator's response
required, each incoming alarm shall be classified into an alarm priority level.
6) [BI]
It shall be possible to assign any change of state/limit violation to the user based on alarm
priority, allowing the user to distinguish between the alarm's importance levels. A different colour
shall be used to represent different levels of prioritisation.
Page 42 of 171
Rev. No. 0.4.0
7) [BI]
The alerts shall be presented in chronological order, with the most recent alarms at the top of
the row. One end of the alarm banner shall have a number of unacknowledged alarms.
8) [BI] An audible and visual warning shall be given when a new alarm is triggered.
4.6.5 Event Log [ISCS-SWRS-206050]

1) [BI]
All internal events, including operator actions and configuration changes, shall be automatically
logged (audit logged) by the ISCS system, providing in a chronological record of all system
interaction in an event log.
2) [BI] The ISCS shall, as minimum, log internal events, such as operator actions:
1. Acknowledgement of alarms;
2. Operator login/logout;
3. Commands;
4. ISCS Equipment Alarms;
5. ISCS communications alarms;
6. Backup/Archiving events;
7. Run times of equipment;
8. Analogue level alarms;
9. Call history;
10. Camera to Tile assignment; and
11. Operator Log Book creation
3) [BI]
The event log shall log all login, log off, automatic log off enable/disable, and authority
grant/removal activities, as well as the operator's identification.
4) [BI] The event log shall log all control actions with the operator identifier.
4.6.6 Historical Log [ISCS-SWRS-206060]

1) [BI]
All alarms shall also be recorded in a historical alarm log to the level of detail presented within
the Alarm Display.
2) [BI]
An alarm must be acknowledged by the operator and returned to its normal state before it can
be removed from the Alarm Display. Such alarms shall remain in the historical alarm log.
3) [BI]Alarms and events that occur in the system shall be recorded in the historical database for
further viewing and analysis.
4) [BI]Using a single export icon, the operator shall be able to export all historical logs to
the chosen export destination path onto removable media in an open format, such as CSV, and
to USB media.
4.6.7 Avalanche Alarm [ISCS-SWRS-206070]

1) [BI]
Alarm suppression shall suppress non-critical alarms under Avalanche conditions to prevent
an excessive quantity of alarms in the Alarm Display due to the cascade effect of a high-level
equipment failure or alarm.
2) [BI]
The avalanche alarm suppression conditions shall be operator configurable and defined by
Boolean logic expressions of states of one or more equipment.
3) [BI] Multiple levels of alarm suppression shall be supported.
Page 43 of 171
Rev. No. 0.4.0
4) [BI]
The filtering level selected shall depend on the seriousness of the condition. The operator shall
be able to suppress different alert severity levels at any time and shall be prompted by the monitor
throughout the time when it is in force.
4.6.8 Alarm Severity [ISCS-SWRS-206080]

1) [BI]
The failure alarm shall be classified into different levels of severity, and each alarm level shall
be displayed on the ISCS HMI display with audio and visual alerts in a different colour.
2) [BI] Such alerts shall continue until the alarm condition is resolved or the alert is acknowledged.
3) [BI]
All rectified alarms shall be moved from active alarm display list and automatically be inserted
into the alarm history database.
4) [BI] Each different severity/priority of alarm shall be assigned a different colour and sound.
5) [BI] The severity of the failure alarm to be reviewed and accepted by Employer.
4.6.9 Alarm Acknowledgement [ISCS-SWRS-206090]

1) [BI] Single or multiple alarms shall be able to be acknowledged.
2) [BI]By pointing to the activated symbol in the alarm banner, the operator shall be rapidly guided
to the relevant diagram display, where alarm acknowledgement can be performed.
3) [BI]
The audio alert shall be muted once the alarm has been acknowledged, but the visual alert
shall not be resumed until the alarm condition has been resolved.
4) [BI] In general, the states that an alarm can have shall be as follows:
1. Unacknowledged Alarm: The alarm has recently occurred and has not been acknowledged
by an operator. Alarm colour flashing background and “On / Alarm Condition” text displayed
(e.g. Out of Service).
2. Acknowledge Alarm: The alarm still exists, and an operator has acknowledged it. Fixed alarm
colour background and “On / Alarm Condition” text displayed.
3. Unacknowledged Cleared: The alarm situation no longer exists but it has not been
acknowledged by an operator. Flashing alarm colour background and “Off / Normal Condition”
text displayed (e.g. Online).
4. Acknowledged Cleared: There is no alarm situation and there is no alarm pending
acknowledgement. It disappears from the display but remains available in the historical alarms
log.
4.6.10 Pre-Set Delay [ISCS-SWRS-206100]

1) [BI]
In order to mitigate the effect of intermittent alarms, the system shall allow the operator to
impose pre-set delays to individual or groups of inputs.
2) [BI]
All inputs with a pre-set delay imposed by the operator shall be listed in an operator navigable
view with filtering capabilities.
4.6.11 Alarm Group [ISCS-SWRS-206110]

1) [BI]
The ISCS event and alarm system shall allow for the grouping of events and/or alarms by
zone, station or line.
4.6.12 Filtering [ISCS-SWRS-206120]

1) [BI]
In terms of message identity numbers or date/time stamps, operators shall be able to define
the start and end points in any list (e.g., Logbook entries, Event Logs, etc.).
Page 44 of 171
Rev. No. 0.4.0
4.7 Database Management Requirements [ISCS-SWRS-207000]
1) [INFO]
The alarm history storage database shall have sufficient capacity to store the anticipated
alarm for a period of at least twelve (12) months without carrying out any housekeeping.
2) [BI]
The design of the ISCS system shall allow for fall-back operation of the system to the BOCC
ISCS database in the event that the OCC ISCS database is “offline” or otherwise unavailable,
and vice versa.
3) [BI]
An alarm shall be raised in the ISCS upon its database and / or storage capacity exceeding a
pre-set threshold.
4) [BI]
Within the ISCS system, there shall be a data archiving function for storing all data received
from the field, as well as operator commands and events.
5) [BI] Analysis of the stored data shall be made by using any workstation connected to the system.
6) [BI] The following typical functions shall be available:
1. Historical analogue and digital value trend curves;
2. Event and alarm lists with filtering;
3. Internal events log;
4. Operation actions log;
5. Generation of reports; and
6. Backup and recovery of old data.
7) [BI] For the previous 365 days, all events, alarms, and analogue data shall be retained.
8) [BI]
The ISCS must be able to buffer at least 24 hours of data in the event that the archive system
cannot be updated due to a fault with the backup storage device or if the media is full.
9) [BI] Buffered data shall also be retrievable by the operator.
10) [BI]
A backup solution for ISCS Server and ISCS workstation shall be provided. All tools and
applications required for restoration of backed-up date shall be provided.
11) [BI] A
backup solution for the ISCS Database, for example, image files or clones of the hard disk,
and any necessary associated software shall be provided.
12) [BI]
Use of the appropriate tools shall allow queries to be made for specific time periods, system
equipment categories and location categories, as a minimum.
13) [BI]
Both alarms and events occurring in the system shall be recorded in the historical database
for future viewing and analysis if required.
4.8 Reporting Requirements [ISCS-SWRS-208000]
1) [BI] All alarm shall be logged and reported.

2) [BI]
The system and equipment logs shall be in English, readable, understandable with proper line
arrangement for the user.
3) [BI]Report generation facilities shall be provided in the ISCS to enable operators to perform the
following functions:
1. Construct reports;
2. Set-up pro-forma type reports;
3. Generate pre-defined reports;
4. Store, archive and retrieve reports;
Page 45 of 171
Rev. No. 0.4.0
5. View reports;
6. Print reports (automatically, periodically or on request); and
7. Export reports (CSV, and presentation formats to be agreed with the Employer).
4) [BI] It shall be possible to construct reports which include any of the following:
1. Real time data;
2. Stored or archived data;
3. Descriptive text, including but not be limited to, titles, page header, footer; and
4. Data derived by manipulation of any of the above.
5) [BI]
For each monitored sub-system, the system shall report the number of failures and system
downtime over a configurable time period.
6) [BI]
Through a pro-forma screen, the ISCS shall allow operators to freely define the format and
content of reports.
7) [INFO]
The WPC shall provide at least 10 different types of pre-defined report templates for the
Employer's approval.
8) [BI]
The generated reports shall be stored internally, and it can be manually backup to an external
USB mediums or optical disk.
4.9 Trending Requirements [ISCS-SWRS-209000]
1) [BI]
In real-time and in the historical, the ISCS system shall be able to display the acquired values
in text and graph/trend form. During final design, details of pre-defined trends, graphs, and
historical content shall be submitted to the Employer for approval.
2) [BI] The operators shall have access to pre-defined trend displays via a selection menu.
3) [BI]
The ISCS shall also provide operators with freely definable displays to construct trend displays
and graphs through a pro-forma screen.
4.10 Help Functionality Requirements [ISCS-SWRS-210000]
1) [BI]
During the operation of the system, a Help facility shall be available to assist the user. The
Help facility shall allow the user to refer to a particular operation without searching for the hard
copy of the manual.
2) [BI]
The ISCS HMI shall have an intuitive help system that shall provide help not only for ISCS
systems, but also for all other sub systems that are integrated into the ISCS HMI, allowing an
operator to resolve all foreseeable issues with only one help system.
3) [BI]
Context-sensitive help shall be made available to assist the user in identifying the steps to
complete the control operation.
4) [BI]
The ISCS HMI shall also provide operators with a "scenario" help function to assist them when
a specific incident occurs.
5) [BI]
The operator administrator shall be able to modify, expand, and update the "scenario" help
procedures as actual operating experience accumulates.
6) [BI] The ISCS shall include a wiki database with:
1. Alarm codes
2. Descriptions
3. Suggested fault resolution actions including priorities
Page 46 of 171
Rev. No. 0.4.0
The system administrator shall be able to update the wiki database in the future.
7) [BI]
An ISCS operator shall be aided by a Decision Support System (DSS) in responding to
abnormal situations that may arise within the system.
8) [BI]
The Decision Support System (DSS) shall guide the operator through the individual steps
involved in the response procedure and help the operator to take corrective actions that are
appropriate in the circumstances.
4.11 System Management Functionality Requirements [ISCS-SWRS-211000]
1) [BI]
In the event of changes to the monitored and controlled infrastructure, the ISCS shall allow the
Employer to fully edit the ISCS system configuration.
2) [BI] The OCC and BOCC shall be able to configure any distributed ISCS equipment.
3) [BI] ISCS Maintenance workstations shall be provided with:
1. Capability to perform configuration and modification of the ISCS HMI and database
2. Capability to perform maintenance and diagnostic activities for all ISCS equipment
4) [BI]
The ISCS shall include all necessary tools and licenses to allow configuration and modification
of, and additions to, the database, the workstation views, and the Operating System.
4.12 Training Simulator Requirements [ISCS-SWRS-212000]
1) [BI]
The Training Simulator shall include all features available in the operational system, and
simulate all HMI functions, graphics, and responses.
2) [BI]
The Training Simulator shall be able to retrieve data from the operational system but not write
any data onto that system.
3) [BI] The Training Simulator shall be able to build training scenarios using retrieved data.
4) [BI]
The Training Simulator shall be able to reproduce all O&M operational scenarios possible on
the RTS Link.
5) [BI] The Training Simulator shall include a trainer’s workstation and trainee workstations.
4.12.1 Recorder / Playback [ISCS-SWRS-212010]

1) [BI]
The system shall be able to replay sequences of recorded events and alarms from any
workstation location within an operator specified time period.
4.13 Log Book Requirements [ISCS-SWRS-213000]
1) [BI] Operators are intended to use log books to leave messages at shift handover times.
2) [BI] In the event of ISCS crashes or changeovers, these Log Books shall not be lost.
3) [BI]
The Log Book shall have the same editing functionality as modern commercial off the shelf
word processing packages, at least equivalent to Microsoft Windows WordPad editor.
4) [BI] For each user profile, a Log Book facility shall be provided.
5) [BI]
For each individual event or alarm in the event and alarm lists, the ISCS HMI shall provide an
operator with a log Book annotation facility.
6) [BI] When logging onto a shift, the message Log Book window shall automatically be displayed.
Page 47 of 171
Rev. No. 0.4.0
7) [BI]
To facilitate operator, shift handovers, annotations pertaining to an operator's area of
responsibility shall be viewable upon operator login.
8) [BI]
No further amendments or deletions are permitted after an operator has made an entry and
confirmed it as correct.
9) [BI]
In terms of message identity numbers or date/time stamps, operators shall be able to define
the start and end points in any list (e.g., Logbook entries, Event Logs, etc.).
10) [INFO]
WPC to liaise with the Employer to collect all required processes and actions such as
equipment out of service, Possession and Written Order to be included in the logbook.
4.14 Printing Requirements [ISCS-SWRS-214000]
1) [BI]
All types of information, including operation, alarms, events, Log Books, reports, graphs; both
current and recovered from archive, shall be able to be printed.
2) [BI]
Operators shall be able to print filtered lists that clearly indicate the filter parameters being
used. Operator shall be able to define the start and end points of the list in terms of date/time
stamps.
3) [BI]
Printers shall be controlled by a print management facility that uses spooling to ensure print
requests do not disable operator interaction at a Workstation whilst printing is taking place.
4) [INFO] The printers and plotters supplied at OCC & BOCC shall be shared among all systems.
5) [INFO]
The WPC shall supply all required printers at the OCC and BOCC, including any large format
plotters required for train graphs etc.
4.15 Redundancy and Failover Requirements [ISCS-SWRS-215000]
1) [BI]
Automatic and seamless failovers of redundant equipment shall be provided to the operator.
To maintain the ISCS operation uninterrupted, the affected equipment shall be isolated and new
data paths shall be established.
2) [BI]
No data shall be lost, and the operator shall not have to re-log in. On the HMI, no disruption to
the operator shall be visible.
3) [BI]
An alarm and an indicator on the HMI designating the active equipment shall notify the operator
of a failover.
4) [BI]
An alarm shall be raised to alert the operator and maintainer in the case of a redundant link
and/or equipment failure.
Page 48 of 171
Rev. No. 0.4.0
Page 49 of 171
Rev. No. 0.4.0
5 External Interface Requirements [ISCS-SWRS-300000]

5.1 Interface with COMMS Subsystems [ISCS-SWRS-301000]
5.1.1 Communication Backbone Network (CBN) Interface [ISCS-SWRS-301010]

1) [BI]
The alarm and status monitoring functionality shall be provided through interfacing the ISCS
system to the CBN systems.
CBN NMS ISCS Server ISCS Workstation
CBN Equipment
Alarm Status
Display Alarm
Figure 5-1: Sequence Diagram for Monitoring of the CBN Systems
Alarm Status Alarm Display

ISCS Server ISCS Workstation
CBN NMS
Figure 5-2: Data Flow Diagram for Monitoring of the CBN Systems
5.1.2 Wireless Data Communication System (WDCS) Interface [ISCS-SWRS-301020]

1) [BI]
system to the CBN systems.
WDCS NMS ISCS Server ISCS Workstation
WDCS Equipment
Alarm Status
Display Alarm
Figure 5-3: Sequence Diagram for Monitoring of the WDCS Systems
Page 50 of 171
Rev. No. 0.4.0
Alarm Status Display Alarm

WDCS NMS ISCS Server ISCS Workstation
Figure 5-4: Data Flow Diagram for Monitoring of the WDCS Systems
5.1.3 Public Address (PA) System Interface [ISCS-SWRS-301030]

1) [BI]
Upon broadcasting any messages to the PA zone(s), the ISCS HMI shall be able to identify
the location of the message being broadcasted and display the occupied zone.
2) [BI]
The ISCS HMI shall allow the operator to broadcast pre-recorded messages stored in DVAS
and make live announcement under normal operation condition.
3) [BI]
Announcement regarding train service-related information can be made through interfacing
the PA system with the Signalling system via ISCS.
4) [BI]
Operational announcement functionality shall be provided through interfacing the PA system
with ISCS.
5) [BI]
Message display and audio announcement synchronization shall be done by interfacing the
PA system with PIDS via ISCS.
ISCS Server PA/PIDS Server
Train Information
Train Information
Message Display and
Audio Announcement
Synchronization
Figure 5-5: Sequence Diagram for Message Display and Audio Announcement Synchronization
ISCS Server Train Information

PA/PIDS Server
Figure 5-6: Data Flow Diagram for Message Display and Audio Announcement Synchronization
6) [BI]
Pre-recorded or live announcement can be made to various locations throughout the RTS Link
by OCC or BOCC operator using the ISCS HMI, including but not limited to;
1. Individual zones,
2. A number of zones,
3. Depot zones,
4. All zones within an individual station or depot,
5. All stations or entire depot.
6. [NOTE] Individual train,
Page 51 of 171
Rev. No. 0.4.0
7. [NOTE] A group of trains or

8. [NOTE] All trains
[NOTE]: Train announcement (Item 6, 7 and 8) will be done via TETRA Radio System Interface.
7) [BI]
A feedback signal is used to indicate the status (free/busy) of a station PA system. The
operator can check the status using the ISCS HMI.
8) [INFO]
The ISCS HMI located at OCC, BOCC and SCR shall be equipped with the necessary
recording facility which allows the operator to create new pre-recorded message. The newly
recorded messages shall be stored inside the local DVAS database.
9) [BI]
The ISCS HMI located at OCC and BOCC shall provide a functionality to access DVAS of any
station to upload and download pre-recorded message file to/from its database.
10) [BI]
A pre-listening and playback functionality of any pre-recorded messages prior to broadcasting
shall be provided by the ISCS HMI.
11) [BI]
The operator shall be able to select the zone, multiple zones or all zones in which the message
shall be directed using the ISCS HMI. A confirmation of the selected zone(s) is required from the
operator before the message is transmitted.
12) [BI]
The operator shall be able to choose to deliver a singular or sequence of pre-recorded
messages either once or periodically at a constant interval using the ISCS HMI. The operator can
configure the constant interval.
13) [INFO]
The PA system shall provide a functionality to make pre-recorded announcement according
to the events in the schedulers other than periodic or one-off announcement.
14) [BI] The ISCS HMI shall allow the operator to record, replay and broadcast the ad-hoc messages.
15) [BI]
Before and after pre-recorded message announcements are made, chime tones shall be
generated automatically. This feature can be enabled or disabled by the operator via the ISCS
HMI.
16) [BI]
The ISCS HMI shall include a functionality to cut out any broadcasting pre-recorded messages
through a one-step operation.
17) [BI] When a pre-defined condition is detected by the ISCS, an announcement of specific train
service, operational or emergency messages shall be made. This is done by the ISCS
communicating frequently with the PA system. The PA system shall broadcast related pre-
recorded messages to the designated PA zones at the station automatically upon receiving the
initiate commands from ISCS.
18) [BI] The ISCS HMI shall display the status of the broadcast.
19) [BI]The PA system shall automatically cancel the messages in broadcast and provide
acknowledgement to ISCS on the status of cancellation upon received the cancel commands
from ISCS.
20) [BI]
The ISCS HMI shall be able to program the message priority and offer the priority levels but
not limited to;
Table 5-1: PA Announcement Priority Levels
Level of Message Type

Priority
1 Live announcement from InfraCo PA Emergency Call
2 Live announcement from OCC or BOCC Emergency Call
3 Emergency pre-recorded announcement trigged byISCS.
Page 52 of 171
Rev. No. 0.4.0
Level of Message Type

Priority
4 Live announcement from PSC
5 Live announcement from Handheld Portable Radio.
6 Live announcement from OCC or BOCC.
7 Automatic announcement of pre-recorded train related service information

messages.
8 Automatic announcement of pre-recorded stationoperational messages.
9 Auto announcement of pre-recorded message, which triggered based on time

scheduler. (e.g. Don’t leave unattended luggage)
10 Maintenance and test messages
11-15 Spares
21) [BI]
The operator shall be able to disable the Automatic Noise Sensing function using the ISCS
HMI.
22) [BI]
The ISCS HMI allows the operator to assign the maximum level output for PA announcement.
23) [INFO]
The PA System shall interface with the Signalling System via ISCS for announcement
regarding with train service-related information, such as Time-To- Next-Train (TTNT), train delays
and etc.
5.1.4 Passenger Information Display System (PIDS) Interface [ISCS-SWRS-301040]
1) [BI]
The information such as train scheduling, train departure, train arrival at station shall be
obtained by the PIDS interacting with Signalling system via ISCS.
Signalling ISCS Server PIDS Server

System Server
Train Information
Train Information
Train Information
Figure 5-7: Sequence Diagram for Train Information Status
Train Information Train Information
Signalling ISCS Server PIDS Server

System Server
Figure 5-8: Data Flow Diagram for Train Information Status

Page 53 of 171
Rev. No. 0.4.0
2) [BI]
Train-related information including but not limited to train arrival, train destination, train bypass,
train turn back, train short loop, detrain, and interchange information display shall be displayed
to passengers by interfacing the PIDS with Signalling system via ISCS.
3) [INFO]
Information regarding fire emergency evacuation shall be displayed by interfacing the PIDS
with Fire Protection System via ISCS.
4) [BI]
Information regarding station operation shall be displayed to passengers by interfacing the
PIDS with ISCS. For example, station daily open/close and concourse close.
5) [BI]
The operator shall be able to instantly construct a new message or select from the look-up
table and broadcast it to one or both sides of a PID, a group of PIDs or all PIDs using the ISCS
HMI.
6) [BI]
The operator shall be able to blank/un-blank either one side or both sides of a PID, a group of
PIDs or all PIDs within the station using the ISCS HMI.
7) The operator shall have the capability to manually set the PID’s display intensity using the
[BI]
ISCS HMI.
8) The “What You See What You Get” feature of the PID display shall be provided by the ISCS
[BI]
HMI. The operator shall be able to align the corporate image using specialised font types and
icon (input by the operator). Furthermore, screen display templates shall be provided for easy
editions.
9) [BI]
The operators shall be given the function to customise the PID display layout by the ISCS HMI.
For example, enlarging the video message window and shifting the text message from top to
bottom section.
10) [BI]
A time scheduler editable by the operator via ISCS HMI shall be equipped in the PIDS to allow
automatic display of special message based on the time schedule.
11) [BI]
The PIDS operator shall be provided with a reset command by the ISCS HMI to stop the
message display. Upon initiation of the reset function, the current messages shall be cancelled
and the pre-set routine display schedule shall be resumed.
12) [BI]
The operator shall be alerted of a faulty PIDS equipment by an equipment alarm accompanied
with an audible tone via ISCS HMI. The ISCS HMI shall display the PID faults on the associated
PID icon and shall be able to display at least fifty (50) alarm events. Furthermore, the ISCS HMI
shall also be capable of indicating the Application Status and its Integration Status between PIDS
system and other systems. If failure/fault/error on the application and integration were to occur,
facilities and tools shall be available for traceability and analysis.
13) [BI]
A facility shall be included in the ISCS HMI to allow the operator to manually override any train
service information display such as Time-Till-Next-Train (TTNT) and input train service
information manually. The manually input values shall be provided with auto countdown.
14) A real-time “WYSIWYG” facility shall be included in the ISCS HMI to allow dynamic view of the
[BI]
information assigned to a selected PID board. This shall be done by clicking on a PIC icon or by
inputting the identity number of the associated PID(s) via keyboard.
15) [BI] The PIDS display message shall be activated by, but not limit to the following modes:
1. Command mode - the commands from ISCS for specific station operational or emergency
messages.
2. Manual mode - triggered by the operator via ISCS HMI.
16) [BI]
A facility to initiate any fixed message or instantly constructed messages and editing from pre-
formatted messages shall be provided by the ISCS HMI.
17) [BI]The operators shall be allowed to instantly construct messages and store to the local database
in the PIDS Server via ISCS HMI.
Page 54 of 171
Rev. No. 0.4.0
18) [BI]
Data fields such as name, time and other variables shall be provided to the pre-formatted
messages of each station which are identical. The ISCS HMI shall be used to enter the inputs for
these data fields.
19) [BI] The ISCS HMI shall classify and assign each constructed message.
20) [BI]
For periodic central archiving purposes, the message log shall be automatically downloaded
to the message database of the OCC and BOCC PIDS Server. The ISCS HMI can be used to
program the message retention.
21) [BI]
The ISCS HMI shall be able to group the PID boards (i.e. northbound platform PID group)
which can be addressed individually or in groups.
22) [BI]
The local control device or ISCS HMI can be used to initiate the reset, blank/un-blank, power
on/off functionalities of the PID.
23) [BI]
Fault logs and reports shall be stored in individual PID's memory for one (1) month before they
are overwritten. The ISCS HMI can be used to program the retention period.
24) [BI]
Maintenance personal/operator shall be able to perform the PIDS operation, system
configuration, diagnostics and alarm logging functions at the ISCS HMI at OCC, BOCC and
Station SCR.
25) [BI]The PIDS shall ensure the individual station PIDS design shall be able to operate
independently via ISCS HMI in case of lost connection to OCC or BOCC.
26) [BI]
Other operation information includes, current date and time, greeting messages, warning
messages and emergency messages sent from OCC, BOCC or local station via the ISCS HMI
shall also be displayed. For special non-emergency operating messages, the bottom row shall
be used to display the special message. During emergency, messages shall be expanded to
occupy the whole PID screen.
27) [INFO]The PIDS software shall use a distributed design with maintenance terminal and
configuration terminal serving as system resilience support.
28) [BI]
Workstation features (delivery via ISCS HMI) shall include as a minimum the capability to add,
modify, delete and change priority of messages.
29) [BI]
Messages shall each have a priority indication and a PA system interface (via ISCS) status
indicator if applicable.
30) [BI]
All these supervision and regulation functions shall be automatic without the need of human
intervention.
31) [INFO]
The PIDS GUI shall be integrated into ISCS HMI, which shall be provided, but not limited to
the following locations:
1. OCC
2. BOCC
3. Every Station PSC
5.1.5 Private Automatic Branch Exchange System (PABX) Interface [ISCS-SWRS-

301050]
1) [BI]The ISCS HMI shall be integrated with the functionality to fully control the PABX sub-system
to allow full compliance with the PABX system requirements. This shall include but not be limited
to:
1. Monitoring and annunciation of PABX and system alarms;
Page 55 of 171
Rev. No. 0.4.0
PABX Central ISCS Server ISCS Workstation

NMS
PABX Equipment
Alarm Status
Display
Figure 5-9: Sequence Diagram for Monitoring of the Monitoring and Annunciation of PABX and
System Alarms
PABX Central Alarm Status Alarm Display

ISCS Server ISCS Workstation
NMS
Figure 5-10: Data Flow Diagram for Monitoring of the Monitoring and Annunciation of PABX and
System Alarms
2. Full control of the PABX system to enable all normal and emergency call handling
functionalities; and
3. Suitable Computer Telephone Integration including Unified Messaging for all PABX services.
2) [BI]
Call handling shall include, as a minimum, the following features with visual and audible
prompts provided to the operator at the Control Room ISCS HMI, as appropriate to the call
function to be processed:
1. Call queuing in order of call arrival;
2. Call prioritisation for emergency services and user-defined requirements;
3. Intrusion, standard, private, night service and manager/secretary call facilities;
4. Incoming call answering;
5. Call Hold and Call Park;
6. Call Terminations;
7. Call Transfer to the recipient via the external systems accessible to the Telephone System
including the PSTN, InfraCo’s Telephone Network, and TETRA Radio system or to the
recipient’s cellular radio telephone;
8. Display of each user’s telephone status (availability);
9. Display of Call Line Identity; and
10. Display and scrolling through of telephone directory.
3) [BI]
Incoming calls shall be able to be received and outgoing calls can be made. Calls shall be able
to be routed to other locations based on the selection of a destination via entering an extension
number.
4) [BI]
Various forms of number dialling such as short-code and preconfigured single button dialling
shall be able to be handled.
5) [INFO] Normal operation shall be via the ISCS HMI.
Page 56 of 171
Rev. No. 0.4.0
6) [BI] The on-line VSS image shall pop-up at station ISCS HMI and OCC ISCS HMI.
5.1.6 TETRA Radio System (TETRA) Interface [ISCS-SWRS-301060]

1) [BI]
The ISCS HMI shall be able to display the handheld radio units equipped with GPS positioning
features with the “district map” for location pin-point purposes, equipment ID display, the direction
headed and orbits.
2) The ISCS HMI “district map” display shall be able to display the train-borne radio unit equipped
[BI]
with GPS positioning features with TETRA antenna. The display covers the routings and locations
of RTS Link premises to pin-point the train locations, equipment ID, speed, direction headed, and
orbits.
TETRA CRIS ISCS Server ISCS

Server Workstation
TETRA Equipment
TETRA Info
“District
map” display
Figure 5-11: Sequence Diagram for “District map” Display
“District map”
TETRA Info display
TETRA CRIS ISCS Server ISCS Workstation
Server
Figure 5-12: Data Flow Diagram for “District map” Display
3) [BI]
The user is allowed to log into the radio system through the ISCS HMI to prevent multiple
logins to each workstation.
5.1.7 Multi-channel Voice Recorder System (VRS) Interface [ISCS-SWRS-301070]

1) The operator’s ISCS workstation in Control Rooms shall be provided with the functionality of
[BI]
the Voice Recorder System. This shall later be agreed with the Employer during final design.
2) [BI] Depending on the operator’s profile, the access to the types of functionalities shall differ.
Page 57 of 171
Rev. No. 0.4.0
ISCS VRS Server ISCS

Workstation Workstation
Operator
Voice
Recording
Request
Voice Recording
Figure 5-13: Sequence Diagram for Voice Recording
ISCS Voice Recording Voice Recording

ISCS Workstation
VRS Server Request
Workstation Request
Figure 5-14: Data Flow Diagram for Voice Recording
5.1.8 Master Clock System (MCS) Interface [ISCS-SWRS-301080]

1) [BI]
system to the MCS system.
2) [BI]
ISCS system shall synchronise with Master Clock source for the time and date via NTP
protocol.
5.1.9 Video Surveillance System (VSS) Interface [ISCS-SWRS-301090]
1) [BI]
The ISCS workstations shall allow viewing of live video streams and pre-recorded video across
the RTS Link regardless of geographical location.
2) [BI]
The number of tiles (each displaying an individual camera feed) per VDU at each ISCS HMI
shall be in line with the Ergonomic & Human Factors Guidelines for Control Rooms and Control
Centre and shall be quantified during the final design for the Employer’s approval.
3) [BI]
The ISCS HMI shall, as a minimum, provide the following additional fully programmable
functions listed below. Available functionality shall be dependent on the operator profile:
1. Pan, tilt and zoom control;
2. Selection of each camera to be displayed;
3. Automatic panning on group or individual basis;
4. Reprogramming and auto sequencing of camera images;
5. Manual control of Network Video Recorder functions such as playback of recording;
6. Equipment identification;
7. Indication of faulty cameras or system faults;
8. Facility to select video images for presentation on any VDU;
9. Full control of any Video Display Unit supplied as part of the ISCS system;
10. Manual selection by Operator of any single video image or a combination of video images for
display simultaneously;
Page 58 of 171
Rev. No. 0.4.0
11. Automatic selection in accordance with a pre-set configuration in the event of an alarmed
condition such as the VSS images in the event of an intrusion detection alarm;
12. Manual selection by Operator of any sequence of camera images with each image displayed
in time sequence with a variable dwell time pre-set by the Operator;
13. Monitoring and annunciation of VSS system alarms;
14. Identification of the relevant camera on any video feed;
15. Addition and deletion of cameras; and
16. Modification of camera and VCA attributes.
4) [BI]
The ISCS HMI located at OCC and BOCC shall be able to support playback of images of the
VSS system.
5) [BI] At Stations, the WPC shall provide but not limited to:
1. The ISCS HMI (VSS part) shall be able to perform video footage playback, search, and offline
archiving for the local station VSS system.
2. PTZ cameras shall be provided with “absolute move” control by ISCS HMI.
6) [BI]
Both ISCS HMI and VSS keyboard controller shall allow OCC and BOCC operators to search,
retrieve and playback video clips stored in any NVR units of the VSS system.
7) [BI]
The recorded video footages shall be able to be exported to external storage devices such as
USB or other digital storage device via ISCS HMI.
8) [BI]
Video images can be selected by OCC and BOCC Operators on their ISCS HMI and relayed
onto the Video Display Panel.
9) [BI]
The ISCS should conform to ONVIF open standards for the addition of new cameras
conforming with ONVIF Profile S for video streaming.
10) [BI] ISCS HMI at OCC, BOCC & BDCC shall be able to display depot’s VSS images.
11) [BI]
The ISCS HMI shall work in conjunction with a keyboard and pointing devices for selecting the
camera and system icons so as to provide the interaction between the operator and the VSS
system for picture selection, camera control and fault information.
12) [BI]
The functionality integrated into the ISCS HMI shall allow full control of the VSS sub-system
to allow full compliance with the VSS system functional requirements.
13) [BI]
The ISCS HMI shall also work in conjunction with an integrated physical joystick for the control
of PTZ cameras.
5.1.9.1 Auto Display Camera Image [ISCS-SWRS-301091]
1) [BI] A designated tile shall be automatically projected by the ISCS HMI with the real time image
associated with an alarm trigger and initiate alarm-triggered recording, for the following scenarios:
1. Fire detection
2. Intrusion detection (using VSS video motion detection)
3. Intrusion detection (using AMS)
4. Blue Light Station (BLS Emergency Button)
2) [BI]The ISCS Workstation operator at the relevant Control Room shall be alerted to the location
of the alarm when an intruder is detected and the AMS security alarm is triggered. The nearest
VSS shall also be triggered to display the real-time image.
3) [BI]
The PHP shall be interfaced with the VSS system via ISCS at the location where VSS cameras
are overseeing PHP. It is integrated in a way that upon activation of PHP, the VSS camera image
shall automatically be displayed to the related SCR’s ISCS HMI and OCC’s ISCS HMI.
Page 59 of 171
Rev. No. 0.4.0
4) [BI]
The VSS system shall be configured in a way the VSS system shall automatically produce an
image of the person activating the PHP onto the ISCS HMI of the station operator / OCC operator
/ BOCC operator answering the call when PHP is activated.
5) [BI]
Upon activation of ESP, the SS WPC shall be responsible for alerting the ISCS including the
location of the ESP. The COMMS WPC shall be responsible in receiving information from ISCS
for activating the necessary VSS.
Figure 5-15: Sequence Diagram for ESP Activation
ESP Activation Camera Camera

Status Activation Activation
Signalling VSS Server

ISCS Server VSS Camera
System Server
Figure 5-16: Data Flow Diagram for ESP Activation
6) [BI]
The operator at the OCC shall be alerted automatically upon the triggering of the ESP via ISCS
HMI. The adjacent VSS shall be activated automatically by the ISCS HMI to display the VSS
images at the workstations and video wall display.
7) [BI]
The operator at the PSC and OCC shall be alerted automatically upon the triggering of the
AFC ESS via ISCS HMI. The adjacent VSS shall be activated automatically by the ISCS HMI to
display the VSS images at the workstations.
5.1.9.2 Snapshot [ISCS-SWRS-301092]
1) [BI] A snapshot function shall be included in the ISCS HMI to allow users to capture still images
from a stored video clip together with any on-screen display and export these images into
computer-readable JPEG (.JPG or .JPEG) files.
5.1.9.3 Video Recording Playback [ISCS-SWRS-301093]
1) [BI] The ISCS HMI shall allow the user to control the playback which shall include at least the
following functions, but not limited to:
1. Play,
2. Pause,
3. Stop,
4. Rewind,
5. Fast play,
6. Slow play
7. Next file,
8. Previous file,
Page 60 of 171
Rev. No. 0.4.0
9. Search based on user defined values of a combination of parameters (specific date/time,

defined date/time periods, train ID, carriage ID and camera ID)
10. Next camera,
11. Previous camera,
12. Full screen,
13. Repeat,
14. Shuffle,
15. Backup selection,
16. Digital zoom
2) [BI]
Simultaneous viewing of one, two or four recorded clips shall be enabled in the ISCS HMI.
When more than one clips recorded during the same time from different sources are viewed in
the same screen, these clips shall be played in a synchronised form with respect to the real time
when they were recorded.
3) [BI]
The selected and stored video clips shall be able to be exported by the ISCS HMI to an external
storage device which can be easily playback in another computer.
4) [BI]
The ISCS HMI shall at least accept the following parameters for specifying the video clip to be
retrieved and played from any NVR unit attached to the system:
1. Location name
2. Camera name/ID
3. Start date and time (with precision down to seconds)
4. End date and time (with precision down to seconds)
5. Duration
5.1.10 Video Wall Display Interface [ISCS-SWRS-301100]

1) [BI]The operator at the OCC shall be automatically alerted upon triggering of the ESP via ISCS
HMI. The adjacent VSS shall activate automatically by the ISCS HMI to display the VSS images
at the workstations and video wall display.
5.1.11 Self-Monitoring Interface [ISCS-SWRS-301110]

1) [BI]
Periodic self-diagnostic functions should proactively detect problems within the ISCS system,
including communication links and hardware/device status.
2) [BI] Any events or alarms generated by the self-monitoring shall be handled and/or managed in
accordance with the alarm management and performance requirements specified herein.
5.2 Interface with External Systems [ISCS-SWRS-302000]
5.2.1 Tunnel Ventilation System / Tunnel Lighting System/ Viaduct Lighting

System Interface [ISCS-SWRS-302010]
1) [BI] The ISCS shall be able to monitor and control the Tunnel Ventilation System.
2) [BI] The current operating mode shall be displayed by the ISCS workstation.
3) [SIL2]
Under normal operation condition, the Tunnel Systems Controllers shall automatically control
the Tunnel Systems. However, OCC shall be able to override the automatic mode remotely via
ISCS HMI in the event of emergency (e.g. Fire mode).
4) [INFO]
COMMS WPC shall be provided with mode tables by InfraCo WPC to control the tunnel
systems.
Page 61 of 171
Rev. No. 0.4.0
5) According to the user profile and control location, the ISCS HMI screen shall provide the
monitoring and control of the Tunnel Systems. The OCC operator shall be able to monitor and
control the minimum but not limited to following:
1. [BI] Individual start/stop control TVS
2. [BI] Tunnel/ Viaduct Emergency Lighting
3. [BI] Equipment operating status
4. [BI] Equipment alarms
5. [SIL2] TVS mode operating status
1. Normal modes
2. Congestion modes
3. Fire mode
6) The ISCS shall be provided with a “Train Stopped in Tunnel Zone” status by the SS WPC to
[SIL2]
prompt the trigger of the tunnel ventilation system to operate in the necessary mode when any
train is stationary inside any section of the tunnel for more than a predefined period. The
conditions for providing the triggering signals shall be coordinated by SS WPC with InfraCo WPC.
Signalling Tunnel Ventilation

ISCS Server
System System
Train stops in tunnel zone

for a predefined period Train Stopped in
Tunnel Zone
Status
Triggering of TVS mode
Figure 5-17 : Sequence Diagram for “Triggering of TVS Mode”
Train Stopped in Tunnel

Zone Status Triggering of TVS Mode
Signalling Tunnel Ventilation
System ISCS Server
System
Figure 5-18: Data Flow Diagram for “Triggering of TVS Mode”
7) [BI]
Based on the requests received from the SS, the respective section of the tunnel light shall be
switched on by the ISCS.
8) [BI]
The ISCS shall be able to monitor and control the Tunnel Lighting System / Viaduct lighting
system.
9) [SIL2] The ISCS shall be able to enable the control of TVS mode.
10) [BI] No intervention from the OCC/BOCC operator is required except for incident handling.
11) [BI]
The ISCS shall communicate with the Tunnel System Controllers to enable remote ISCS HMI
operation at OCC.
12) [BI]
In the event of emergency e.g. Fire mode, OCC shall able to override the automatic mode
remotely via ISCS HMI.
Page 62 of 171
Rev. No. 0.4.0
5.2.2 High Voltage System (HV) /Integrated Building Management System

(iBMS)/ Electrical System (ES)/ Low Voltage System (LV) [ISCS-SWRS-302020]
1) [INFO]The hardwire configuration and the software protocol used for ISCS and Civil related M&E
shall be agreed by both WPCs.
2) [INFO] The COMMS WPC shall be responsible to do the software configuration on the ISCS.
5.2.3 Traction Power System (TPS) Interface [ISCS-SWRS-302030]

1) [SIL2]
The ISCS HMI located at OCC and BOCC shall be integrated with functionality which allows
control and monitoring of the Traction Power Network.
TPS Server ISCS Server ISCS Workstation
TPS Equipment
Alarm Trigger TPS Equipment Alarm
Display notification Alarm
Figure 5-19: Sequence Diagram for Monitoring of the Traction Power Network
Equipment
Alarm Alarm Display
TPS Server ISCS Server ISCS Workstation
Figure 5-20: Data Flow Diagram for Monitoring of the Traction Power Network
2) [SIL2]
Only one control output circuit or a group of output circuits shall be able to be selected at any
one time by the operator. This shall be ensured by the ISCS.
ISCS ISCS Server TPS Server

Workstation
Operator Select
Control Output
Circuit
Control Signal
Send Control Signal
Figure 5-21: Sequence Diagram for Control Output Circuit
Page 63 of 171
Rev. No. 0.4.0
Control Signal Control Signal

ISCS Workstation ISCS Server TPS Server
Figure 5-22: Data Flow Diagram for Control Output Circuit
3) [INFO]
For the integration of the control and monitoring between ISCS system and Video Wall
Display Panel, a 750V system architecture and I/O shall be provided by the TPS WPC.
4) [INFO]
The COMMS WPC and TPS WPC shall ensure the ISCS to have the functions of monitoring
the status and control of TPS equipment. The ISCS shall be ensured to be provided with the
functionality to monitor the status and control of TPS equipment by the COMMS WPC and TPS
WPC.
5) [INFO]
TPS equipment shall not be directly controlled by ISCS. Instead, all control commands from
ISCS shall communicate to the TPS Power SCADA server.
6) [INFO]
COMMS WPC is responsible to coordinate with the TPS WPC and define the priority /
severity level of TPS equipment I/O points to be displayed at ISCS HMI. The TPS WPC shall
provide the I/O point information in hardwire configuration, software configuration, software
protocol, software point address of the TPS equipment to COMMS WPC
7) [SIL2]
The traction status received from Traction Power System shall be transmitted to Signalling
System via ISCS.
TPS Server Signalling

ISCS Server
System
Traction Status
Spontaneous update
Send Traction Status
Figure 5-23 : Sequence Diagram for Traction Power Status
Traction Status Traction Status

TPS Server ISCS Server Signalling System
Figure 5-24: Data Flow Diagram for Traction Power Status
5.2.4 Access Management System (AMS) Interface [ISCS-SWRS-302040]
1) [BI]
The status of selected AMS devices which are controlling the access to rooms in the
Employer’s area of operations can be obtained by interfacing the ISCS with the AMS.
2) [BI]
The operational state of the selected AMS devices shall be able to be displayed by the ISCS
Workstations located in the OCC and BOCC.
3) [BI]
In the event of a fire alarm, the number of staffs in the affected building at the moment of
activation of the Fire Alarm (as provided by the AMS) shall be displayed by the ISCS.
Page 64 of 171
Rev. No. 0.4.0
5.2.5 Automatic Fare Collection System (AFC) Interface [ISCS-SWRS-302050]
1) [BI]
The equipment operation status and fault alarm conditions shall be transferred to the ISCS
system by the AFC system. Hardwire interface is used to interface the ISCS system with the
AFC system.
2) [BI] Triggering
of the AFC ESS shall automatically alert the operator at the PSC and OCC via
ISCS HMI. The ISCS HMI shall automatically activate the adjacent VSS in order to display the
VSS images at the workstations.
5.2.6 Rolling Stock (RS) Interface [ISCS-SWRS-302060]

1) [BI] The ISCS shall automatically receive train health status data via the Wireless Data
Communication System when any event occurs. The frequency of transmission shall be proposed
for review and acceptance by the Employer.
TMS ISCS Server ISCS Workstation

Rolling
Stock
Equipment
Train health Status
via WDCS
Display
Figure 5-25: Sequence Diagram for Monitoring of the Rolling Stock Systems
Train health status Alarm Display

TMS ISCS Server ISCS Workstation
Figure 5-26: Data Flow Diagram for Monitoring of the Rolling Stock Systems
2) [BI]
The information and data exchange necessary to facilitate functional of Communication system
via Train-borne Radio System or/and train-borne Wi-Fi System shall be coordinated by the RS
WPC with the COMMS WPC. In a data transfer protocol agreed by the WPCs, this information
shall contain, but not be limited to, the following:
1. Train Operation Mode – Auto or Manual mode
2. Front or rear driver cab activation
3. Rolling Stock health status;
4. Rolling Stock speed and position (information provided by Signalling System) via Rolling Stock;
5. Train descriptors, including destination and identification;
6. PEC activation and deactivation
7. Critical train-borne communication equipment health status (list of equipment to be monitored
subject to approval by the Employer)
Page 65 of 171
Rev. No. 0.4.0
5.2.7 Signalling System (SS) Interface [ISCS-SWRS-302070]

1) [BI]
The ISCS HMI shall be integrated with the functionality to monitor the Signalling Control
System.
2) [BI]
Selected alarms and statuses shall be transmitted by the ISCS system to the Signalling
System.
3) [BI] The ISCS HMI shall, as a minimum, provide the following functions:
1. Dynamic train location;
2. Timetabling;
3. Playback;
4. Training simulator;
5. Report Generation;
4) [BI]
The train arrival timing details for each platform from the SS shall be obtained by the COMMS
WPC and displayed on the PID. The interface shall be provided by the SS WPC based on the
Ethernet standard.
5) [BI] The ISCS provided by COMMS WPC shall be used to interface PID and PA Systems and SS.
6) [BI]The information and data exchange necessary to facilitate Passenger Information Service;
Public Address at stations; and VSS shall be coordinated by the COMMS WPC with the SS WPC.
In a data transfer protocol agreed by the WPCs, this information shall contain, but not be limited
to, the following:
1. Train running Timetable;
2. Upcoming passenger train
3. Non-passenger trains, non-stop information;
5. Estimated Time of Arrival of each upcoming passenger train; and
6. Train position
7) [BI]
Upon activation of ESP, the Signalling System shall send the ESP activation status including
the location of the ESP to ISCS System. The adjacent VSS shall be activated automatically by
the ISCS HMI to display the VSS images at the appropriate workstation.
8) [BI]
The equipment operation status and fault alarms conditions shall be transferred to the ISCS
by the SS WPC. A discussion and agreement shall be held between the SS WPC and COMMS
WPC on the required alarm conditions. The interface/point schedule shall be submitted to the
Employer for review and acceptance.
9) The ISCS shall be provided with a “Train Stopped in Tunnel Zone” status by the SS WPC to
[SIL2]
prompt the trigger of the tunnel ventilation system to operate in the necessary mode when any
train is stationary inside any section of the tunnel for more than a predefined period. The
conditions for providing the triggering signals shall be coordinated by SS WPC with InfraCo WPC.
10) The SS shall be provided with a “Fire Alarm” status for stations and tunnel by the COMMS
[SIL2]
WPC to prevent trains from departing into the reported fire zone. In the event that a train has
already departed, the train shall either be service brake to a standstill before the zone or continue
to move to the platform outside the zone depending on the distance between the train and the
reported fire zone.
Page 66 of 171
Rev. No. 0.4.0
Fire Protection Signalling

ISCS Server
System Server System
Fire Alarm Status
Periodically poll
Forward to
Figure 5-27 : Sequence Diagram for “Fire Alarm” Status
Fire Alarm Fire Alarm

Status Status Signalling
Fire Protection ISCS Server
System Server System
Figure 5-28 : Data Flow Diagram for “Fire Alarm” Status
11) [BI]
The ISCS shall turn on respective section of the tunnel light based on the request received
from the SS.
12) [BI]
When the train door emergency release handle is operated and the train is stopped in between
stations, the SS WPC shall provide a tunnel light switch on request from the ATS to the ISCS.
13) [BI]
The ISCS only offer limited control and monitoring on signalling system, and platform screen
door system.
14) [BI] The ISCS shall exchange operational data with the Signalling System.
5.2.8 Platform Screen Door (PSD) Interface [ISCS-SWRS-302080]
1) [BI]
The alarm and status monitoring functionality shall be provided by interfacing the ISCS
system to the PSD systems.
5.2.9 Depot Equipment, Service Vehicle (TWP) Interface [ISCS-SWRS-302090]
1) [BI]
The status of Train Wash Plant (TWP) equipment shall be able to be remote monitored by the
ISCS HMI at OCC.
5.2.10 Maintenance Management System (NOT USED) [ISCS-SWRS-302100]
5.2.11 Uninterruptible Power System (UPS) Interface [ISCS-SWRS-302110]
1) [BI]
The equipment operation status and fault alarms conditions shall be transferred by the UPS
System to the ISCS.
5.2.12 Fire System Interface [ISCS-SWRS-302120]
1) [SIL2]
Through interfacing with Fire Protection System, the ISCS system will be able to receive the
“Fire Alarm” status of stations.
Page 67 of 171
Rev. No. 0.4.0
2) [SIL2] Operators can perform the following function via ISCS HMI (Interface at ISCS Server):
1. Monitoring of Fire System equipment status
5.2.13 Water Handling Equipment (WHE) Interface [ISCS-SWRS-302130]
1) [INFO]
The hardwire configuration and the software protocol used for ISCS and Civil related M&E
shall be agreed by both WPCs.
2) [INFO] The COMMS WPC shall be responsible to do the software configuration on the ISCS.
Page 68 of 171
Rev. No. 0.4.0
6 Non-Functional Requirements [ISCS-SWRS-400000]

6.1 Performance Requirements [ISCS-SWRS-401000]
[INFO]
This section describes the performance requirement of ISCS system, the software should achieve
the performance requirement with following measures:
1) Adequate hardware resources and;
2) Software optimization is to be performed whenever possible.
6.1.1 Response Time [ISCS-SWRS-401010]

1) A maximum response time of 2 seconds shall be required between detection of a ‘change of
[BI]
state’ at the ISCS monitoring device (RTU/PLC/IED, interfaced system boundary), and the display
and annunciation at the operator’s workstation, in normal or degraded modes, while operator pre-
set delays are disabled.
2) [BI]A maximum time of 2 seconds shall be required between the operator command at the
workstation and the activation of the relevant output at the ISCS RTU/PLC, or reception by
interfaced system, in normal or degraded modes.
3) [BI]
A control command or indication from an integrated sub-system shall be added with not more
than 500ms by the ISCS.
4) [BI]The restoration and synchronization of the core equipment to all redundant equipment,
RTU/PLC/IED and interfaced system shall not take more than 10 minutes if a showdown or restart
of a core ISCS equipment were to occur.
5) [BI]
It shall not take more than 2 seconds for an ISCS workstation to display a new view after a
request from an operator.
6) [BI]
The ISCS HMI screen update shall not be more than 0.5 second between the operator
command and the display of the requested real-time updated information table for PIDS interface.
7) [BI]
The system should properly update all requisite graphical displays and remain responsive
while processing a continuous throughput of 100 alarms per second, and a burst of 1,500 alarms
per second over 10 seconds, without the operator noticing any reduction in performance.
8) [BI] The ISCS HMI should be fluid and never show signs of system freezing.
9) [BI]
Switchover / failover from standby to active state and reaching full system operational mode
should be less than 5 seconds and should be seamless to operators. No data shall be lost during
the switchover/ failover.
10) [BI] Complete system shutdown following the correct procedures should take less than 5 minutes.
11) [INFO] The ISCS shall not adversely affect the response times of any integrated sub-system.
12) [BI]
Execution of any data enquiry functions such as archival and retrieval of historical data, printing
or trending functions should not degrade the performance of the ISCS HMI.
13) [BI]
It shall not take more than 15 seconds for the ISCS HMI to generate the On-screen
performance management report.
14) [BI]The display of a fault alarm at the ISCS HMI shall not exceed two (2) seconds from the time
of the fault occurring.
6.1.2 Degraded Modes [ISCS-SWRS-401020]

1) [BI] The Operation Control Centre (OCC) is where the RTS Link shall be normally operated.
Page 69 of 171
Rev. No. 0.4.0
2) [BI]Control of the RTS Link shall be transferred to the Backup Operation Control Centre (BOCC)
if any disruption or failures were to occur at the OCC.
3) [BI]
The ISCS system shall be designed in a way that the ability to perform ISCS control and
monitoring over the rest of the systems or RTS Link shall be ensured even if total failure of the
ISCS at any single location including full loss of the ISCS within the OCC were to occur.
4) [BI]The ISCS system shall be configured such that no credible single point of failure can cause
failure of monitoring and control functions of the System at its workstations.
5) [INFO]
In the event of ISCS HMI failure, the Digital Call Station shall operate in fall back mode
allowing station operator to make live announcement to particular zone or any combination of
zones.
6) [INFO]
allowing OCC and BOCC operator to make live announcement to selected station(s).
7) [INFO]
In case of the ISCS HMI failure, the PID shall still display the pre-defined
messages/schedules according to the operations requirement.
8) [INFO]
The VSS shall provide VSS keyboard controllers at the OCC and BOCC to allow the
Operators to perform fall back VSS control and selection functions during failure of the ISCS HMI.
9) [INFO]
The VSS shall provide a VSS fall back workstation (not connected to the ISCS system) at
OCC and BOCC to allow the OCC and BOCC Operators to perform fall back VSS control and
monitoring in the event the ISCS system fails.
10) [BI] System data shall not be lost in the event of a system failure, shutdown, or power loss
11) [BI]
In the event of a power failure, the system shall resume service without manual intervention
once power is restored.
12) [INFO]
Failure or unavailability of the ISCS system shall not impact the ability of the interfaced
subsystems from achieving their intended functionality.
13) [INFO]
In the event of a complete failure or unavailability of the OCC, the system shall be able to
be operated from the BOCC.
14) [INFO]
In the event of failure or unavailability of a remote ISCS workstation, the functionality of the
said workstation shall be available at the OCC and BOCC.
15) [INFO]
The design of the ISCS system architecture shall ensure that no data is lost due to failure of
any part of the system, whether hardware, software or communications failure.
16) [INFO]
allowing station operator to make live announcement to particular zone or any combination of
zones.
6.1.3 System Capacity and Loading [ISCS-SWRS-401030]

1) [BI]
ISCS system under normal or degraded modes, the CPU loading of any core equipment shall
be less than 35% on average when measured over a period of 5 minutes.
2) [BI]
Under emergency conditions, the CPU loading of any core equipment shall be less than 70%
on average when measured over a period of 5 minutes.
3) [BI]
Buffering shall be controlled so that a full buffering condition shall not cause the system to
become unavailable.
4) [BI]
The system shall properly update all required graphical displays and remain responsive while
processing a continuous throughput of 100 alarms per second, and a burst of 1,500 alarms per
second over 10 seconds, without the operator noticing any reduction in performance.
6.1.4 Expandability and Scalability [ISCS-SWRS-401040]

1) [BI] ISCS system is designed with following consideration for future expansion:
Page 70 of 171
Rev. No. 0.4.0
1. ISCS system is flexible and scalable which is upgradable with only configuration data and
modular software modification.
2. ISCS system is upgradable and able to modify to incorporate any other changes that is
required during the lifetime of the system.
3. ISCS system is open and modular to provide maximum adaptability during the lifetime of the
system.
2) [INFO]
The WPC shall include provision for the evolution, upgrade path and support of software
and systems for the period specified in the contract.
3) [BI] The following are the hardware expansion available for ISCS system:
1. Addition of ISCS Workstation
2. Addition of ISCS Server storage
3. Addition of I/O points
4. Addition of other ISCS equipment
4) [BI] The following are the software expansion available for ISCS system:
1. Database
2. Virtual Machine
3. Software interface
5) [INFO]
The details of ISCS system future expansion must be provided in Future Expansion Strategy
document.
6) [BI]
Software databases, regardless of the mode of operation, shall be designed to allow ease of
expansion.
7) [BI]
The delivered system database structures shall be able to expand by 100% of the original
supplied size without the purchase of any hardware or software for system database structures.
8) [INFO]
The ISCS system shall be easily reconfigurable, to allow changes to be made without the
need to resort to the original contracting organisation.
9) [INFO]
This shall include but not be limited to the addition, removal or update of HMI graphical
objects, RTU/PLC/IED, input and outputs, etc.
10) [INFO]
The ISCS shall be designed to enable modifications and/or extensions to be executed with
no significant disruption of operation across the Project.
6.2 System Security Requirements [ISCS-SWRS-402000]
1) [INFO] The system should be protected by latest Endpoint Security such as antivirus.
2) [BI]
The software should be protected by Access Authority Management to prevent misusing of
unauthorized functionality.
3) [BI]
Remote access to ISCS for diagnostics and maintenance shall be possible from any location
within RTS link via CBN subject to sufficient login privileges. The diagnostic and maintenance
access shall be protected by security features such as a password protection to maintain the
integrity of the ISCS system.
4) [INFO] The system shall be protected against viruses, hacking and malicious attack.
5) [INFO]
The interfaces shall be secure and shall not affect the integrity of the rail systems or the
safety of the railway.
6) [BI] Remote access activities shall be logged in the event log and shall be monitored.
Page 71 of 171
Rev. No. 0.4.0
6.3 System Safety Requirements [ISCS-SWRS-403000]
1) [BI]The integrity of the rail systems or the safety of the railway shall not be affected, and the
interfaces are ensured to be secure, in line with Cybersecurity Requirements.
2) [INFO]The result of ISCS safety integrity level allocation as identified in Safety Integrity Level
Determination Report (RTS-SY03-SYS-GRA-REP-20003) is, the overall Software SIL (SSIL) of
the ISCS is SSIL 2.
3) [INFO]The demonstration of the SSIL of ISCS system are performed in accordance with EN 50128.
4) [INFO] A System Safety Demonstration Report (SSR) must be produced.
6.4 Design Review Requirements [ISCS-SWRS-404000]
1) [INFO]
During the various design stages, the screen layouts shall be developed while considering
the users’ requirements. The developed screen layouts shall be subjected to further refinement
and review by the user representatives before being incorporated into the final HMI workstations
and equipment design.
2) [INFO]
Symbol libraries and Display pages shall be submitted to the Employer for review and
approval.
3) [INFO]The Employer’s approval shall be sought by the WPC at multiple stages throughout the
development of the HMI. The stages shall include, but not be limited to, the production of
wireframes and the hosting of mock-up HMI workshops.
4) [INFO]
This dialogue process shall be a part of a more general process of discussion to achieve
configuration and final design of the ISCS system, to meet the operator and maintainer
requirements.
5) [INFO]
The alarm management strategy shall be submitted for review and approved by the
Employer.
6) [INFO]COMMS WPC shall coordinate with other WPCs and Employer to define the list of statuses
and alarms that are to be monitored by ISCS, the priority / severity levels of the alarms, and the
list of operational controls.
7) [INFO]
The analogue parameters and performance to be present by WPC for employer approval
during design process.
8) [INFO]Verification shall be carried out at each phase of the development lifecycle to verify the
output of the phase meets the input requirements of that phase in accordance with the
requirement in EN 50128. The verification shall include the review of design document and the
review of code. The verification and the production of the output documents or software code
shall be performed by different persons.
9) [INFO]
Key software design documents such as System Requirement Specification, Software
Requirement Specification and Software Design Specification shall be submitted for the
Employer’s acceptance.
10) [INFO]
For any system configured by application data, the WPC shall comply with the requirements
of EN 50128 and produce the specified output documents. These documents shall be submitted
to the Employer for review and acceptance.
11) [INFO]
Consistency between requirements, designs, code, tests specifications, user manuals shall
be maintained throughout the development lifecycle.
12) [INFO]
Formal change control process shall be performed for the changes of all documentation and
software.
Page 72 of 171
Rev. No. 0.4.0
13) [INFO] The verification shall include the review of design document and the review of code.
14) [INFO]
The verification and the production of the output documents or software code shall be
performed by different persons.
15) [INFO]
A design presentation to the Employer for each of the document shall be conducted and
how the design outputs comply with the input requirements shall be demonstrated.
16) [INFO]
Requirement of software shall be traceable throughout the document produces in the
development lifecycle.
6.4.1 HMI Demonstration [ISCS-SWRS-404010]

1) [INFO]Prior to the implementation, HMI prototypes shall be provided and organized by the WPC
for the purposes of presentation, demonstration, and submission to the Employer for review. HMI
prototype trials shall be held no less than 3 separate times.
2) [INFO] The first HMI prototype shall be presented to the Employer according to the requirements.
3) [INFO]The demonstration of the second and third HMI prototype trials shall be held during the pre-
final design stage and final design stage respectively.
4) [INFO]
All screen objects and user interaction as described in this section shall be included in the
HMI prototype demonstration.
5) [BI]
The HMI user interface is designed with simplicity based on the concept of a common look
and feel to preserve consistency for easy to look at and easy to use interface.
6) [INFO] The HMI design and implementation shall be subject to prototyping and review by Employer.
7) [INFO]
The WPC shall submit the HMI design for review prior to the commencement of an HMI
demonstration.
8) [INFO]The WPC shall submit to the Employer for approval the relevant HMI design in accordance
with the specified design stages.
9) [INFO]
The screen layouts shall be developed, taking into account the users' requirements, and
shall be subject to further refinement and review by the user representatives before being
incorporated into the final HMI workstations and equipment design during the various design
stages.
10) [INFO]
The WPC shall correct all the problems identified in the HMI prototype demonstration prior
to the commencement of site testing.
6.5 Software Maintenance Requirements [ISCS-SWRS-405000]
1) [INFO]
Following the System being handed over for operation, any of the software modification and
installation activities, which have an impact to the operation, shall be subject to control of the
Employer and shall comply with following requirements:
1. All changes to the software shall be managed and controlled in accordance with the
procedures as defined in the Software Configuration Management Plan.
2. Method of the system upgrades are to be delivered to site, installed and tested shall be defined.
This includes the definition of the media to be used and the method of proving correctness of
the modified software.
3. Any impact to operations are ensured to be avoided for any modification works on the
delivered software.
Page 73 of 171
Rev. No. 0.4.0
4. For each installation of modified software to live system, a software release note, an
installation method statement, and a system safety certificate shall be submitted to the
Employer at least seven (7) days prior to the installation.
1. The software release note shall provide details of the modified software
2. The method statement shall identify the schedule, installation procedure, impact to the
operational system, and the fall back procedures.
Page 74 of 171
Rev. No. 0.4.0
7 Requirements Techniques and Measures [ISCS-SWRS-500000]

[INFO]
Software Requirements Specification shall be supported by techniques and measures from Table
A.2 of EN 50128 standard as listed in Appendix A-2 of ISCS Software Quality Assurance Plan
(P205_ISCS_D1.1_SQAP).
Page 75 of 171
Rev. No. 0.4.0
8 SIL Requirement Tracking [ISCS-SWRS-600000]
No. Software Requirements SWRS ID SIL Remarks

Level
1 Selected alarms from other systems such as power, ISCS- SIL 2 NA

fire and ventilation systems SWRS-
205073-02-
02
2 On the ISCS HMI, the COMMS WPC shall be ISCS- SIL 2 NA

responsible to produce the GUI for all related TPS SWRS-
equipment. 205075-03
3 According to the user profile and control location, ISCS- SIL 2 NA

the ISCS HMI screen shall provide the monitoring SWRS-
and control of the Tunnel Systems. The OCC 302010-05-
operator shall be able to monitor and control the 05
TVS mode operating status
4 The ISCS shall be able to enable the control of TVS ISCS- SIL 2 NA
mode. SWRS-
302010-09
5 Under normal operation condition, the Tunnel ISCS- SIL 2 NA

Systems Controllers shall automatically control the SWRS-
Tunnel Ventilation Systems. However, OCC shall 302010-03
be able to override the automatic mode remotely via
ISCS HMI in the event of emergency (e.g. Fire
mode).
6 The ISCS shall be provided with a “Train Stopped ISCS- SIL 2 The
in Tunnel Zone” status by the SS WPC to prompt SWRS- requirement
the trigger of the tunnel ventilation system to 302010-06 involved
operate in the necessary mode when any train is interfacing
stationary inside any section of the tunnel for more between
than a predefined period. The conditions for ISCS and
providing the triggering signals shall be coordinated Tunnel
by SS WPC with InfraCo WPC. Ventilation
System
ISCS- SIL 2 The

SWRS- requirement
302070-09 involved
interfacing
between
ISCS and
Signaling
System
Page 76 of 171
Rev. No. 0.4.0
No. Software Requirements SWRS ID SIL Remarks

Level
7 The ISCS HMI located at OCC and BOCC shall be ISCS- SIL 2 NA
integrated with functionality which allows control SWRS-
and monitoring of the Traction Power Network. 302030-01
8 The traction status received from Traction Power ISCS- SIL 2 NA

System shall be transmitted to Signalling System SWRS-
via ISCS. 302030-07
9 Only one control output circuit or a group of output ISCS- SIL 2 NA

circuits shall be able to be selected at any one time SWRS-
by the operator. This shall be ensured by the ISCS. 302030-02
10 Through interfacing with Fire Protection System, ISCS- SIL 2 NA

the ISCS system will be able to receive the “Fire SWRS-
Alarm” status of stations. 302120-01
11 Operators can perform monitoring of fire system ISCS- SIL 2 NA

equipment status via ISCS HMI SWRS-
302120-02-
01
12 The SS shall be provided with a “Fire Alarm” status ISCS- SIL 2 NA

for stations and tunnel by the COMMS WPC to SWRS-
prevent trains from departing into the reported fire 302070-10
zone. In the event that a train has already departed,
the train shall either be service brake to a standstill
before the zone or continue to move to the platform
outside the zone depending on the distance
between the train and the reported fire zone.
Page 77 of 171
Rev. No. 0.4.0
9 Requirement Traceability Matrix

Specification ID System Requirements Description Category Specification
ID
ISCS-SysRS- 1 Introduction [ISCS-SysRS-010000] Header Heading/
010000 Subheading
ISCS-SysRS- The Government of the Republic of Singapore and the Government of Malaysia have agreed to Info N/A
010000 jointly develop the RTS Link project to enhance connectivity between Malaysia and Singapore, to
benefit commuters who travel between Singapore and Johor Bahru. The RTS Link will primarily
serve as an alternative mode of transport for commuters currently utilising the Johor Bahru-
Singapore Causeway to cross the border. The RTS Link is intended to be a convenient, safe, and
cost-effective system that integrates well with other transportation services in Woodlands and Johor
Bahru.
The RTS Link will be a shuttle link with double tracks that crosses the Straits of Johor via a high
bridge. It will serve two terminal stations, one in Woodlands, Singapore and the other in Bukit
Chagar, Johor Bahru, Malaysia. The proposed link will be approximately 4.6km in length, and the
crossing will take approximately 5-10 minutes. The RTS Link Operator (who will be the Employer)
will be required to operate the RTS Link all year round.
ISCS-SysRS- 1.1 Purpose [ISCS-SysRS-010100] Header Heading/
010100 Subheading
ISCS-SysRS- The purpose of this document is to present the railway system requirements of Xentral Safe on the Info N/A
010100 pre-existing Xentral Software Platform as the ISCS system that achieve the safety functions
determined in the Safety Integrity Level Determination Report RTS-SY03-SYS-GRA-REP-00003
produced by Sapura Rail Systems Sdn Bhd.
The system requirements specified in this document is derived based on the following input
documents from RTS project:
ISCS-SysRS- 1. Design, Manufacture, Supply, Delivery, Installation, Testing, and Commissioning, Interfacing, Info N/A
010100 Warranty and Other Related Works of Communications System (COMMS) of Rapid Transit System
(RTS) Link Assets for RTS Link Between Malaysia-Singapore
Part 1 : General Specification (Document no: RTSO/TDR/SB/COMMS/CPX/2021/003)
ISCS-SysRS- 2. Design, Manufacture, Supply, Delivery, Installation, Testing, and Commissioning, Interfacing, Info N/A
010100 Warranty and Other Related Works of Communications System (COMMS) of Rapid Transit System
(RTS) Link Assets for RTS Link Between Malaysia-Singapore
Part 2 : Particular Specification (Document no: RTSO/TDR/SB/COMMS/CPX/2021/003)
Page 78 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- These documents specify all the requirements for the COMMS Work Package. Info N/A
010100 A traceability matrix table of the Particular Specification and General Specification is provided by
Willowglen (M) Sdn Bhd in which they have filtered to include only the requirements needed for
ISCS scope of supply. The document is presented as Appendix A Requirement Traceability Matrix.
All system or software requirements that shall be delivered in RTS project shall be specified in this
ISCS System Requirements Specification.
Safety Integrity Level Determination Report document specifies all safety related functions of ISCS
system. The safety functions with the allocated SIL level will be referenced and become input
requirements of ISCS’s safety-related function requirements.
ISCS-SysRS- 1.2 Scope [ISCS-SysRS-010200] Header Heading/

010200 Subheading
ISCS-SysRS- This document specifies all the system requirements of ISCS. In this document, all requirements Info N/A
010200 marked as SIL 1 or SIL 2 are safety-related requirements. Any other requirements are assumed to
be basic integrity.
The safety functions identified for ISCS software is listed in Table 3 1.
ISCS-SysRS- 1.3 Acronyms, Abbreviations and Terms [ISCS-SysRS-010300] Header Heading/
010300 Subheading
The following tables provide definitions for acronyms, abbreviations and terms used in this Info N/A
document.
ISCS-SysRS- 1.3.1 Acronyms and Abbreviations [ISCS-SysRS-010301] Header Heading/
010301 Subheading
ISCS-SysRS- 1.3.2 Terms [ISCS-SysRS-010302] Header Heading/
010302 Subheading
[ISCS-SysRS- 1.4 References [ISCS-SysRS-010400] Header Heading/
010400 Subheading
ISCS-SysRS- 1.4.1 External Reference Documents [ISCS-SysRS-010401] Header Heading/
010401 Subheading
ISCS-SysRS- 1.4.2 Standard [ISCS-SysRS-010402] Header Heading/
010402 Subheading
ISCS-SysRS- 1.5 Requirement ID [ISCS-SysRS-010500] Header Heading/
010500 Subheading
Page 79 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- Every requirement specification in this document will be assigned with a unique identification (ID) for Info N/A
010500 traceability purposes.
In this document, every requirement shall be assigned the ID format as follows:
ISCS-SysRS-AABBCC-DD-EE-FF
where;
AA – SysRS Heading Level 1
BB – SysRS Heading Level 2
CC – SysRS Heading Level 3
DD – SysRS Item Number Level 1
EE – SysRS Item Number Level 2
FF – SysRS Item Number Level 3
Referring to Figure 1 1, below are examples of how the System Requirement ID is allocated:
ISCS-SysRS- 1. System requirement: Info N/A

010500-01 “Real time train movement using track section status.”
The System Requirements ID will be ISCS-SysRS-020503-16-01.
ISCS-SysRS- 2. System requirement: Info N/A

010500-02 “Malfunction power failure.”
The System Requirements ID will be ISCS-SysRS-020503-16-05-01.
ISCS-SysRS- 1.6 Source Code Escrow [ISCS-SysRS-010600] Header Heading/

010600 Subheading
ISCS-SysRS- 1.6.1 Source Code Escrow Requirement [ISCS-SysRS-010601] Header Heading/
010601 Subheading
ISCS-SysRS- 1.6.1 For proprietary software that are used in vital systems, the WPC and the Employer shall enter Info ISCS-SWRS-
010601-01 into an agreement with the Source Code Escrow for placing the proprietary software source code 106000-01
used in the ISCS system as a minimum for a period equal to the design life of the ISCS system.
Page 80 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 1.6.2 The Escrow agreement shall enable the release of the sources code to the Employer from the Info ISCS-SWRS-
010601-02 Sources Code Escrow under the condition that the WPC is in breach of the obligation of 106000-02
maintenance and support of the software in the ISCS system as required in the Contract and in the
Escrow agreement.
ISCS-SysRS- 1.6.3 The WPC shall provide the proposed Escrow agreement for the Employer’s review and Info ISCS-SWRS-
010601-03 acceptance and shall incorporate any requirement from the Employer as necessary. 106000-03
ISCS-SysRS- 1.6.4 The WPC shall be responsible for the costs involved in establishing the Source Code Escrow Info ISCS-SWRS-
010601-04 agreement and for the period of the whole period of the Escrow program. 106000-04
ISCS-SysRS- 2 System Requirements [ISCS-SysRS-020000] Header Heading/
020000 Subheading
ISCS-SysRS- 2.1 System Overview [ISCS-SysRS-020100] Header Heading/
020100 Subheading
ISCS-SysRS- 2.1.1 General Description [ISCS-SysRS-020101] Header Heading/
020101 Subheading
ISCS-SysRS- 2.1.1.1 The ISCS system can be deployed in any command or control center to manage, monitor, Info Info
020101-01 and control any type of business operations.
ISCS-SysRS- 2.1.1.2 In the railway industry, the ISCS system is used for railway command center for the Functional ISCS-SWRS-
020101-02 operators to monitor and/or control all subsystems in the entire railway line, such as interfaces to 101000-01-03
Building Management System (BMS), Environmental Control System (ECS), Tunnel Ventilation ISCS-SWRS-
System (TVS), Power SCADA (PSCADA), Video Surveillance System (VSS), Passenger 101000-01-
Information Display System (PIDS), Public Address System (PA System), Radio System, Central 03-01
Transmission System (CTS) and etc. ISCS-SWRS-
101000-01-
03-02
ISCS-SWRS-
101000-01-
03-03
ISCS-SWRS-
101000-01-
03-04
ISCS-SWRS-
101000-01-
03-05
ISCS-SWRS-
101000-01-
Page 81 of 171
Rev. No. 0.4.0

ID
03-06
ISCS-SWRS-
101000-01-
03-07
ISCS-SWRS-
101000-01-
03-08
ISCS-SWRS-
101000-01-
03-09
ISCS-SysRS- 2.1.1.3 The ISCS system shall provide operators with an efficient method of controlling and Info ISCS-SWRS-
020101-03 monitoring equipment and the various subsystems throughout the railway system. 101000-21
ISCS-SysRS- 2.1.1.4 The ISCS system shall support redundancy architecture to avoid service disruption due to Non-functional ISCS-SWRS-
020101-04 single point of failure. 401020-04
ISCS-SysRS- 2.1.1.5 In projects that require redundant control center, the software can be configured to run in Functional ISCS-SWRS-
020101-05 similar configuration as the main control center without manual intervention. 202050-01
ISCS-SysRS- 2.1.1.6 The railway system normally be operated from the Operation Control Centre (OCC). In the Non-functional ISCS-SWRS-
020101-06 event of disruption and failures at the OCC, control of the railway system shall be transferred to the 401020-01
Backup Operation Control Centre (BOCC) which acts as the redundant control center. ISCS-SWRS-
401020-02
ISCS-SysRS- 2.1.1.7 The ISCS software shall be able to be run in a virtualized environment. Functional ISCS-SWRS-
020101-07 101000-08
ISCS-SysRS- 2.1.1.8 Not used Deleted Deleted
020101-08
Note: Refer to
RTSO/03/202
2-030 for the
scope change
from SY08
MMS to SY10
ERP
ISCS-SysRS- 2.1.1.9 The ISCS software shall be able to run in high availability hypervisor server infrastructure. Info N/A
020101-09
Page 82 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.1.10 The ISCS software shall not have physical dongle license and must not be dependent on Info ISCS-SWRS-
020101-10 the identification and attribute of any hardware/equipment. The supply of the ISCS shall include all 105000-02
necessary software perpetual licences. ISCS-SWRS-
105000-05
ISCS-SysRS- 2.1.1.11 The ISCS software shall provide functions or tools to facilitate diagnostic, fault tracing, Functional ISCS-SWRS-
020101-11 troubleshooting and analysis of the system. 101000-09
ISCS-SysRS- 2.1.1.12 The ISCS system shall support distributed client-server architecture. Functional ISCS-SWRS-
020101-12 101000-10
ISCS-SysRS- 2.1.1.13 The ISCS shall be supplied with open protocol interfaces in-built to support the future Functional ISCS-SWRS-
020101-13 interfaced systems. 101000-11
ISCS-SysRS- 2.1.1.14 An alarm shall be raised in the ISCS upon its database and / or storage capacity exceeding Functional ISCS-SWRS-
020101-14 a pre-set threshold. 207000-03
ISCS-SysRS- 2.1.1.15 The Integrated Control Supervisory System (ISCS) shall provide monitoring and control of Functional ISCS-SWRS-
020101-15 the RTS Link, and facilities at OCC, BOCC, Depot, SCR, IMR and other locations as required. 101000-02
ISCS-SysRS- 2.1.1.16 All licenses shall be fully transferred to the Employer on completion of the works. Info ISCS-SWRS-
020101-16 105000-06
ISCS-SysRS- 2.1.1.17 The WPC shall include provision for the evolution, upgrade path and support of software Info ISCS-SWRS-
020101-17 and systems for the period specified in the contract. All software, middleware, hardware, tools and 401040-02
equipment shall use the latest proven technology with suitable protection for installation works at
general or confined spaces.
ISCS-SysRS- 2.1.1.18 All commercial “off the shelf” third party software, with the exception of operating systems, Info ISCS-SWRS-
020101-18 shall be the latest version available. 105000-01
ISCS-SysRS- 2.1.1.19 The design of the ISCS system shall allow for fall-back operation of the system to the Functional ISCS-SWRS-
020101-19 BOCC ISCS database in the event that the OCC ISCS database is “offline” or otherwise 207000-02
unavailable, and vice versa.
ISCS-SysRS- 2.1.1.20 The WPC shall responsible for design, manufacture, supply, liaison with other WPC for Info N/A
020101-20 interfacing, verification, validation, delivery, installation, testing, commissioning, provide training,
perform relocation works (if any), additional functions after final design and rectifying of defects
during Defect Liability Period (DLP) for the Communication System.
ISCS-SysRS- 2.1.1.21 The Communication systems shall be designed with accepted engineering practice and Info N/A
020101-21 build in accordance with current industry standards and relevant national and international
standards, relevant international railway industry standards as well as comply with local authority
requirements.
Page 83 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.1.22 ISCS is designed to meet the forecast ultimate demand while making optimum provision to Info N/A
020101-22 serve the initial service demand and is immune to any EMI (Electromagnetic Interference) and
Electromagnetic Compatibility (EMC) in accordance with EN 50121, where applicable.
ISCS-SysRS- 2.1.1.23 It is also resistant to vibration caused by passing trains and protected against transient Info N/A
020101-23 over-voltages resulting from lightning or switching surges. It is protected with adequately earthed to
the earthing system; further detail is to refer to EMC design documents.
ISCS-SysRS- 2.1.1.24 Field equipment is of robust, corrosion resistant, maintenance-free and easily cleaned Info N/A
020101-24 enclosures.
ISCS-SysRS- 2.1.1.25 Wires and cables used in the project is not subject to degradation over time due to the Info N/A
020101-25 environmental conditions. The Communication systems design shall prevent the insulating function
from deteriorating during operation due to the accumulation of dust, water or other contaminants
and debris.
ISCS-SysRS- 2.1.1.26 Materials, cables, installations, and equipment is designed and constructed to be Info N/A
020101-26 unattractive to, and be resistant to, reptiles, insects, and rodents etc. Cable entries and ducting shall
be sealed, and cables shall enter through close fitting cable glands to prevent ingress of reptiles,
insects, and rodents.
ISCS-SysRS- 2.1.1.27 All equipment (Server, Workstations, Network, Cabling (power and data) and related Info N/A
020101-27 equipment) shall be installed in network / server rack or secured location.
ISCS-SysRS- 2.1.1.28 Any mounted equipment shall be coordinated with InfraCo’s WPC. Info N/A
020101-28
ISCS-SysRS- 2.1.1.29 The installation of ISCS equipment shall consider maintenance clearance to ease the Info N/A
020101-29 maintenance activity.
ISCS-SysRS- 2.1.1.30 ISCS equipment is backed up by UPS supply provided by UPS WPC. Info N/A
020101-30
ISCS-SysRS- 2.1.1.31 Servers and RTUs are feed with redundant incoming power supplies. Redundant Power Info N/A
020101-31 Supply Units (PSU) that connect to different power sources shall be installed within the rack, to
provide high reliable power supplies for the critical system equipment.
ISCS-SysRS- 2.1.1.32 The design life of the Communication System shall be a minimum of fifteen (15) years and Info ISCS-SWRS-
020101-32 all components, materials, software, and other support required shall be available for at least fifteen 101000-12
(15) years from the Completion of the Works.
ISCS-SysRS- 2.1.1.33 The updated components shall be fully backwards compatible with the original installed Info ISCS-SWRS-
020101-33 components and the originally installed Operating System. 101000-13
Page 84 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.1.34 Intellectual property rights for bespoke software components design and development, Info ISCS-SWRS-
020101-34 including all design documentation, source codes, development environment and simulators, shall 101000-14
be transferred to Employer on completion of the works. The availability target for ISCS is 99.99%. ISCS-SWRS-
101000-16
ISCS-SysRS- 2.1.1.35 Spare capacity of 30% shall be provided and is considered in the design. Info ISCS-SWRS-
020101-35 101000-15
ISCS-SysRS- 2.1.1.36 In case of the logs are hard to read or understand, special trainings shall be provided to Info N/A
020101-36 Employer by COMMS WPC.
ISCS-SysRS- 2.1.1.37 As a part of the Communication System, it shall fully comply with the laws in Malaysia and Info N/A
020101-37 Singapore that shall include but not be limited to, the following standards:
ISCS-SysRS- 1.Malaysia’s Uniform Building By-Law 1984 Info N/A
020101-37-01
ISCS-SysRS- 2. National Fire Protection Association, NFPA 130 Info N/A
020101-37-02
ISCS-SysRS- 3. Standard for Fixed Guideway Transit Systems Info N/A
020101-37-03
ISCS-SysRS- 4. IEC, International Electro technical Commission Info N/A
020101-37-04
ISCS-SysRS- 5. Applicable NEMA and IEEE Standards Info N/A
020101-37-05
ISCS-SysRS- 6. Electrical Act 1990 & Regulations (latest edition) Info N/A
020101-37-06
ISCS-SysRS- 2.1.1.38 All equipment license is transferrable to the end user that enable full setup on replacement Info ISCS-SWRS-
020101-38 server, workstation, and spare parts without dependence on system provider and hardware 105000-03
provider.
ISCS-SysRS- 2.1.1.39 All software required to allow the ISCS to interface with other sub systems shall be defined Functional ISCS-SWRS-
020101-39 and/or developed during the final design phase. 101000-22
ISCS-SysRS- 2.1.1.40 All interface software shall be written to allow full control of the respective sub-system. Info N/A
020101-40
ISCS-SysRS- 2.1.1.41 The WPC shall manage design co-ordination between all interfaced systems to ensure that Info N/A
020101-41 all interfaces are fully developed, tested and commissioned.
ISCS-SysRS- 2.1.1.42 The WPC shall, as part of the design phase, develop a Functional Architecture detailing Info N/A
020101-42 how each sub-system functionality shall be implemented in the ISCS system.
Page 85 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.1.43 The ISCS shall monitor all interfaced systems equipment throughout the rail network, with Info N/A
020101-43 defined status and alarm information.
ISCS-SysRS- 2.1.1.44 The ISCS shall provide critical or override/emergency control functionality through the ISCS Info N/A
020101-44 HMI, if appropriate, for the above mentioned interfaced systems.
ISCS-SysRS- 2.1.1.45 The WPC shall ensure liaison with any of the Other WPCs and/or the Employer as Info ISCS-SWRS-
020101-45 appropriate, to define the list of statuses and alarms that are to be monitored by ISCS, the priority / 404000-06
severity levels of the alarms, and the list of operational controls.
ISCS-SysRS- 2.1.1.46 This dialogue process shall be a part of a more general process of discussion to achieve Info ISCS-SWRS-
020101-46 configuration and final design of the ISCS system, to meet the operator and maintainer 404000-04
requirements.
ISCS-SysRS- 2.1.1.47 The following requirement details general design review requirement: Info ISCS-SWRS-
020101-47 404010
ISCS-SysRS- 1. The HMI design and implementation shall be subject to prototyping and review by Info ISCS-SWRS-
020101-47-01 Employer. 404010-06
ISCS-SysRS- 2. The WPC shall submit the HMI design for review prior to the commencement of an Info ISCS-SWRS-
020101-47-02 HMI demonstration. 404010-07
ISCS-SysRS- 3. The WPC shall submit to the Employer for approval the relevant HMI design in Info ISCS-SWRS-
020101-47-03 accordance with the specified design stages. 404010-08
ISCS-SysRS- 4. The screen layouts shall be developed, taking into account the users' requirements, Info ISCS-SWRS-
020101-47-04 and shall be subject to further refinement and review by the user representatives before being 404010-09
incorporated into the final HMI workstations and equipment design during the various design stages. ISCS-SWRS-
404000-01
ISCS-SysRS- 5. The WPC shall provide and organise HMI prototypes for presentation, demonstration Info ISCS-SWRS-
020101-47-05 and submission to the Employer for review prior to their implementation. A minimum of three 404010-01
separate HMI prototype trials shall be made.
ISCS-SysRS- 6. The first HMI prototype shall be presented to the Employer according to the Info ISCS-SWRS-
020101-47-06 requirements. 404010-02
ISCS-SysRS- 7. The second and third HMI prototype trials shall be demonstrated during the pre-final Info ISCS-SWRS-
020101-47-07 design stage and final design stage respectively. 404010-03
ISCS-SysRS- 8. The HMI prototype demonstration shall consist of all screen objects and user Info ISCS-SWRS-
020101-47-08 interaction. 404010-04
ISCS-SysRS- 9. The WPC shall correct all the problems identified in the HMI prototype demonstration Info ISCS-SWRS-
020101-47-09 prior to the commencement of site testing. 404010-10
Page 86 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.1.48 The WPC shall seek the Employer’s approval at multiple stages throughout the Info ISCS-SWRS-
020101-48 development of the HMI. The stages shall include, but not be limited to, the production of wireframes 404000-03
and the hosting of mock-up HMI workshops.
ISCS-SysRS- 2.1.1.49 The WPC shall undertake all necessary software development in order to integrate the Functional ISCS-SWRS-
020101-49 ISCS and sub-system functionalities, as required by the Employer, into the ISCS Platform. These 101000-04
shall include but not be limited to the development and implementation of:
ISCS-SysRS- Functional ISCS-SWRS-
1. Drivers;
020101-49-01 101000-04-01
2. SDK;
020101-49-02 101000-04-02
3. API;
020101-49-03 101000-04-03
4. Database integration;
020101-49-04 101000-04-04
5. GUI integration; and
020101-49-05 101000-04-05
6. Peripheral integration.
020101-49-06 101000-04-06
ISCS-SysRS- 2.1.1.50 The WPC shall liaise with all Other WPCs to ensure that all interfaces and data requirements Info N/A
020101-50 are captured and managed to ensure successful integration of the ISCS system.
ISCS-SysRS- 2.1.1.52 The design and supply of the ISCS shall include, as a minimum, the following Info ISCS-SWRS-
020101-51 plans/strategies: 101000-18
ISCS-SysRS- Info ISCS-SWRS-
1. Alarm Management Strategy
020101-51-01 101000-18-01
2. Database Management Plan
020101-51-02 101000-18-02
3. Integration Plan
020101-51-03 101000-18-03
4. Access Authority Strategy
020101-51-04 101000-18-04
5. HMI Specification
020101-51-05 101000-18-05
6. Functional Architecture
020101-51-06 101000-18-06
Page 87 of 171
Rev. No. 0.4.0

ID
7. Future Expansion Strategy
020101-51-07 101000-18-07
ISCS-SysRS- 2.1.1.53 The ISCS scope shall include, but not limited to the following major areas: Functional ISCS-SWRS-
020101-52 101000
1. High availability (HA) HyperVisor Server infrastructure matrix at stations and control centers
020101-52-01 101000-01-01
2. Database Management System
020101-52-02 101000-01-02
020101-52-03 101000-01-03
ISCS-SWRS-
101000-01-
03-01
ISCS-SWRS-
101000-01-
03-02
ISCS-SWRS-
101000-01-
03-03
3. ISCS HMI able to remotely monitor and/or control; SCADA, VSS, PIDS, PA System, VRS, CTS,
ISCS-SWRS-
Master Clock, UPS, BMS, ECS, TVS, TETRA Radio, ATS, IPS, PSD, RS and etc.)
101000-01-
03-04
ISCS-SWRS-
101000-01-
03-05
ISCS-SWRS-
101000-01-
03-06
ISCS-SWRS-
101000-01-
03-07
4. RTU /PLC/ FEP and Marshalling Panel (for non-Power SCADA Application)
020101-52-04 101000-01-04
5. Printers
020101-52-05 101000-01-05
Page 88 of 171
Rev. No. 0.4.0

ID
6. Display/Monitor unit
020101-52-06 101000-01-06
7. Network Services Server
020101-52-07 101000-01-07
ISCS-SysRS- Info N/A
2.1.1.53 The COMMS WPC shall provide the study reports for Employer’s review and acceptance.
020101-53
ISCS-SysRS- 2.1.1.54 All ISCS system equipment and software shall be proven in use in a similar railway Info ISCS-SWRS-
020101-54 environment and be able to provide a demonstrably stable and reliable platform. 101000-19
ISCS-SysRS- 2.1.1.55 The ISCS system shall be suitable for the operational requirements of the RTS Link taking Info ISCS-SWRS-
020101-55 into account the environmental and operational conditions as set out in contract requirements. 101000-20
ISCS-SysRS- 2.1.1.56 The WPC shall ensure liaison with all Other WPCs, and the Employer, to determine control Info N/A
020101-56 functionality detail across all connected systems.
2.1.1.57 The ISCS system shall be designed to ensure that the total failure of the ISCS at any
020101-57 401020-03
single location, including full loss of the ISCS within the OCC, shall not affect the ability to perform
ISCS control and monitoring over the rest of the systems or RTS Link.
ISCS-SysRS- 2.1.1.58 The ISCS HMI design for visual displays and operator interaction, including video feed Info ISCS-SWRS-
020101-58 interaction and audio interface functionality, shall fully comply with the ergonomic and human factors 201010-04
engineering design requirements.
ISCS-SysRS- 2.1.1.59 The ISCS shall perform controls over other systems determined and defined as part of a Info N/A
020101-59 systems integration process, and as agreed with the Employer
ISCS-SysRS- 2.1.1.60 The WPC shall produce an Integration Plan to fully detail out how all systems shall be Info N/A
020101-60 integrated into the ISCS.
ISCS-SysRS- 2.1.1.61 The ISCS HMI shall undergo an ergonomic design approach in line with the Ergonomic & Info N/A
020101-61 Human Factors Guidelines for Control Rooms and Control Centres for all interfaced system
functionality.
ISCS-SysRS- 2.1.1.62 Open and industry standard protocols shall be implemented for all interfaces between Functional ISCS-SWRS-
020101-62 systems. 101000-03
2.1.1.63 The WPC shall establish, implement and maintain a software management system to the
020101-63 109010-01
requirements of ISO 90003 to ensure that all software supplied under the Contract shall comply with
the required quality and safety standards
ISCS-SysRS- Header Heading/
2.1.2 Software Engineering [ISCS-SysRS-020102]
020102 Subheading
Page 89 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.2.1 The WPC shall adopt a systematic approach in conducting analysis and design during the Info ISCS-SWRS-
020102-01 software requirements phase and throughout the software design process. 101000-05
2.1.2.2 The WPC shall use defined Codes of Practice to develop or modify software.
020102-02 104000-04
ISCS-SysRS- 2.1.2.3 Where previously developed software shall be reused within the Contract, the WPC shall Info ISCS-SWRS-
020102-03 identify and document the baseline version and related document in the Software Product Definition 105000-04
for all software to be reused.
ISCS-SysRS- 2.1.2.4 On request from the Employer, the WPC shall provide document and/or demonstration to Info ISCS-SWRS-
020102-04 demonstrate the development status of the software and the suitability of the software to be reused 101000-17
in the required system.
ISCS-SysRS- 2.1.2.5 If the modification of any previously developed software is adopted within the Contract, the Info ISCS-SWRS-
020102-05 WPC shall assess and clearly identify in the lifecycle document any impacts to the existing system 101000-06
software and hardware due to the required changes.
ISCS-SysRS- 2.1.2.6 The WPC shall define and implement a procedure covering the production, collation, and Info ISCS-SWRS-
020102-06 analysis of software metrics. 101000-07
2.1.3 Verification [ISCS-SysRS-020103]
020103 Subheading
ISCS-SysRS- 2.1.3.1 At each phase of the development lifecycle, the WPC shall verify that the output of the phase Info ISCS-SWRS-
020103-01 meets the input requirements of that phase in accordance with the requirements of EN50128. 404000-08
ISCS-SysRS- 2.1.3.2 The verification shall include but not be limited to the review of design document and the Info ISCS-SWRS-
020103-02 review of code. 404000-13
ISCS-SysRS- 2.1.3.3 The verification and the production of the output documents or software code shall be Info ISCS-SWRS-
020103-03 performed by different persons. 404000-14
ISCS-SysRS- 2.1.3.4 The WPC shall submit the key software design documents which shall include but not be Info ISCS-SWRS-
020103-04 limited to System Requirement Specification, Software Requirement Specification and Software 404000-09
Design Specification for all the subsystems for the Employer‘s acceptance.
ISCS-SysRS- 2.1.3.5 The WPC shall conduct a design presentation to the Employer for each of the document and Info ISCS-SWRS-
020103-05 shall demonstrate how the design outputs comply with the input requirements. 404000-15
2.1.4 Software Documentation Requirement [ISCS-SysRS-020104]
020104 Subheading
Page 90 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.4.1 For any developed and customised software, the WPC shall comply with the requirements Info ISCS-SWRS-
020104-01 of EN50128 and produce the specified output documents. These documents shall be submitted to the 104000-05
Employer for review and acceptance.
ISCS-SysRS- 2.1.4.2 For any system configured by application data, the WPC shall comply with the Info ISCS-SWRS-
020104-02 requirements of EN50128 and produce the specified output documents. These documents shall be 404000-10
submitted to the Employer for review and acceptance.
ISCS-SysRS- 2.1.4.3 The WPC shall maintain consistency between requirements, designs, code, tests Info ISCS-SWRS-
020104-03 specifications, user manuals and, where relevant, other additional items throughout the development 404000-11
lifecycle.
ISCS-SysRS- 2.1.4.4 The WPC shall perform formal change control process for the changes of all Info ISCS-SWRS-
020104-04 documentation and software and manage the versions of the document and software using a 404000-12
configuration management tool.
ISCS-SysRS- 2.1.4.5 Requirements of software shall be traceable throughout the document produced in the Info ISCS-SWRS-
020104-05 development lifecycle. The WPC shall employ a software tool to keep track of the traceability of the 404000-16
requirements among the document.
2.1.5 Software Maintenance [ISCS-SysRS-020105]
020105 Subheading
ISCS-SysRS- 2.1.5.1 Following the completion of System Acceptance Test or the System being handed over Info ISCS-SWRS-
020105-01 for operation, any of the WPC’s software modification and installation activities, which have an impact 405000-01
to the operation, shall be subject to control of the Employer and shall comply with following
requirements:
ISCS-SysRS- 1. All changes to the software shall be managed and controlled in accordance with Info ISCS-SWRS-
020105-01-01 the procedures as defined in the Software Configuration Management Plan; 405000-01-01
ISCS-SysRS- 2. The WPC shall define how system upgrades are to be delivered to site, installed Info ISCS-SWRS-
020105-01-02 and tested. This includes the definition of the media to be used and the method of proving 405000-01-02
correctness of the modified software;
ISCS-SysRS- 3. For any modification works on the delivered software, the WPC shall ensure that Info ISCS-SWRS-
020105-01-03 any impact to operations shall be avoided; and 405000-01-03
ISCS-SysRS- 4. For each installation of modified software to live system, the WPC shall submit a Info ISCS-SWRS-
020105-01-04 software release note, an installation method statement, and a system safety certificate to the 405000-01-04
Employer at least seven (7) days prior to the installation.
Page 91 of 171
Rev. No. 0.4.0

ID
020105-01-04-01 1. The software release note shall provide details of the modified software. 405000-01-
04-01
2. The method statement shall identify the schedule, installation procedure,
020105-01-04-02 405000-01-
impact to the operational system, and the fallback procedures.
04-02
2.1.6 Software Failure Reports [ISCS-SysRS-020106]
020106 Subheading
ISCS-SysRS- 2.1.6.1 The WPC shall generate a software failure report for each software failure that occurs, Info ISCS-SWRS-
020106-01 once the software has been approved for inclusion into the system and is subject to configuration 108000-01
control.
ISCS-SysRS- 2.1.6.2 All such reports shall be retained as part of the testing and commissioning records for the Info ISCS-SWRS-
020106-02 system and subject to inspection by the Employer. 108000-02
2.1.6.3 The report shall clearly show:
020106-03 108000-03
1. The observed symptoms
020106-03-01 108000-03-01
2. The likely cause
020106-03-02 108000-03-02
3. The fault category
020106-03-03 108000-03-03
4. The operator input
020106-03-04 108000-03-04
ISCS-SysRS- 2.1.6.4 The report shall also clearly show the following information which shall be entered when Info ISCS-SWRS-
020106-04 the failure has been investigated: 108000-04
1. The actual cause of the failure
020106-04-01 108000-04-01
2. The corrective action taken
020106-04-02 108000-04-02
3. All software modules affected
020106-04-03 108000-04-03
020107 2.1.7 Software Quality Assurance Plan [ISCS-SysRS-020107] Subheading
Page 92 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.7.1 The WPC shall submit a Software Quality Assurance Plan to the Employer for approval on Info ISCS-SWRS-
020107-01 the earliest of the following scenarios: 109020-01
ISCS-SysRS- 1. Not later than one (1) month after the completion of the Software Requirement Info ISCS-SWRS-
020107-01-01 Specification; or 109020-01-01
ISCS-SysRS- 2. Four (4) months after the date of the Letter of Acceptance of each relevant Designated Info ISCS-SWRS-
020107-01-02 Contractor or Designated Supplier. 109020-01-02
ISCS-SysRS- 2.1.7.2 A typical contents list for the Software Quality Assurance Plan shall define, but shall not Info ISCS-SWRS-
020107-02 be limited to: 109020-02
ISCS-SysRS- 1. The organisation of the WPC’s software development and testing personnel including Info ISCS-SWRS-
020107-02-01 his subcontractors of any tier, to illustrate the division of the works among the team members, and 109020-02-01
full details of the qualifications and experience of all software team leaders shall be included in the
Plan.
ISCS-SysRS- 2. The WPC software development lifecycle processes, including those of his Info ISCS-SWRS-
020107-02-02 subcontractors, in accordance with the requirements of ISO 12207 and/or EN 50128, whichever is 109020-02-02
applicable; the WPC shall explain in the Plan the reason(s) for any specific development lifecycle
processes and/or documents that are to be combined or further split.
ISCS-SysRS- 3. The software verification and validation processes in accordance with the requirements Info ISCS-SWRS-
020107-02-03 of ISO 12207 and/or EN 50128 whichever is applicable, indicating clearly the parties involved for 109020-02-03
each process.
ISCS-SysRS- 4. The WPC configuration management processes in accordance with the requirements Info ISCS-SWRS-
020107-02-04 of ISO 10007 for the configuration management of software and documentation; the WPC 109020-02-04
configuration management processes shall be extended to manage the software configuration of his
subcontractors of any tier.
ISCS-SysRS- 5. An automated tool proposed by the WPC for keeping track of software changes and Info ISCS-SWRS-
020107-02-05 the full history of software versions. 109020-02-05
ISCS-SysRS- 6. The proposed format for recording the configuration status of each software Info ISCS-SWRS-
020107-02-06 configuration item which shall be reported in the Monthly Progress Report. 109020-02-06
ISCS-SysRS- 7. The proposed format for recording the software installation status of all software after Info ISCS-SWRS-
020107-02-07 the commencement of Partial Acceptance Tests (PAT) which shall include, but shall not be limited 109020-02-07
to, system/subsystem name; software name; software version/ baseline number, installed locations,
and key software changes. A softcopy of the software installation status shall be provided to the
Employer monthly and/or as requested by the Employer.
Page 93 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 8. The proposed format of a software release note for notifying the Employer on the Info ISCS-SWRS-
020107-02-08 release of each new version of software for Factory Acceptance Tests (FAT) and/or on-site tests; 109020-02-08
the software release note shall include, but shall not be limited to, reference to baseline document,
software configuration items and versions, dependent software packages, implemented changes,
operational restrictions, and installation procedures.
ISCS-SysRS- 9. The proposed format of a defects register showing the status and a full description of Info ISCS-SWRS-
020107-02-09 all software defects identified and releases correcting the defect from the commencement of FAT up 109020-02-09
to the issue of the Completion Certificate for the Works; the defects register shall be in electronic
format and shall be provided to the Employer for information on monthly basis and/or as requested
by the Employer.
ISCS-SysRS- 10. The proposed list of software development lifecycle documentation for submission to Info ISCS-SWRS-
020107-02-10 the Employer for review. 109020-02-10
ISCS-SysRS- 2.1.7.3 The WPC shall, at least once every six (6) months and/or as requested by the Employer, Info ISCS-SWRS-
020107-03 review and update the Software Quality Assurance Plan to meet the requirements and development 109020-03
of the Works throughout the Contract. For any amendments to the Plan, the WPC shall as soon as
practicable submit the proposed amendments for approval by the Employer.
ISCS-SysRS- 2.1.7.4 For any proposed replacement of the software team leader(s), the WPC shall submit full Info ISCS-SWRS-
020107-04 details of the qualifications and experience of the proposed replacement to the Employer for approval. 109020-04
The replacement once approved, shall report for duty at least one (1) month prior to the departure of
the original team leader(s).
020108 2.1.8 Software Release and Management Control [ISCS-SysRS-020108] Subheading
ISCS-SysRS- 2.1.8.1 Software Control and associated control processes and procedures shall be a requisite for Info ISCS-SWRS-
020108-01 all software used within the Systems Works scope. 109030-01
ISCS-SysRS- 2.1.8.2 After the commencement of PAT on the equipment and/or system on Site, requests for Info ISCS-SWRS-
020108-02 any new installation and/or amendments to the software already installed in the equipment and/or 109030-02
system concerned shall be made by submission of a “software installation/modification request”
together with a software release note and other supporting documents, at least two (2) working days
prior to the installation. Unless otherwise directed by the Employer, the WPC shall not proceed with
the installation or modification of software until an “Approved” response has been obtained from the
Employer.
Page 94 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.8.3 After the issue of the Completion Certificate for the Works, requests for any new installation Info ISCS-SWRS-
020108-03 and/or amendment to the software already installed in the equipment and/or system concerned shall 109030-03
be made by submission of a “software installation/modification request” together with a software
release note and other supporting documents, at least seven (7) working days prior to the installation.
The proposed date of software installation shall be subject to the availability of the concerned system
to be advised by the Railway Operator or the Employer. Unless otherwise directed by the Employer,
the WPC shall not proceed with the installation or modification of software until an “Approved”
response has been obtained from the Employer. In addition, the WPC shall provide the results of
internal validation, installation methods, fall-back procedures and an assessment of the impact on the
system operations for the new software.
ISCS-SysRS- 2.1.8.4 The WPC shall ensure that the version number of each item of software for the Works Info ISCS-SWRS-
020108-04 shall be auditable without additional software or hardware tools. For all computer software, facilities 109030-04
shall be provided within the software for determining the software version. For all firmware and PLC
equipment, unless an indication of the version number is built into the equipment, a label showing the
software version shall be securely affixed on the firmware or equipment.
ISCS-SysRS- 2.1.8.5 The WPC shall ensure that all software and source codes are protected by and therefore Info ISCS-SWRS-
020108-05 can be made available, through a third party software escrow agreement. 109030-05
020109 2.1.9 Software Progress Tracking [ISCS-SysRS-020109] Subheading
ISCS-SysRS- 2.1.9.1 Prior to the conclusion of each phase for software requirements specification and software Info ISCS-SWRS-
020109-01 architecture design, the WPC shall make a presentation on the results of the WPC software 109040-01
requirements analysis and software architecture design to the Employer in Kuala Lumpur, Malaysia.
The WPC presentation shall be in sufficient detail to enable the Employer to obtain a clear
understanding of the software scope, software architecture and the planning of development activities.
ISCS-SysRS- 2.1.9.2 The WPC shall elaborate the entire software development efforts in detail in the Works Info ISCS-SWRS-
020109-02 Programme, highlighting the critical path for the activities. The Works Programme shall include, but 109040-02
shall not be limited to, the following activities:
1. software activities of all software components at each development lifecycle phase
020109-02-01 109040-02-01
2. software related Milestones
020109-02-02 109040-02-02
3. internal software audit and software assessment
020109-02-03 109040-02-03
Page 95 of 171
Rev. No. 0.4.0

ID
4. any other details as directed by the Employer
020109-02-04 109040-02-04
ISCS-SysRS- 2.1.9.3 The WPC shall establish and implement metrics for the measurement of the quality and Info ISCS-SWRS-
020109-03 progress of software activities. All metrics shall be based on auditable data. The metrics which shall 109040-03
be reported in the Monthly Progress Report, as a minimum, shall include:
1. number of total, passed and failed FAT cases
020109-03-01 109040-03-01
2. number of total, passed and failed PAT cases
020109-03-02 109040-03-02
3. number of total, passed and failed SAT cases
020109-03-03 109040-03-03
4. number of passed test cases per month for FAT, PAT and SAT
020109-03-04 109040-03-04
5. number of outstanding software defects
020109-03-05 109040-03-05
6. number of software defects rectified per month
020109-03-06 109040-03-06
020110 2.1.10 Software Audit [ISCS-SysRS-020110] Subheading
ISCS-SysRS- 2.1.10.1 For the development of non-safety related software, the WPC shall assign an internal Info ISCS-SWRS-
020110-01 software auditor to conduct internal software audits at least at quarterly intervals to ensure that the 109050-01
WPC processes are compliant with the requirements of the ISO 12207 Standard and the Contract
requirements.
ISCS-SysRS- 2.1.10.2 For the development of safety-related software, the WPC shall assign a software Info ISCS-SWRS-
020110-02 assessor to conduct a software assessment at least at quarterly intervals to ensure that the WPC 109050-02
processes are compliant with the requirements of the EN 50128 standard and the Contract
requirements.
ISCS-SysRS- 2.1.10.3 Software audits and assessment reports shall be submitted to the Employer within Info ISCS-SWRS-
020110-03 fourteen (14) days of completion of each software audit or assessment. 109050-03
Page 96 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.10.4 The internal software auditor and software assessor shall have at least five (5) years of Info ISCS-SWRS-
020110-04 experience in the establishment, maintenance and monitoring of software quality assurance systems 109050-04
based on international software quality assurance standards. The software assessor shall be
independent from the development organisation in accordance with EN 50128, and shall in addition
have at least five (5) years’ experience in the establishment, maintenance and monitoring of software
quality assurance systems conforming to EN 50128 Standard. The WPC shall submit full details of
the qualifications and experience of the software assessor and software auditor to the Employer for
approval, prior to carrying out any software audit and/or assessment. If the software auditor and/or
the software assessor become unavailable, the WPC shall submit to the Employer for approval, details
of the qualifications and experience of his proposed replacement.
ISCS-SysRS- 2.1.10.5 The WPC and his subcontractors of any tier shall be subject to software audits conducted Info ISCS-SWRS-
020110-05 by the Employer or his delegates at six (6) month intervals, or at such other intervals as may be 109050-05
required by the Employer. The WPC and his subcontractors shall afford to the auditor timely access
to all personnel, activities, software, source codes, documentation, procedures and records in
connection with the software development activities during the audits.
ISCS-SysRS- 2.1.10.6 A Software Corrective Action Request (CAR) or Software Observation Report (OBS) will Info ISCS-SWRS-
020110-06 be raised respectively by the auditors for each non-conformity or potential non-conformity identified 109050-06
during the audits. The WPC shall submit proposed corrective and preventive actions within seven (7)
days from the receipt of the CAR or OBS, to the Employer for review. The WPC shall take timely
corrective and preventive actions to rectify the CAR or OBS and to prevent any re-occurrence and
shall provide evidence of such to the Employer. The WPC shall maintain communications with the
auditor to ensure that all CAR/OBS are closed in a timely manner.
ISCS-SysRS- Info Heading/
020111 2.1.11 Software Documentation [ISCS-SysRS-020111] Subheading
ISCS-SysRS- 2.1.11.1 For any customised or newly developed software, the WPC shall submit the software Info ISCS-SWRS-
020111-01 development lifecycle documentation of the software to the Employer for review. 109060-01
ISCS-SysRS- 2.1.11.2 For safety-related software, the WPC shall include a requirements traceability matrix in Info ISCS-SWRS-
020111-02 each of the software lifecycle documents, to show the requirement traceability at individual 109060-02
requirement levels between the document concerned and the associated input documents.
ISCS-SysRS- 2.1.11.3 A diagram of the hardware configuration and a list of applicable software shall be included Info ISCS-SWRS-
020111-03 in the test specifications for all software-related tests. Each test case, together with the sequence of 109060-03
actions and the expected results, shall be clearly defined.
ISCS-SysRS- 2.1.11.4 For all software-related tests, the version of applicable software and site-specific data Info ISCS-SWRS-
020111-04 configuration shall be clearly recorded in the test record. 109060-04
Page 97 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.11.5 Where safety-related software is within the scope of the Contract, the WPC shall Info ISCS-SWRS-
020111-05 demonstrate that the software quality assurance system and development methods implemented 109060-05
throughout the software development lifecycle conform to the Contract requirements.
020112
2.1.12 Safety Integrity Level [ISCS-SysRS-020112] Subheading
ISCS-SysRS- 2.1.12.1 Unless the Safety Integrity Level (SIL) of software is specified in the Contract, the WPC Info ISCS-SWRS-
020112-01 shall, prior to the commencement of software requirement phase, assess the SIL for the software in 109070-01
accordance with EN 50128 and IEC 61508. Each software component within a system shall by default
have the same SIL as that of the system. The assessment result, together with justification, shall be
recorded in a SIL assessment report and submitted to the Employer for review.
020113
2.1.13 Software Deliverables and Licenses [ISCS-SysRS-020113] Subheading
ISCS-SysRS- 2.1.13.1 The WPC shall submit the following items to the Employer for review at least three (3) Info ISCS-SWRS-
020113-01 months prior to the issue of the Completion Certificate for the Works: 109080-01
1. Inventory list(s) of all software components installed for the Works
020113-01-01 109080-01-01
2. Licences of software.
020113-01-02 109080-01-02
ISCS-SysRS- 3. A backup copy of all delivered software in secondary storage media together with Info ISCS-SWRS-
020113-01-03 installation instructions to enable complete and/or partial re-installation of all software components 109080-01-03
for the Works.
4. All software source codes together with all necessary development tools.
020113-01-04 109080-01-04
5. A backup copy of the required software source files in secondary storage media.
020113-01-05 109080-01-05
ISCS-SysRS- 2.1.13.2 For any further software modifications after the items have been approved by the Info ISCS-SWRS-
020113-02 Employer, the WPC shall re-submit the revised items to the Employer by the end of the Defects 109080-02
Liability Period or as requested by the Employer.
ISCS-SysRS- 2.1.13.3 The Railway Operator shall be granted a royalty-free, non-exclusive and irrevocable Info ISCS-SWRS-
020113-03 licence to use all software delivered for the Contract for an unlimited period. 109080-03
ISCS-SysRS- 2.1.13.4 In order to allow for future software maintenance by the Railway Operator, the WPC shall Info ISCS-SWRS-
020113-04 deliver to the Employer the software source files of project specific software as required by the 109080-04
Page 98 of 171
Rev. No. 0.4.0

ID
Specifications. As a minimum, the source files of the following project specific software shall be
delivered:
1. PLC programme and data
020113-04-01 109080-04-01
ISCS-SysRS- 2. All software associated with the configuration for the operational user interface of the Info ISCS-SWRS-
020113-04-02 computer-based application 109080-04-02
3. A system parameters
020113-04-03 109080-04-03
ISCS-SysRS- 4. "Operational parameters database. Info ISCS-SWRS-
020113-04-04 For the software source files to be delivered, the WPC shall also deliver the associated hardware 109080-04-04
and software development tools, documents and training courses to the Railway Operator to
facilitate future modification of such software. In addition, the Railway Operator shall be vested with
the right to modify, enhance and regenerate any part or whole of the software for his own use."
020114
2.1.14 Backup [ISCS-SysRS-020114] Subheading
ISCS-SysRS- 2.1.14.1 The WPC shall perform at least a fortnightly backup for the outputs of software Info ISCS-SWRS-
020114-01 development works including those in progress, and shall also maintain backup copies of all software 109090-01
baselines produced in the past six months. The WPC back-up process shall ensure zero data loss.
020115
2.1.15 General Software Requirements [ISCS-SysRS-020115] Subheading
ISCS-SysRS- 2.1.15.1 The WPC shall follow the requirements specified in the GS and the requirements of this Info ISCS-SWRS-
020115-01 PS for the development and management of all software elements supplied under the Contract. 110000-01
2.1.15.2 The WPC shall produce a list of safety related software modules.
020115-02 110000-02
ISCS-SysRS- 2.1.15.3 Based on the list, the WPC shall analyse the possible effects of each failure on these Info ISCS-SWRS-
020115-03 components on the systems. 110000-03
ISCS-SysRS- 2.1.15.4 The analysis shall show that the software architecture has been thoroughly analysed to Info ISCS-SWRS-
020115-04 ensure that all credible faults are identified, the fault control methods are effective, and the residual 110000-04
faults are non-hazardous.
2.1.15.5 The WPC shall remove all the dormant or unused code from the software before testing.
020115-05 110000-05
020116 2.1.16 Software Design Requirements [ISCS-SysRS-020116] Subheading
Page 99 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.16.1 The software shall take into account hardware systematic, random, and common mode Info ISCS-SWRS-
020116-01 failures. 111000-01
ISCS-SysRS- 2.1.16.2 Data-driven software (including parametric or configurable software) shall be protected Info ISCS-SWRS-
020116-02 against possible errors arising from entry of incorrect data through accepted procedures. 111000-02
ISCS-SysRS- 2.1.16.3 If vital and non-vital software is to be implemented on a single hardware platform, then Info ISCS-SWRS-
020116-03 all of the software shall meet the requirements for vital software unless appropriate techniques are 111000-03
used to ensure vital software is unaffected by the non-vital software.
ISCS-SysRS- 2.1.16.4 Safety of software design shall be assured by the incorporation of fail-safe principles in Info ISCS-SWRS-
020116-04 the design of safety-critical modules. 111000-04
ISCS-SysRS- 2.1.16.5 Fail-safe designs shall ensure that any failure, or combination of failures, shall result in a Info ISCS-SWRS-
020116-05 condition that is known to be safe. 111000-05
ISCS-SysRS- 2.1.16.6 The software design shall adopt the Checked-Redundancy Design principle. The Info ISCS-SWRS-
020116-06 checking process shall encompass the complete subsystem, and/or all components, related to 111000-06
performing safety-critical functions.
ISCS-SysRS- 2.1.16.7 The checking process shall detect any failure of the subsystem which may degrade the Info ISCS-SWRS-
020116-07 integrity of the safety function. Where software is used to implement a system function, then software 111000-07
errors shall be considered as failures.
ISCS-SysRS- 2.1.16.8 Common mode failures shall be eliminated by ensuring that the independence of the Info ISCS-SWRS-
020116-08 checked-redundant paths of the safety-critical subsystem is maintained. This independence shall be 111000-08
extended to include the subsystem power supplies and software components of the checked-
redundant elements, such that no common faults, environmental conditions, power fluctuation, or EMI
give rise to common mode failure.
ISCS-SysRS- 2.1.16.9 The checking process shall be comprehensive and frequent. It shall be performed at least Info ISCS-SWRS-
020116-09 as often as the function which is being checked and sufficiently frequently that the probability of an 111000-09
unsafe failure shall satisfy the safety design requirement.
ISCS-SysRS- 2.1.16.10 Critical decision processes, which directly impact the system safety, within the software Info ISCS-SWRS-
020116-10 program, shall be structured to ensure minimum complexity and thus allow for review and explicit 111000-10
testing of the logic paths.
ISCS-SysRS- 2.1.16.11 The dependence of safety of the system on a single software decision process, logic path, Info ISCS-SWRS-
020116-11 or critical data element shall be avoided, where possible, by incorporating diversity within the software 111000-11
design.
Page 100 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.1.16.12 Databases which contain information that can impact the safety performance of the Info ISCS-SWRS-
020116-12 supplied system, shall be considered safety-critical, and shall be appropriately protected during data 111000-12
storage, retrieval, communications, and processing.
ISCS-SysRS- 2.1.16.13 The software system shall be designed to ensure that all such data is accurate during Info ISCS-SWRS-
020116-13 initial data entry, processing, utilisation, and update, and a process shall be established for 111000-13
appropriate data management of this safety-critical data.
020117 2.1.17 Software Quality Assurance [ISCS-SysRS-020117] Subheading
ISCS-SysRS- 2.1.17.1 The WPC shall implement a quality assurance system in compliance with the following Info ISCS-SWRS-
020117-01 requirements and specified in the GS. 112000-01
ISCS-SysRS- 2.1.17.2 In addition to the requirements of GS, the WPC shall also submit the following for review Info ISCS-SWRS-
020117-02 and acceptance of the Employer, to describe the software management methodology: 112000-02
1. Software Management Plan
020117-02-01 112000-02-01
2. Software Development Plan
020117-02-02 112000-02-02
3. Software Configuration Management Plan
020117-02-03 112000-02-03
4. Software Verification & Validation Plan
020117-02-04 112000-02-04
ISCS-SysRS- 2.2 System Architecture [ISCS-SysRS-020200] Header Heading/
020200 Subheading
ISCS-SysRS- 2.2.1 Operation Control Centre (OCC) [ISCS-SysRS-020201] Header Heading/
020201 Subheading
ISCS-SysRS- 2.2.1.1 The operation control centre is the main control command centre for operators to monitor Info N/A
020201-01 and control field equipment and interfacing systems in a project.
ISCS-SysRS- 2.2.1.2 An Operation Control Centre typically consists of redundant ISCS servers, ISCS HMIs with Info N/A
020201-02 multiple display units, network equipment and printers. (Hardware)
ISCS-SysRS- 2.2.2 Backup Operation Control Centre (BOCC) [ISCS-SysRS-020202] Header Heading/
020202 Subheading
ISCS-SysRS- 2.2.2.1 The Backup Operation Control Centre (BOCC) usually have very similar system Info N/A
020202-01 configuration as the Operation Control Centre (OCC). The BOCC is usually located at another
location to act as a disaster recovery or backup control centre to ensure operations of systems are
never disrupted and highly available.
Page 101 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.2.3 Station [ISCS-SysRS-020303] Header Heading/
020203 Subheading
ISCS-SysRS- 2.2.3.1 The Station will monitor equipment in the station only, i.e., Bukit Chagar / Woodlands North Info N/A
020203-01 Station will be able to monitor relevant Bukit Chagar / Woodlands North equipment only.
ISCS-SysRS- 2.2.3.2 The Station will contain ISCS HMIs with multiple display units for station monitoring Info N/A
020203-02 purposes.
ISCS-SysRS- 2.2.3.3 The Station will be operated by Station Operators for the station’s daily station operation. Info N/A
020203-03
ISCS-SysRS- 2.3 System Components [ISCS-SysRS-020300] Header Heading/Subh
020300 eading
ISCS-SysRS- In a typical command center setup, the system usually consists of the following components: Info N/A
020300 (Hardware)
ISCS-SysRS- Info
1. Servers with redundancy and fault tolerant support
020300-01 (Hardware)
ISCS-SysRS- Info
2. Workstations or thin-client HMIs with multiple monitors
ISCS-SysRS- Info
3. Large screen display, video wall
ISCS-SysRS- Info
4. Network equipment
ISCS-SysRS- Info
5. Printers
ISCS-SysRS- Info
6. Accessories such as Headset and microphone shall be provided
ISCS-SysRS- 2.3.1 ISCS HMI [ISCS-SysRS-020301] Header Heading/
020301 Subheading
ISCS-SysRS- 2.3.1.1 The ISCS HMI or workstation is the primary method for operators to control and monitor all Functional ISCS-SWRS-
020301-01 subsystem devices in a project. There are several ISCS HMIs located in the Operation Control 102000-01
Centre and at different locations of an organization.
ISCS-SysRS- 2.3.1.2 They provide all necessary operator functionalities, inputs, and outputs to enable full Functional ISCS-SWRS-
020301-02 operation of the interfaced subsystems such that, in normal operation, the operator shall not be 102000-03
required to use the interfaced subsystems' equipment directly.
ISCS-SysRS- 2.3.2 ISCS Display Terminals [ISCS-SysRS-020302] Header Heading/
020302 Subheading
Page 102 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.2.3.1 The ISCS HMI visual displays shall be designed to enable multiple operators to conduct Functional ISCS-SWRS-
020302-01 incident management at any given workstation. 205010-01
ISCS-SysRS- 2.2.3.2 The ISCS shall collect and integrate information from all interfaced sub-systems in order to Info ISCS-SWRS-
020302-02 display views onto the Video Control Panel (VCP). 205010-06
ISCS-SysRS- 2.2.3.3 The VCP shall be capable of displaying legible symbols and text visible from all workstations Info ISCS-SWRS-
020302-03 in the Control Room. 205010-07
ISCS-SysRS- 2.2.3.4 During final design, the WPC will propose a set of pre-defined VCP display layouts that will Functional ISCS-SWRS-
020302-04 be approved upon by the Employer. The operator will be able to rearrange the windows and 205020-01
adding/supressing feeds to modify the display layout.
ISCS-SysRS- 2.2.3.5 The extent of information displayed on the VCP shall be under the control of the operator(s) Functional ISCS-SWRS-
020302-05 identified as part of the WPC's detailed task analysis. 202010-07
ISCS-SysRS- 2.3.3 ISCS Server [ISCS-SysRS-020303] Header Heading/
020303 Subheading
ISCS-SysRS- 2.3.3.1 The ISCS Server shall host the ISCS software in a server-client architecture. The ISCS Info N/A
020303-01 server can be a server machine running Windows Server operating system or a high availability
Hyper-V server.
ISCS-SysRS- 2.3.4 Engineering Workstation [ISCS-SysRS-020304] Header Heading/
020304 Subheading
ISCS-SysRS- 2.3.4.1 The Engineering Workstation is used to perform configuration and modification of the ISCS Info N/A
020304-01 system graphics and database configuration.
ISCS-SysRS- 2.3.4.2 Configuration work shall be verified on this machine before the changes are applied to a live Info N/A
020304-02 system.
ISCS-SysRS- 2.3.5 Printer [ISCS-SysRS-020305] Header Heading/
020305 Subheading
ISCS-SysRS- 2.3.5.1 The printer shall be used to print all printing functions available in the ISCS system. Info N/A
ISCS-SysRS- 2.3.6 Marshalling Panel [ISCS-SysRS-020306] Header Heading/
020306 Subheading
ISCS-SysRS- 2.3.6.1 Marshalling panel shall be used as a demarcation point between ISCS System and field Info N/A
020306-01 equipment. (Hardware)
ISCS-SysRS- 2.3.6.2 Structured cabling with TIA-568 category 6 specification shall be used. Info N/A
Page 103 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.3.6.3 The COMMS WPC shall provide the hardwired electrical interface types – digital input and Info N/A
020306-03 analogue input at the marshalling panel. (Hardware)
ISCS-SysRS- 2.3.7 Portable Maintenance Laptop (PMT) [ISCS-SysRS-020307] Header Heading/
020307 Subheading
ISCS-SysRS- 2.3.7.1 Portable Maintenance Terminal (PMT) shall be used as maintenance laptop and installed Info N/A
020307-01 with the necessary communications systems maintenance / configuration software is to be used for (Hardware)
offline test and any maintenance works as part of the tools and test equipment. PMT can be used to
facilitate diagnostic, fault tracing, trouble shooting and analysis.
ISCS-SysRS- 2.3.8 Remote Terminal Unit (RTU) [ISCS-SysRS-020308] Header Heading/
020308 Subheading
ISCS-SysRS- 2.3.8.1 The WPC shall provide ISCS RTUs/PLCs and/or marshalling panels at all locations Info N/A
020308-01 containing interfacing systems or equipment that do not have an IP based connection for monitoring (Hardware)
and/or control by the ISCS system.
ISCS-SysRS- 2.3.8.2 The ISCS Remote Terminal Units (RTU) / Programmable Logic Controllers (PLC) shall Info N/A
020308-02 provide necessary hardware and software for the ISCS to interface with external hardwired (Hardware)
interfacing systems for equipment status acquisition and dispatching of control commands.
ISCS-SysRS- 2.3.8.3 RTU/PLC are required to gather digital and analogue input data representing various Info N/A
020308-03 plant states and to output digital and analogue data to control various items of plant, where a (Hardware)
network interface is not possible.
ISCS-SysRS- 2.3.8.4 The RTU/PLC shall also have the ability to perform independently the tasks, including Info N/A
020308-04 but not limited to the following: (Hardware)
ISCS-SysRS- 1. Interface to PLC or serial interface; Info N/A
020308-04-01 (Hardware)
ISCS-SysRS- 2. Perform point calculations through locally based programs for I/O points; Info N/A
020308-04-02 (Hardware)
ISCS-SysRS- 3. Support a permanent plug-in connection to a maintenance laptop; Info N/A
020308-04-03 (Hardware)
ISCS-SysRS- 4. Transmit to and receive serial data from other interfacing equipment; Info N/A
020308-04-04 (Hardware)
ISCS-SysRS- 5. Perform pulse accumulation; Info N/A
020308-04-05 (Hardware)
ISCS-SysRS- 6. Carry out D/A conversion; Info N/A
020308-04-06 (Hardware)
Page 104 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 7. Carry out A/D conversion and Alarm detect; Info N/A
020308-04-07 (Hardware)
ISCS-SysRS- 8. Issue command outputs; Info N/A
020308-04-08 (Hardware)
ISCS-SysRS- 9. Perform status and Alarm input processing; and Info N/A
020308-04-09 (Hardware)
ISCS-SysRS- 10. Download and upload of databases and programs from the OCC/BOCC. Info N/A
020308-04-10 (Hardware)
ISCS-SysRS- 2.3.8.5 The RTU/PLC shall be a stored program device with its software (firmware) resident in Info N/A
020308-05 non-volatile memory. (Hardware)
ISCS-SysRS- 2.3.8.6 Remote configuration and diagnostic of any ISCS RTU/PLC shall be possible from the Info N/A
020308-06 OCC and BOCC. (Hardware)
ISCS-SysRS- 2.4 System Interfaces Requirements [ISCS-SysRS-020400] Header Heading/
020400 Subheading
ISCS-SysRS- The ISCS system shall interface to the following systems in the table below, to provide the required Info N/A
020400 alarm and status monitoring and / or operational control functionality.
ISCS-SysRS- 2.4.1 Interface to Traction Power SCADA (PSCADA) System [ISCS-SysRS-020401] Header Heading/
020401 Subheading
ISCS-SysRS- 2.4.1.1 Operators can perform the following function via ISCS HMI (Interface at ISCS Server): Functional ISCS-SWRS-
020401-01 302030
ISCS-SysRS- 1. Control of Traction power network via Traction Power SCADA server (SIL 2) Functional ISCS-SWRS-
020401-01-01 302030-01
ISCS-SysRS- 2. Monitoring of Traction power network via Traction Power SCADA server (SIL 2) Functional ISCS-SWRS-
020401-01-02 302030-01
ISCS-SysRS- 3. Select and control one control output circuit; Only one at any time (SIL 2) Functional ISCS-SWRS-
020401-01-03 302030-02
ISCS-SysRS- 2.4.1.2 The interface between TPS and COMMS shall include, but not be limited to, the following: Info N/A
020401-02
1. Traction Power I/O
020401-02-01
2. Blue Light Station I/O
020401-02-02
3. Interface between TPS SCADA, CBN and ISCS
020401-02-03
Page 105 of 171

Rev. No. 0.4.0

ID
4. BLS and VSS interface (via ISCS)
020401-02-04
ISCS-SysRS- 2.4.1.3 The ISCS shall not directly control any Traction Power equipment. All control commands Functional ISCS-SWRS-
020401-03 from ISCS shall be communicated to the Traction Power SCADA server. 302030-05
ISCS-SysRS- 2.4.1.4 For the integration of the control and monitoring between ISCS system and Video Wall Functional ISCS-SWRS-
020401-04 Display Panel, a 750V system architecture and I/O shall be provided by the TPS WPC. 302030-03
ISCS-SysRS- 2.4.1.5 COMMS WPC is responsible to coordinate with the TPS WPC and define the priority / Info ISCS-SWRS-
020401-05 severity level of TPS equipment I/O points to be displayed at ISCS HMI. The TPS WPC shall 302030-06
provide the I/O point information in hardwire configuration, software configuration, software protocol,
software point address of the TPS equipment to COMMS WPC.
ISCS-SysRS- 2.4.1.6 The COMMS WPC shall provide the communication protocol, data structure and the server Info N/A
020401-06 address and database details for the TPS WPC to design an interface function for retrieving the data
correctly from the TPS server.
ISCS-SysRS- 2.4.1.7 The TPS shall design and provide the Traction Power Supply distribution single line diagram Functional ISCS-SWRS-
020401-07 to COMMS WPC and assist COMMS WPC to design the GUI on the ISCS HMI. The GUI drawing 205075-01
shall be submitted to Employer review and acceptance. The COMMS WPC shall be responsible to ISCS-SWRS-
produce the GUI for all related TPS equipment on the ISCS HMI. 205075-02
ISCS-SWRS-
205075-03
ISCS-SysRS- 2.4.1.8 The TPS WPC shall define the status, control, alarm and log and other functional interfaces Functional ISCS-SWRS-
020401-08 required to monitor and controlled by ISCS. The COMMS WPC shall follow and implement the 302030-04
function defined by the TPS WPC.
ISCS-SysRS- 2.4.1.9 The traction status received from Traction Power System shall be transmitted to Signalling Functional ISCS-SWRS-
020401-09 System via ISCS. 302030-07
ISCS-SysRS- 2.4.2 Interface to Fire System [ISCS-SysRS-020402] Header Heading/
020402 Subheading
ISCS-SysRS- 2.4.2.1 Operators can perform the following function via ISCS HMI (Interface at ISCS Server): Functional ISCS-SWRS-
020402-01 302120-02
ISCS-SysRS- 1. Monitoring of Fire System equipment status (SIL 2) Functional ISCS-SWRS-
020402-01-01 302120-02-01
ISCS-SysRS- 2. Example of equipment status to be monitored by ISCS is Fire Alarms (SIL 2) Functional ISCS-SWRS-
020402-01-02 302120-01
ISCS-SysRS- 2.4.3 Interface to Signalling System (SS) [ISCS-SysRS-020403] Header Heading/
020403 Subheading
Page 106 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.3.1 The ISCS will transmit the Automatic Tunnel Light Switch On during Passenger Evacuation Info NA
020403-01 to the iBMS.
ISCS-SysRS- 2.4.3.2 Not used Deleted Deleted
020403-02
Note: Refer to
RTSO/03/202
2-030 for the
scope change
from SY08
MMS to SY10
ERP
ISCS-SysRS- 2.4.3.3 ISCS shall transmit fire alarm status to Signalling System. (SIL 2) Functional ISCS-SWRS-
020403-03 302070-10
ISCS-SysRS- 2.4.3.4 The ISCS system shall transmit selected alarms and statuses to the Signalling System. Functional ISCS-SWRS-
020403-04 302070-02
ISCS-SysRS- 2.4.3.5 The ISCS HMI shall, as a minimum, provide the following functions: Functional ISCS-SWRS-
020403-05 302070-03
ISCS-SysRS- 1. Dynamic train location Functional ISCS-SWRS-
020403-05-01 302070-03-01
ISCS-SysRS- 2. Timetabling Functional ISCS-SWRS-
020403-05-02 302070-03-02
ISCS-SysRS- 3. Playback Functional ISCS-SWRS-
020403-05-03 302070-03-03
ISCS-SysRS- 4. Training simulator Functional ISCS-SWRS-
020403-05-04 302070-03-04
ISCS-SysRS- 5. Report Generation Functional ISCS-SWRS-
020403-05-05 302070-03-05
ISCS-SysRS- 2.4.3.6 The ISCS shall exchange operational data with the Signalling System. Functional ISCS-SWRS-
020403-06 302070-14
ISCS-SysRS- 2.4.3.7 The ISCS only offer limited control and monitoring on signalling system, and platform screen Functional ISCS-SWRS-
020403-07 door system. 302070-13
ISCS-SWRS-
302080-01
Page 107 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.3.8 The train arrival timing details for each platform from the SS shall be obtained by the Functional ISCS-SWRS-
020403-08 COMMS WPC and displayed on the PID. The interface shall be provided by the SS WPC based on 302070-04
the Ethernet standard.
ISCS-SysRS- 2.4.3.9 The information and data exchange necessary to facilitate Passenger Information Service; Functional ISCS-SWRS-
020403-09 Public Address at stations; and VSS shall be coordinated by the COMMS WPC with the SS WPC. In 302070-06
a data transfer protocol agreed by the WPCs, this information shall contain, but not be limited to, the
following:
1. Train running Timetable;
020403-09-01 302070-06-01
2. Upcoming passenger train
020403-09-02 302070-06-02
3. Non-passenger trains, non-stop information;
020403-09-03 302070-06-03
020403-09-04 302070-06-04
5. Estimated Time of Arrival of each upcoming passenger train; and
020403-09-05 302070-06-05
6. Train position.
020403-09-06 302070-06-06
2.4.3.10 Upon activation of ESP, the Signalling System shall send the ESP activation status including
020403-10 302070-07
the location of the ESP to ISCS System. The adjacent VSS shall be activated automatically by the
ISCS-SWRS-
ISCS HMI to display the VSS images at the appropriate workstation.
301091-05
ISCS-SysRS- 2.4.3.11 The equipment operation status and fault alarms conditions shall be transferred to the ISCS Functional ISCS-SWRS-
020403-11 by the SS WPC. A discussion and agreement shall be held between the SS WPC and COMMS WPC 302070-08
on the required alarm conditions. The interface/point schedule shall be submitted to the Employer for
review and acceptance.
ISCS-SysRS- 2.4.3.12 The ISCS shall be provided with a “Train Stopped in Tunnel Zone” status by the SS WPC to Functional ISCS-SWRS-
020403-12 prompt the trigger of the tunnel ventilation system to operate in the necessary mode when any train 302010-06
is stationary inside any section of the tunnel for more than a predefined period. The conditions for ISCS-SWRS-
providing the triggering signals shall be coordinated by SS WPC with InfraCo WPC. 302070-09
Page 108 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.3.13 The SS shall be provided with a “Fire Alarm” status for stations and tunnel by the COMMS Functional ISCS-SWRS-
020403-13 WPC to prevent trains from departing into the reported fire zone. In the event that a train has already 302070-10
departed, the train shall either be service brake to a standstill before the zone or continue to move to
the platform outside the zone depending on the distance between the train and the reported fire zone.
ISCS-SysRS- 2.4.3.14 When the train door emergency release handle is operated and the train is stopped in Functional ISCS-SWRS-
020403-14 between stations, the SS WPC shall provide a tunnel light switch on request from the ATS to the 302070-12
ISCS.
020403-15 2.4.3.15 When ESP at Train Wash Plant is activated, ISCS shall display the status of ESP at ISCS 302070-07
HMI. The interface/point schedule shall be submitted to the Employer for review and acceptance. ISCS-SWRS-
301091-05
ISCS-SysRS- 2.4.3.16 The ISCS only offer limited control and monitoring on signalling system, and platform screen Functional ISCS-SWRS-
020403-16 door system. 302070-13
ISCS-SysRS- 2.4.3.17 The ISCS shall display the information from the train wash plant for the train and the wash Info N/A
020403-17 plant to stop during emergency. The emergency stop plunger (dry contact) for the train wash plant
shall be provided by SS WPC.
ISCS-SysRS- 2.4.3.18 The ISCS HMI shall be integrated with the functionality to monitor the Signalling Control Functional ISCS-SWRS-
020403-18 System.. 302070-01
ISCS-SysRS- 2.4.3.19 The ISCS provided by COMMS WPC shall be used to interface PID and PA Systems and Functional ISCS-SWRS-
020403-19 SS. 302070-05
ISCS-SysRS- 2.4.4 Interface to Video Surveillance System (VSS) [ISCS-SysRS-020404] Header Heading/
020404 Subheading
ISCS-SysRS- 2.4.4.1 The ISCS HMI shall be equipped with at least two (2) free USB 3.0 ports or better which Info N/A
020404-01 support download of selected video clips. (Hardware)
ISCS-SysRS- 2.4.4.2 The ISCS HMI shall provide a readily navigable display via a geographical map display Functional ISCS-SWRS-
020404-02 showing the site layout, in plan view. 205071-01
ISCS-SysRS- 2.4.4.3 It shall be possible to view live video streams and pre-recorded video from any ISCS HMI, Functional ISCS-SWRS-
020404-03 regardless of geographical location, from any ISCS workstation. 301090-01
ISCS-SysRS- 2.4.4.4 The operator shall be able to perform the following actions: Functional ISCS-SWRS-
020404-04 301090-03
1. Pan, tilt and zoom control;
020404-04-01 301090-03-01
2. Selection of each camera to be displayed;
020404-04-02 301090-03-02
Page 109 of 171
Rev. No. 0.4.0

ID
3. Automatic panning on group or individual basis;
020404-04-03 301090-03-03
4. Reprogramming and auto sequencing of camera images;
020404-04-04 301090-03-04
5. Manual control of Network Video Recorder functions such as playback of recording;
020404-04-05 301090-03-05
6. Equipment identification;
020404-04-06 301090-03-06
7. Indication of faulty cameras or system faults;
020404-04-07 301090-03-07
8. Facility to select video images for presentation on any VDU;
020404-04-08 301090-03-08
9. Full control of any Video Display Unit supplied as part of the ISCS system;
020404-04-09 301090-03-09
ISCS-SysRS- 10. Manual selection by Operator of any single video image or a combination of video Functional ISCS-SWRS-
020404-04-10 images for display simultaneously; 301090-03-10
ISCS-SysRS- 11. Automatic selection in accordance with a pre-set configuration in the event of an Functional ISCS-SWRS-
020404-04-11 alarmed condition such as the VSS images in the event of an intrusion detection alarm; 301090-03-11
ISCS-SysRS- 12. Manual selection by Operator of any sequence of camera images with each image Functional ISCS-SWRS-
020404-04-12 displayed in time sequence with a variable dwell time pre-set by the Operator; 301090-03-12
13. Monitoring and annunciation of VSS system alarms;
020404-04-13 301090-03-13
14. Identification of the relevant camera on any video feed;
020404-04-14 301090-03-14
15. Addition and deletion of cameras; and
020404-04-15 301090-03-15
16. Modification of camera and VCA attributes.
020404-04-16 301090-03-16
ISCS-SysRS- 2.4.4.5 The functionality integrated into the ISCS HMI shall allow full control of the VSS sub-system Functional ISCS-SWRS-
020404-05 to allow full compliance with the VSS system functional requirements. 301090-12
ISCS-SysRS- 2.4.4.6 The ISCS HMI shall provide a readily navigable display via a geographical map display Functional ISCS-SWRS-
020404-06 showing the site layout, in plan view, onto which the location of each camera and other security 205071-01
equipment (such as AMS door etc.) is to be superimposed, along with the associated equipment ISCS-SWRS-
identification numbers. 205072-02
Page 110 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.4.7 The ISCS HMI shall work in conjunction with a keyboard and pointing devices for selecting Functional ISCS-SWRS-
020404-07 the camera and system icons so as to provide the interaction between the operator and the VSS 301090-11
system for picture selection, camera control and fault information.
ISCS-SysRS- 2.4.4.8 The ISCS HMI shall also work in conjunction with an integrated physical joystick for the Functional ISCS-SWRS-
020404-08 control of PTZ cameras. 301090-13
ISCS-SysRS- 2.4.4.9 The geographic map shall display VSS intrusion detection zones and associated alarms. Functional ISCS-SWRS-
020404-09 205072-01
ISCS-SysRS- 2.4.4.10 The ISCS HMI shall automatically project onto a designated tile the real-time image Functional ISCS-SWRS-
020404-10 associated with an alarm trigger and initiate alarm-triggered recording, for the following scenarios: 301091-01
1. Fire detection
020404-10-01 301091-01-01
2. Intrusion detection (using VSS video motion detection)
020404-10-02 301091-01-02
3. Intrusion detection (using ACS)
020404-10-03 301091-01-03
4. Blue Light Station (BLS Emergency Button)
020404-10-04 301091-01-04
ISCS-SysRS- 2.4.4.11 The VSS system shall be configured such that when PHP is activated, the VSS system Functional ISCS-SWRS-
020404-11 automatically produces an image of the person activating the PHP onto the ISCS HMI of the station 301091-04
operator / OCC operator / BOCC operator answering the call.
ISCS-SysRS- 2.4.4.12 At Stations, the WPC shall provide but not limited to: Info ISCS-SWRS-
020404-12 301090-05
1. ISCS HMI (hardware and software)
020404-12-01
2. Two (2) monitors at Station Control Room (SCR) for ISCS HMI display
020404-12-02
ISCS-SysRS- 3. The ISCS HMI (VSS part) can also perform video footage playback, search, and offline archiving Functional ISCS-SWRS-
020404-12-03 for the local station VSS system. 301090-05-01
4. ISCS HMI shall provide “absolute move” control for PTZ cameras.
020404-12-04 301090-05-02
ISCS-SysRS- 2.4.4.13 VSS images from the depot shall be able to display on the ISCS HMI at OCC, BOCC and Functional ISCS-SWRS-
020404-13 BDCC. 301090-10
Page 111 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.4.14 The OCC and BOCC Operators shall be able to perform the search, retrieval and playback Functional ISCS-SWRS-
020404-14 of the video clips stored in any NVR units of the VSS system via both ISCS HMI and VSS keyboard 301090-06
controller.
ISCS-SysRS- 2.4.4.15 The ISCS HMI shall also be able to export the recorded video footages to external storage Functional ISCS-SWRS-
020404-15 devices such as USB or other digital storage device. 301090-07
ISCS-SysRS- 2.4.4.16 The OCC and BOCC Operators shall be able to select and relay video images shown on Functional ISCS-SWRS-
020404-16 his ISCS HMI onto the Video Display Panel. 301090-08
ISCS-SysRS- 2.4.4.17 VSS keyboard controllers shall be provided at the OCC and BOCC to allow the Operators Info ISCS-SWRS-
020404-17 to perform fall back VSS control and selection functions during failure of the ISCS HMI. 401020-08
ISCS-SysRS- 2.4.4.18 A VSS fall back workstation (not connected to the ISCS system) shall also be provided at Info ISCS-SWRS-
020404-18 OCC and BOCC to allow the OCC and BOCC Operators to perform fall back VSS control and 401020-09
monitoring in the event the ISCS system fails.
ISCS-SysRS- 2.4.4.19 The number of tiles (each displaying an individual camera feed) per VDU at each ISCS HMI Functional ISCS-SWRS-
020404-19 shall be in line with the Ergonomic & Human Factors Guidelines for Control Rooms and Control 301090-02
Centre and shall be quantified during the final design for the Employer’s approval.
ISCS-SysRS- 2.4.4.20 The ISCS HMI shall allow the user to control the playback which shall include at least the Functional ISCS-SWRS-
020404-20 following functions, but not limited to: 301093-01
1. Play
020404-20-01 301093-01-01
2. Pause
020404-20-02 301093-01-02
3. Stop
020404-20-03 301093-01-03
4. Rewind
020404-20-04 301093-01-04
5. Fast play
020404-20-05 301093-01-05
6. Slow play
020404-20-06 301093-01-06
7. Next file
020404-20-07 301093-01-07
8. Previous file
020404-20-08 301093-01-08
Page 112 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 9. Search based on user defined values of a combination of parameters (specific date/time, defined Functional ISCS-SWRS-
020404-20-09 date/time periods, train ID, carriage ID and camera ID) 301093-01-09
10. Next camera
020404-20-10 301093-01-10
11. Previous camera
020404-20-11 301093-01-11
12. Full screen
020404-20-12 301093-01-12
13. Repeat
020404-20-13 301093-01-13
14. Shuffle
020404-20-14 301093-01-14
15. Backup selection
020404-20-15 301093-01-15
16. Digital zoom
020404-20-16 301093-01-16
ISCS-SysRS- 2.4.4.21 The ISCS HMI shall enable the simultaneous viewing of one, two or four recorded clips. Functional ISCS-SWRS-
020404-21 When more than one clips recorded in the same time from different sources are viewed in the same 301093-02
screen, these clips shall be played synchronised with respect to the real time they were recorded.
ISCS-SysRS- 2.4.4.22 The ISCS HMI shall be capable to export the selected and stored video clips to an external Functional ISCS-SWRS-
020404-22 storage device which can be easily playback in another computer. 301093-03
ISCS-SysRS- 2.4.4.23 The ISCS HMI shall accept at least the following parameters for specifying the video clip to Functional ISCS-SWRS-
020404-23 be retrieved and played from any NVR unit attached to the system: 301093-04
1. Location name
020404-23-01 301093-04-01
2. Camera name/ID
020404-23-02 301093-04-02
3. Start date and time (with precision down to seconds)
020404-23-03 301093-04-03
4. End date and time (with precision down to seconds)
020404-23-04 301093-04-04
5. Duration
020404-23-05 301093-04-05
Page 113 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.4.24 The ISCS HMI shall provide a snapshot function where the user can capture still images Functional ISCS-SWRS-
020404-24 from a stored video clip together with any on-screen display and export these images into computer- 301092-01
readable JPEG (.JPG or .JPEG) files.
ISCS-SysRS- 2.4.4.25 Upon activation of ESP, the SS WPC shall be responsible for alerting the ISCS including Functional ISCS-SWRS-
020404-25 the location of the ESP. The COMMS WPC shall be responsible in receiving information from ISCS 302070-07
for activating the necessary VSS. ISCS-SWRS-
301091-05
ISCS-SysRS- 2.4.4.26 The operator at the OCC shall be alerted automatically upon the triggering of the ESP via Functional ISCS-SWRS-
020404-26 ISCS HMI. The adjacent VSS shall be activated automatically by the ISCS HMI to display the VSS 205073-03
images at the workstations and video wall display. ISCS-SWRS-
301091-06
ISCS-SWRS-
301100-01
ISCS-SysRS- 2.4.4.28 The ISCS should conform to ONVIF open standards for the addition of new cameras Functional ISCS-SWRS-
020404-28 conforming with ONVIF Profile S for video streaming. 301090-09
ISCS-SysRS- 2.4.5 Interface to Access Management System (AMS) [ISCS-SysRS-020405] Header Heading/
020405 Subheading
ISCS-SysRS- 2.4.5.1 The AMS shall be provided by InfraCo. The ISCS shall interface with the AMS to obtain the Functional ISCS-SWRS-
020405-01 status of selected AMS devices controlling access to rooms in the Employer’s area of operations. 302040-01
ISCS-SysRS- 2.4.5.2 The ISCS Workstations in the OCC and BOCC shall be able to display the operational state Functional ISCS-SWRS-
020405-02 of the selected AMS devices. 302040-02
ISCS-SysRS- 2.4.5.3 On occurrence of an Intruder Detection or AMS security alarm, the ISCS Workstation Functional ISCS-SWRS-
020405-03 operator at the relevant Control Room shall be alerted to the location of the alarm, and the nearest 301091-02
VSS shall be triggered to display the real-time image.
ISCS-SysRS- 2.4.5.4 AMS and VSS shall have an integrated GUI, showing the geographical map / layout with the Functional ISCS-SWRS-
020405-04 exact locations of AMS and VSS equipment. 205071-02
ISCS-SysRS- 2.4.5.5 In the event of a fire alarm, the ISCS shall automatically display the number of staffs in the Functional ISCS-SWRS-
020405-05 affected building at the moment of activation of the Fire Alarm, as provided by the AMS. 302040-03
ISCS-SysRS- 2.4.6 Interface to Private Automatic Branch Exchange (PABX) System [ISCS-SysRS-020406] Header Heading/
020406 Subheading
ISCS-SysRS- 2.4.6.1 Normal operation shall be via the ISCS HMI. Functional ISCS-SWRS-
020406-01 301050-05
Page 114 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.6.2 The functionality integrated into the ISCS HMI shall allow full control of the PABX sub- Functional ISCS-SWRS-
020406-02 system to allow full compliance with the PABX system requirements. This shall include but not be 301050-01
limited to:
1. Monitoring and annunciation of PABX and system alarms
020406-02-01 301050-01-01
ISCS-SysRS- 2. Full control of the PABX system to enable all normal and emergency call handling Functional ISCS-SWRS-
020406-02-02 functionalities 301050-01-02
ISCS-SysRS- 3. Suitable Computer Telephone Integration including Unified Messaging for all PABX Functional ISCS-SWRS-
020406-02-03 services 301050-01-03
ISCS-SysRS- 2.4.6.3 Call handling shall include, as a minimum, the following features with visual and audible Functional ISCS-SWRS-
020406-03 prompts provided to the operator at the Control Room ISCS HMI, as appropriate to the call function 301050-02
to be processed:
1. Call queuing in order of call arrival
020406-03-01 301050-02-01
2. Call prioritisation for emergency services and user-defined requirements
020406-03-02 301050-02-02
3. Intrusion, standard, private, night service and manager/secretary call facilities
020406-03-03 301050-02-03
4. Incoming call answering
020406-03-04 301050-02-04
5. Call Hold and Call Park
020406-03-05 301050-02-05
6. Call Terminations
020406-03-06 301050-02-06
ISCS-SysRS- 7. Call Transfer to the recipient via the external systems accessible to the Telephone Functional ISCS-SWRS-
020406-03-07 System including the PSTN, InfraCo’s Telephone Network, and TETRA Radio system or to the 301050-02-07
recipient’s cellular radio telephone
8. Display of each user’s telephone status (availability)
020406-03-08 301050-02-08
9. Display of Call Line Identity
020406-03-09 301050-02-09
10. Display and scrolling through of telephone directory
020406-03-10 301050-02-10
ISCS-SysRS- 2.4.6.4 It shall be possible to make and receive incoming and outgoing calls, route calls based on Functional ISCS-SWRS-
020406-04 the selection of a destination by entering an extension number. 301050-03
Page 115 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.6.5 It shall be possible to handle various forms of number dialing including short-code and Functional ISCS-SWRS-
020406-05 preconfigured single button dialing. 301050-04
ISCS-SysRS- 2.4.6.6 At the location where VSS cameras overseeing PHP, the PHP shall interface with the VSS Functional ISCS-SWRS-
020406-06 system via ISCS. Such that when PHP is activated, the VSS camera image shall be displayed 301091-03
automatically to the related SCR’s ISCS HMI and OCC’s ISCS HMI.
ISCS-SysRS- 2.4.6.7 The following types of telephones shall be provided, but not limited to: Info N/A
020406-07
1. Basic IP phone console for normal PABX functions
020406-07-01
ISCS-SysRS- 2. Enhanced IP phone console for normal PABX functions that provided to Station Master Info N/A
020406-07-02 and Manager Level position personnel
ISCS-SysRS- 2.4.6.8 The on-line VSS image shall pop-up at station ISCS HMI and OCC ISCS HMI. Functional ISCS-SWRS-
020406-08 301050-06
ISCS-SysRS- 2.4.7 Interface to Voice Recorder [ISCS-SysRS-020407] Header Heading/
020407 Subheading
ISCS-SysRS- 2.4.7.1 Functionality for the Voice Recorder System to be provided on the operator’s ISCS Functional ISCS-SWRS-
020407-01 workstation in Control Rooms, to be agreed with the Employer during final design. 301070-01
ISCS-SysRS- 2.4.7.2 Available functionality shall be dependent on the operator profile. Functional ISCS-SWRS-
020407-02 301070-02
ISCS-SysRS- 2.4.8 Not used [ISCS-SysRS-020408] Header Heading/
020408 Subheading
ISCS-SysRS- 2.4.9 Interface to Tunnel System [ISCS-SysRS-020409] Header Heading/
020409 Subheading
ISCS-SysRS- 2.4.9.1 Tunnel systems comprises of Tunnel Ventilation System and Tunnel / Viaduct lighting Functional ISCS-SWRS-
020409-01 systems. ISCS shall able to monitor and control the Tunnel Systems. 302010-01
ISCS-SWRS-
302010-08
ISCS-SysRS- 2.4.9.2 All the Tunnel Systems equipment controls and logics are coordinated and executed by the Info N/A
020409-02 Tunnel Systems Controllers which is provided by the InfraCo.
ISCS-SysRS- 2.4.9.3 In normal operation, control of all the Tunnel Systems shall be by the Tunnel Systems Functional ISCS-SWRS-
020409-03 Controllers automatically. 302010-03
Page 116 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.9.4 Under normal operation, Tunnel System Controllers will control all tunnel equipment Functional ISCS-SWRS-
020409-04 according to the predefined logic, parameter setting and time schedule. The ISCS workstation shall 302010-02
display the current operating mode.
ISCS-SysRS- 2.4.9.5 No intervention from the OCC/BOCC operator is required except for incident handling. Functional ISCS-SWRS-
020409-05 302010-10
ISCS-SysRS- 2.4.9.6 The ISCS shall communicate with the Tunnel System Controllers to enable remote ISCS Functional ISCS-SWRS-
020409-06 HMI operation at OCC. 302010-11
ISCS-SysRS- 2.4.9.7 In the event of emergency e.g., Fire mode, OCC shall be able to override the automatic Functional ISCS-SWRS-
020409-07 mode remotely via ISCS HMI. 302010-12
ISCS-SysRS- 2.4.9.8 Monitoring and control of the Tunnel Systems shall be provided on ISCS HMI screen Functional ISCS-SWRS-
020409-08 according to the user profile and control location. The OCC operator shall be able to monitor and/or 302010-05
control the minimum but not limited to following:
1. Individual start/stop control TVS
020409-08-01 302010-05-01
2. Tunnel/ Viaduct Emergency Lighting
020409-08-02 302010-05-02
3. Equipment operating status
020409-08-03 302010-05-03
4. Equipment alarms
020409-08-04 302010-05-04
020409-08-05 302010-05-05
ISCS-SWRS-
302010-05-
05-01
5. TVS mode operating status (Normal modes, congestion modes and fire mode) (SIL 2) ISCS-SWRS-
302010-05-
05-02
ISCS-SWRS-
302010-05-
05-03
ISCS-SysRS- 2.4.9.9 Based on the requests received from the SS, the respective section of the tunnel light shall Functional ISCS-SWRS-
020409-09 be switched on by the ISCS. 302010-07
Page 117 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.9.10 The InfraCo WPC and the COMMS WPC shall jointly develop a scheme on tunnel light Info N/A
020409-10 section opening and submit for the Employer’s review and acceptance.
ISCS-SysRS- 2.4.9.11 Automatic Tunnel Light Switch On during passenger evacuation shall be controlled from the Functional ISCS-SWRS-
020409-11 ISCS. 302070-11
ISCS-SysRS- 2.4.9.12 InfraCo WPC shall provide mode tables to COMMS WPC for control of the tunnel systems. Functional ISCS-SWRS-
020409-12 302010-04
ISCS-SysRS- 2.4.10 Interface to Public Address (PA) System [ISCS-SysRS-020410] Header Heading/
020410 Subheading
ISCS-SysRS- 2.4.10.1 The ISCS HMI shall have equipped with the GUI with graphical display of site layout with Functional ISCS-SWRS-
020410-01 icons representing the PA zones. 205074-01
ISCS-SysRS- 2.4.10.2 The OCC and BOCC ISCS HMI shall have equipped with an overall graphical mimic for all Functional ISCS-SWRS-
020410-02 remote sites. 205070-06
ISCS-SysRS- 2.4.10.3 Zone occupancy indications shall be shown on the ISCS HMI when message is being Functional ISCS-SWRS-
020410-03 broadcasted to the PA zone(s). 301030-01
ISCS-SysRS- 2.4.10.4 The ISCS HMI shall be able to identify the location where message is initiated. Functional ISCS-SWRS-
020410-04 301030-01
ISCS-SysRS- 2.4.10.5 In the event of ISCS HMI failure, the Digital Call Station shall operate in fall back mode Info ISCS-SWRS-
020410-05 allowing operator to make live announcement to particular zone or any combination of zones. 401020-05
ISCS-SysRS- 2.4.10.6 Under the normal operation, the operator shall able to make live announcement or initiate a Functional ISCS-SWRS-
020410-06 pre-recorded message stored in DVAS, through the ISCS HMI. 301030-02
ISCS-SysRS- 2.4.10.7 In the event of ISCS HMI failure, the Digital Call Station shall operate in fall back mode Functional ISCS-SWRS-
020410-07 allowing station operator to make live announcement to particular zone or any combination of zones. 401020-16
ISCS-SysRS- 2.4.10.8 The PA System shall interface with the Signalling System via ISCS for announcement Functional ISCS-SWRS-
020410-08 regarding with train service-related information, such as Time-To- Next-Train (TTNT), train delays 301030-03
and etc. ISCS-SWRS-
301030-23
ISCS-SysRS- 2.4.10.9 The PA system shall interface with ISCS for station operational announcement. For Functional ISCS-SWRS-
020410-09 example, station daily open, station daily close, concourse close and station close. 301030-04
ISCS-SysRS- 2.4.10.10 The PA System shall interface with PIDS via ISCS for synchronise the audio Functional ISCS-SWRS-
020410-10 announcement and display message (e.g., train services and emergency evacuation information). 301030-05
ISCS-SysRS- 2.4.10.11 OCC or BOCC operator shall use ISCS HMI for making live or pre-recorded Functional ISCS-SWRS-
020410-11 announcement to various locations throughout the RTS Link, including but not limited to: 301030-06
Page 118 of 171

Rev. No. 0.4.0

ID
1. Individual zones
020410-11-01 301030-06-01
2. A number of zones
020410-11-02 301030-06-02
3. Depot zones
020410-11-03 301030-06-03
4. All zones within an individual station or depot,
020410-11-04 301030-06-04
5. All stations or entire depot
020410-11-05 301030-06-05
ISCS-SysRS- [NOTE] Functional ISCS-SWRS-
6. Individual train
020410-11-06 301030-06-06
ISCS-SysRS- [NOTE] Functional ISCS-SWRS-
7. A group of trains or
020410-11-07 301030-06-07
ISCS-SysRS- 8. [NOTE] All trains Functional ISCS-SWRS-
020410-11-08 [NOTE]: Train announcement (Item 6, 7 and 8) will be done via TETRA Radio System Interface. 301030-06-08
ISCS-SysRS- 2.4.10.12 The ISCS HMI shall be able to allow the operator to determine whether a station PA Functional ISCS-SWRS-
020410-12 System is busy by means of a feedback signal. 301030-07
ISCS-SysRS- 2.4.10.13 In the event of ISCS HMI failure, the Digital Call Station shall operate in fall back mode Info ISCS-SWRS-
020410-13 allowing OCC and BOCC operator to make live announcement to selected station(s). 401020-06
ISCS-SysRS- 2.4.10.14 A PA system shall be installed within Depot area. The OCC’s or BOCC’s authorised Info N/A
020410-14 personnel shall able to use the ISCS HMI to broadcast live and pre-recorded messages
announcement to, Light/Heavy Maintenance Hall, stabling yard area and other depot areas.
ISCS-SysRS- 2.4.10.15 The ISCS HMI at OCC, BOCC and SCR shall have the recording facility for operator to Functional ISCS-SWRS-
020410-15 create pre-recorded message and store inside the local DVAS database. 301030-08
ISCS-SysRS- 2.4.10.16 OCC and BOCC ISCS HMI shall also be able to access to any station DVAS in order to Functional ISCS-SWRS-
020410-16 upload/download any pre-recorded message file from/to its database. 301030-09
ISCS-SysRS- 2.4.10.17 The ISCS HMI shall provide the pre-listening and playback of any pre-recorded messages Functional ISCS-SWRS-
020410-17 prior to broadcasting 301030-10
ISCS-SysRS- 2.4.10.18 The ISCS HMI shall have selection facilities to direct the message to any zone, Functional ISCS-SWRS-
020410-18 combination of zones or all zones. The operator shall be required to confirm this selection before the 301030-11
message is transmitted.
Page 119 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.10.19 ISCS HMI shall allow operator to choose to deliver a single of pre-recorded message or a Functional ISCS-SWRS-
020410-19 sequence of pre-recorded messages. These messages shall be able to be sent out once or 301030-12
periodically at a constant interval to the selected zone(s). The constant interval shall be configurable
by the operator.
ISCS-SysRS- 2.4.10.20 Other than one-off or periodic announcement, the PA System shall make pre-recorded Functional ISCS-SWRS-
020410-20 announcement according to the events in the schedulers provided in the ISCS HMI. 301030-13
ISCS-SysRS- 2.4.10.21 It shall be possible for the operator to record the ad-hoc messages via the ISCS HMI. Functional ISCS-SWRS-
020410-21 Operator shall able to re-play these messages like other pre-recorded messages and using it for 301030-14
broadcast.
ISCS-SysRS- 2.4.10.22 The system shall be able to generate chime tones automatically before and after pre- Functional ISCS-SWRS-
020410-22 recorded message announcement. The operator shall be able to enable or disable this feature via 301030-15
the ISCS HMI.
ISCS-SysRS- 2.4.10.23 It shall be possible to cut out any broadcasting pre-recorded messages through a one- Functional ISCS-SWRS-
020410-23 step operation using the ISCS HMI. 301030-16
ISCS-SysRS- 2.4.10.24 The ISCS shall frequently communicate with the PA System for the activation and Functional ISCS-SWRS-
020410-24 announcement of specific train service, operational or emergency messages when a pre-defined 301030-17
condition is detected by the ISCS.
ISCS-SysRS- 2.4.10.25 Upon receiving the initiate commands from ISCS, the PA System shall automatically Functional ISCS-SWRS-
020410-25 broadcast related pre-recorded messages to the designated PA zones at the station. 301030-17
ISCS-SysRS- 2.4.10.26 Upon receiving the cancel commands from the ISCS, the PA System shall automatically Functional ISCS-SWRS-
020410-26 cancel the messages in broadcast and provide acknowledgement to ISCS on the status of the 301030-18
cancellation.The status of the broadcast shall be visible to the ISCS HMI. ISCS-SWRS-
301030-19
ISCS-SysRS- 2.4.10.27 The message priority shall be programmable via the ISCS HMI, and shall able to offer, but Functional ISCS-SWRS-
020410-27 not limited to the priority levels. 301030-20
ISCS-SysRS- 2.4.10.28 Automatic Noise Sensing function shall be disabled by operator via ISCS HMI. Functional ISCS-SWRS-
020410-28 301030-21
ISCS-SysRS- 2.4.10.29 Alternatively, the operator can assign the maximum level output for PA announcement via Functional ISCS-SWRS-
020410-29 ISCS HMI. 301030-22
ISCS-SysRS- 2.4.11 Interface to Passenger Information Display System (PIDS) [ISCS-SysRS-020411] Header Heading/
020411 Subheading
ISCS-SysRS- 2.4.11.1 The PIDS shall interface to the Master Clock and PA System for synchronised messages Functional ISCS-SWRS-
020411-01 and shall interact with the Signalling System via ISCS for the information such as train scheduling, 301040-01
train departure, train arrival at station.
Page 120 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.11.2 The PIDS GUI shall be integrated into ISCS HMI, which shall be provided, but not limited to Functional ISCS-SWRS-
020411-02 the following locations: 301040-31
ISCS-SysRS- 1. OCC Functional ISCS-SWRS-
020411-02-01 301040-31-01
ISCS-SysRS- 2. BOCC Functional ISCS-SWRS-
020411-02-02 301040-31-02
ISCS-SysRS- 3. Every Station PSC Functional ISCS-SWRS-
020411-02-03 301040-31-03
ISCS-SysRS- 2.4.11.3 The PIDS shall interface with Signalling System via ISCS for enable train related Functional ISCS-SWRS-
020411-03 information is displayed to passengers, including but not limited to train arrival, train destination, 301040-02
train bypass, train turn back, train short loop, detrain, and interchange information display.
ISCS-SysRS- 2.4.11.4 The PIDS shall interface with Fire Protection System via ISCS for fire emergency Functional ISCS-SWRS-
020411-04 evacuation information display. The Fire Protection System will be provided by InfraCo. 301040-03
ISCS-SysRS- 2.4.11.5 The PIDS shall interface with ISCS for station operational information display for Functional ISCS-SWRS-
020411-05 passengers. For example, station daily open, station daily close, concourse close and station close 301040-04
information display.
ISCS-SysRS- 2.4.11.6 The PIDS shall be designed in the way such that the individual station PIDS shall be able to Functional ISCS-SWRS-
020411-06 operate independently via ISCS HMI in case of lost connection to OCC or BOCC. 301040-25
ISCS-SysRS- 2.4.11.7 The ISCS HMI at OCC, BOCC and Station SCR shall be capable to allow maintenance Functional ISCS-SWRS-
020411-07 personal/operator to perform the PIDS operation, system configuration, diagnostics and alarm 301040-24
logging functions.
ISCS-SysRS- 2.4.11.8 The ISCS HMI shall be able for operator to instantly construct a new message, or selection Functional ISCS-SWRS-
020411-08 from the look-up table, and shall able to broadcast it to one side or both sides of a PID, a group of 301040-05
PIDs or all PIDs.
ISCS-SysRS- 2.4.11 9 The ISCS HMI shall have the capability to allow operator to blank/un blank of one side or Functional ISCS-SWRS-
020411-09 both sides of a PID, a group of PIDs or all PIDs within station. 301040-06
ISCS-SysRS- 2.4.11.10 The ISCS HMI shall has the capability of allowing the operator to manually set the PID’s Functional ISCS-SWRS-
020411-10 display intensity. 301040-07
ISCS-SysRS- 2.4.11.11 The ISCS HMI shall be able to allow one-to-one pixel mapping (exact same as the PID Functional ISCS-SWRS-
020411-11 display) for “What You See What You Get” feature. Specialised font types and icon (input by the 301040-08
operator) have to be equipped for aligning the corporate image with the operator. Furthermore,
templates of screen display have to be provided for easy editions.
Page 121 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.11.12 The ISCS HMI shall provide the function that allow operators to customise the PID display Functional ISCS-SWRS-
020411-12 layout, e.g. shifting the text message from bottom to top section or enlarge the video message 301040-09
window.
ISCS-SysRS- 2.4.11.13 The PIDS shall be equipped with a time scheduler, which allow the system to automatic Functional ISCS-SWRS-
020411-13 display the special message based on the time schedule. This time schedule can be edited by the 301040-10
operator via ISCS HMI.
ISCS-SysRS- 2.4.11.14 The ISCS HMI shall have a reset command for the PIDS operator to stop the message Functional ISCS-SWRS-
020411-14 display. When the message display is reset, the current messages shall be cancelled and then the 301040-11
pre-set routine display schedule shall be resumed.
ISCS-SysRS- 2.4.11.15 Equipment alarm, along with an audible tone shall be available to alert the operator of a Functional ISCS-SWRS-
020411-15 PIDS equipment fault via ISCS HMI. Any PID faults shall be shown on the associated PID icon on 301040-12
the ISCS HMI. The ISCS HMI shall able to display at least of fifty (50) alarm events. In addition, the
ISCS HMI shall capable of providing indication on the Application Status and its Integration Status
between PIDS System and other systems. There must be facilities and tools available for the
traceability and analysis shall failure/fault/error on application and integration happened.
ISCS-SysRS- 2.4.11.16 ISCS HMI shall have a facility to manual override any train service information display Functional ISCS-SWRS-
020411-16 such as Time-Till-Next-Train (TTNT). The facility shall allow the operator to manual override the 301040-13
TTNT information and input train service information manually. Auto countdown for the manually
input values shall be provided.
ISCS-SysRS- 2.4.11.17 The ISCS HMI shall have a real-time “WYSIWYG” facility (pixel by pixel) to dynamic view Functional ISCS-SWRS-
020411-17 the information assigned to a selected PID board by clicking at a PID icon or by keyboard input of 301040-14
the identity number of the associated PID(s).
ISCS-SysRS- 2.4.11.18 The PIDS display message shall be activated by, but not limit to the following modes: Functional ISCS-SWRS-
020411-18 301040-15
ISCS-SysRS- 1. Command mode – the commands from ISCS for specific station operational or Functional ISCS-SWRS-
020411-18-01 emergency messages. 301040-15-01
2. Manual mode – triggered by the operator via ISCS HMI.
020411-18-02 301040-15-02
ISCS-SysRS- 2.4.11.19 The ISCS HMI shall provide the facilities to initiate any fixed message or instantly Functional ISCS-SWRS-
020411-19 constructed messages, and editing from pre-formatted messages. 301040-16
ISCS-SysRS- 2.4.11.20 The ISCS HMI shall allow operators to instantly construct messages and store to the local Functional ISCS-SWRS-
020411-20 database in the PIDS Server. 301040-17
Page 122 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.11.21 The pre-formatted messages for each station shall be identical, providing data fields for Functional ISCS-SWRS-
020411-21 name, time or other variables to be entered via ISCS HMI. 301040-18
ISCS-SysRS- 2.4.11.22 Each constructed message shall be classified and assigned through the ISCS HMI or Functional ISCS-SWRS-
020411-22 PMT. 301040-19
ISCS-SysRS- 2.4.11.23 Message log shall be downloaded automatically to the message database of the OCC and Functional ISCS-SWRS-
020411-23 BOCC PIDS Server for periodic central archiving. Message retention shall be programmable via 301040-20
ISCS HMI.
ISCS-SysRS- 2.4.11.24 All PID boards shall be formed as groups (i.e. northbound platform PID group) that shall Functional ISCS-SWRS-
020411-24 be addressable individually or in groups through the ISCS HMI. 301040-21
ISCS-SysRS- 2.4.11.25 In case of the ISCS HMI failure, the PID can still display the pre-defined Info ISCS-SWRS-
020411-25 messages/schedules according to the operations requirement. 401020-07
ISCS-SysRS- 2.4.11.26 Reset, blank/un blank, power on/off PID can be performed via the local control device or Functional ISCS-SWRS-
020411-26 ISCS HMI. 301040-22
ISCS-SysRS- 2.4.11.27 Fault logs and reports shall be stored in individual PID's memory for one (1) month before Functional ISCS-SWRS-
020411-27 they are overwritten. Retention period for such logs and reports are subject to be programmable via 301040-23
the ISCS HMI.
ISCS-SysRS- 2.4.11.28 The ISCS HMI screen update shall not exceed 0.5 second between the operator Functional ISCS-SWRS-
020411-28 command and the display of the requested real-time updated information table. 401010-06
ISCS-SysRS- 2.4.11.29 On-screen performance management report generation on the ISCS HMI shall not exceed Functional ISCS-SWRS-
020411-29 fifteen (15) seconds. 401010-13
ISCS-SysRS- 2.4.11.30 The display of a fault alarm at the ISCS HMI shall not exceed two (2) seconds from the Functional ISCS-SWRS-
020411-30 time of the fault occurring. 401010-14
ISCS-SysRS- 2.4.11.31 Other operation information includes, current date and time, greeting messages, warning Functional ISCS-SWRS-
020411-31 messages and emergency messages sent from OCC, BOCC or local station via the ISCS HMI shall 301040-26
also be displayed. For special non-emergency operating messages, the bottom row shall be used to
display the special message. During emergency, messages shall be expanded to occupy the whole
PID screen.
ISCS-SysRS- 2.4.11.32 The PIDS software shall use a distributed design with maintenance terminal and Functional ISCS-SWRS-
020411-32 configuration terminal serving as system resilience support. Workstation features (delivery via ISCS 301040-27
HMI) shall include as a minimum the capability to add, modify, delete and change priority of ISCS-SWRS-
messages. Messages shall each have a priority indication and a PA system interface (via ISCS) 301040-28
status indicator if applicable. ISCS-SWRS-
301040-29
Page 123 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.11.33 All these supervision and regulation functions shall be automatic without the need of Functional ISCS-SWRS-
020411-33 human intervention. 301040-30
ISCS-SysRS- 2.4.12 Interface to TETRA Radio System [ISCS-SysRS-020412] Header Heading/
020412 Subheading
ISCS-SysRS- 2.4.12.1 It shall be possible for the user to login to the radio system via the ISCS HMI to avoid Functional ISCS-SWRS-
020412-01 multiple logins to each workstation. 301060-03
ISCS-SysRS- 2.4.12.2 The Radio System shall have central include but not be limited to: Functional ISCS-SWRS-
020412-02 301060
ISCS-SysRS- 1. Fifty (50) units of shall be equipped with GPS positioning features, (not included spare Functional ISCS-SWRS-
020412-02-01 capacity) and able to be displayed in the ISCS HMI with the “district map” which described in last 301060-01
clause, for pin-point the locations, equipment ID, heading direction, and orbits.
ISCS-SysRS- 2. Train-borne radio unit shall be equipped with GPS positioning features with TETRA Functional ISCS-SWRS-
020412-02-02 antenna and able to be displayed in the ISCS HMI with a “district map” display which covering 301060-02
routings and locations of RTS Link premises, for pin-point the train locations, equipment ID, speed,
heading direction, and orbits.
ISCS-SysRS- 2.4.13 Interface to Train-Borne Communication System [ISCS-SysRS-020413] Header Heading/
020413 Subheading
ISCS-SysRS- 2.4.13.1 The images of the VSS system must support playback via the ISCS HMI in OCC and Functional ISCS-SWRS-
020413-01 BOCC. 301090-04
ISCS-SysRS- 2.4.14 Interface to Automatic Fare Collection [ISCS-SysRS-020414] Header Heading/
020414 Subheading
2.4.14.1 Triggering of the AFC ESS shall automatically alert the operator at the PSC and OCC via
020414-01 302050-02
ISCS HMI. The ISCS HMI shall automatically activate the adjacent VSS in order to display the VSS
ISCS-SWRS-
images at the workstations.
301091-07
ISCS-SysRS- 2.4.14.2 The AFC WPC shall transfer the fault alarms and equipment operation status conditions via Functional ISCS-SWRS-
020414-02 dry contact to the ISCS. The required alarm conditions shall be discussed and agreed between both 302050-01
AFC WPC and COMMS WPC.
ISCS-SysRS- 2.4.14.3 The AFC WPC shall provide an emergency stop switch (dry contact) for the Passenger Info N/A
020414-03 Service Centre. The AFC WPC shall be responsible for the cabling from the Passenger Service (Hardware)
Centre to the ISCS marshalling panel.
ISCS-SysRS- 2.4.14.4 The COMMS WPC shall provide the terminal block complete with labelling tag inside the Info N/A
020414-04 marshalling panel for AFC equipment cabling termination. (Hardware)
Page 124 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.14.5 The COMMS WPC shall provide the required information (e.g. termination schedule) to the Info N/A
020414-05 AFC WPC to do termination work inside the marshalling panel. (Hardware)
ISCS-SysRS- 2.4.14.6 The AFC WPC shall be responsible to provide and install labelling tags and associated Info N/A
020414-06 accessories such as ferule on the AFC cabling in the marshalling panel. (Hardware)
ISCS-SysRS- 2.4.14.7 Both AFC WPC and COMMS WPC shall provide all the necessary interfaces between the Info N/A
020414-07 AFC and ISCS at the equipment rooms. (Hardware)
ISCS-SysRS- 2.4.15 Interface to Rolling Stock (RS) [ISCS-SysRS-020415] Header Heading/
020415 Subheading
ISCS-SysRS- 2.4.15.1 The ISCS shall automatically receive train health status data via the Wireless Data Functional ISCS-SWRS-
020415-01 Communication System when any event occurs. The frequency of transmission shall be proposed for 302060-01
review and acceptance by the Employer.
ISCS-SysRS- 2.4.15.2 The information and data exchange necessary to facilitate functional of Communication Functional ISCS-SWRS-
020415-02 system via Train-borne Radio System or/and train-borne Wi-Fi System shall be coordinated by the 302060-02
RS WPC with the COMMS WPC. In a data transfer protocol agreed by the WPCs, this information
shall contain, but not be limited to, the following:
1. Train Operation Mode – Auto or Manual mode
020415-02-01 302060-02-01
2. Front or rear driver cab activation
020415-02-02 302060-02-02
3. Rolling Stock health status
020415-02-03 302060-02-03
ISCS-SysRS- 4. Rolling Stock speed and position (information provided by Signalling System) via Functional ISCS-SWRS-
020415-02-04 Rolling Stock 302060-02-04
5. Train descriptors, including destination and identification
020415-02-05 302060-02-05
6. PEC activation and deactivation
020415-02-06 302060-02-06
ISCS-SysRS- 7. Critical train-borne communication equipment health status (list of equipment to be Functional ISCS-SWRS-
020415-02-07 monitored subject to approval by the Employer) 302060-02-07
ISCS-SysRS- 2.4.16 Interface to Uninterruptible Power System (UPS) [ISCS-SysRS-020416] Header Heading/
020416 Subheading
ISCS-SysRS- 2.4.16.1 Digital input and analogue input together with its specifications shall be provided if Info N/A
020416-01 hardwire interface is provided. (Hardware)
Page 125 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.4.16.2 The UPS WPC shall transfer the fault alarms and equipment operation status Functional ISCS-SWRS-
020416-02 conditions to the ISCS. The required alarm conditions shall be discussed and agreed between both 302110-01
UPS WPC and ISCS. The interface/point schedule shall be submitted to the Employer for review
and acceptance.
ISCS-SysRS- 2.4.17 Interface to Train Wash Plant (TWP)[ISCS-SysRS-020417] Header Heading/
020417 Subheading
ISCS-SysRS- 2.4.17.1 The status of Train Wash Plant (TWP) equipment shall be able to be remote monitored Functional ISCS-SWRS-
020417-01 by the ISCS HMI at OCC. 302090-01
ISCS-SysRS- 2.4.17.2 Digital input and analogue input together with its specifications shall be provided if Info N/A
020417-02 hardwire interface is provided.
ISCS-SysRS- 2.4.17.3 The DESV WPC shall transfer the fault alarms and equipment operation status conditions Info N/A
020417-03 to the ISCS. The required alarm conditions shall be discussed and agreed between both DESV WPC
and ISCS. The interface/point schedule shall be submitted to the Employer for review and acceptance.
ISCS-SysRS- 2.4.18 Self-Monitoring [ISCS-SysRS-020418] Header Heading/
020418 Subheading
ISCS-SysRS- 2.4.18.1 The ISCS shall provide continuous self-diagnosis and monitoring, including all Info ISCS-SWRS-
020418-01 peripheral devices, communication channels (including internal and interface communication links) 301120-01
and hardware (servers, workstations, IED/RTU/PLC, VCP), as a minimum.
ISCS-SysRS- 2.4.18.2 Any events or alarms generated by the self-monitoring shall be handled and/or Functional ISCS-SWRS-
020418-02 managed in accordance with the alarm management and performance requirements. 301120-02
ISCS-SysRS- 2.4.19 High Voltage System (HV) /Integrated Building Management System (iBMS)/ Header Heading/
020419 Electrical System (ES)/ Low Voltage System (LV) [ISCS-SysRS-020419] Subheading
ISCS-SysRS- 2.4.19.1 The hardwire configuration and the software protocol used for ISCS and Civil related Functional ISCS-SWRS-
020419-01 M&E shall be agreed by both WPCs. 302020-01
2.4.19.2 The COMMS WPC shall be responsible to do the software configuration on the ISCS.
020419-02 302020-02
ISCS-SysRS- 2.4.19.3 The COMMS WPC shall be responsible to develop the GUI of all related M&E system Info N/A
020419-03 I/O points on the ISCS HMI.
ISCS-SysRS- 2.4.20 Water Handling Equipment (WHE) [ISCS-SysRS-020420] Header Heading/
020420 Subheading
ISCS-SysRS- 2.4.20.1 The hardwire configuration and the software protocol used for ISCS and Civil related Info ISCS-SWRS-
020420-01 M&E shall be agreed by both WPCs. 302130-01
Page 126 of 171

Rev. No. 0.4.0

ID
2.4.20.2 The COMMS WPC shall be responsible to do the software configuration on the ISCS.
020420-02 302130-02
ISCS-SysRS- 2.4.20.3 The COMMS WPC shall be responsible to develop the GUI of all related M&E system Info N/A
020420-03 I/O points on the ISCS HMI.
ISCS-SysRS- 2.4.21 Communication Backbone Network (CBN) [ISCS-SysRS-020421] Header Heading/Subh
020421 eading
ISCS-SysRS- 2.4.21.1 The alarm and status monitoring functionality shall be provided through interfacing the Functional ISCS-SWRS-
020421-01 ISCS system to the CBN systems. 301010
ISCS-SysRS- 2.4.22 Master Clock System (MCS) [ISCS-SysRS-020422] Header Heading/Subh
020422 eading
ISCS-SysRS- 2.4.22.1 The alarm and status monitoring functionality shall be provided through interfacing the Functional ISCS-SWRS-
020422-01 ISCS system to the MCS system. 301080-01
ISCS-SysRS- 2.4.22.2 ISCS system shall synchronise with Master Clock source for the time and date via NTP Functional ISCS-SWRS-
020422-02 protocol. 301080-02
ISCS-SysRS- 2.5 System Functional Requirements [ISCS-SysRS-020500] Header Heading/
020500 Subheading
ISCS-SysRS- 2.5.1 General Overview [ISCS-SysRS-020501] Header Heading/
020501 Subheading
ISCS-SysRS- 2.5.1.1 The ISCS shall provide monitoring and/or control of the equipment, facilities at the Info N/A
020501-01 locations as required.
2.5.1.2 The ISCS system shall interface with all other rail systems for alarm and status monitoring,
020501-02 103000-01
and system control as defined by the system interfaces requirements.
020501-03 2.5.1.3 The ISCS HMI shall, as a minimum, provide all operator functions available within each of 102000-02
the interfaced systems required to achieve day to day operation. ISCS-SWRS-
103000-03
ISCS-SysRS- 2.5.1.4 The ISCS system shall be configured such that no credible single point of failure can cause Functional ISCS-SWRS-
020501-04 failure of monitoring and control functions of the System at its workstations. 401020-04
2.5.1.5 The development or engineering software shall be provided for Engineering Workstations.
020501-05
2.5.1.6 All development work can be tested before being put to runtime environment.
020501-06
Page 127 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.1.7 On-going development work shall not interfere with the operation of a live runtime Info N/A
020501-07 environment.
020501-08 206010-02
2.5.1.8 All user interface and system information must be presented in English.
ISCS-SWRS-
208000-02
020501-09 2.5.1.9 Any sub-system functionality required by the operator shall be incorporated in the ISCS 206010-02
such that the presentation of the functions and features are consistent across the ISCS HMI. ISCS-SWRS-
208000-02
ISCS-SysRS- 2.5.1.10 Users shall be able to control applications by directly manipulating symbols on a graphical Info N/A
020501-10 display representing real world equipment. It shall also provide a visual response to each action. The
function shall be achieved by a symbol or group of symbols being selected and an action being
performed on the selected symbols. This allows the user to see what elements are to be acted on
before performing the action.
ISCS-SysRS- 2.5.2 HMI Functionality [ISCS-SysRS-020502] Header Heading/
020502 Subheading
ISCS-SysRS- 2.5.2.1 Several ISCS Monitors or Visual Display Terminals (VDTs) are provided with the ISCS Functional ISCS-SWRS-
020502-01 workstations that work as one desktop area. 205060-01
ISCS-SysRS- 2.5.2.2 The HMI visual displays shall enable users to support incident management at any given Functional ISCS-SWRS-
020502-02 workstation. 205010-01
ISCS-SysRS- 2.5.2.3 All functionality and level of control and authority shall be determined by the user’s login Functional ISCS-SWRS-
020502-03 profile. 202010-01
ISCS-SysRS- 2.5.2.4 The functionality and level of control and authority shall not be limited by location and type Info N/A
020502-04 of hardware by default. However, it shall be configurable to define such limitation for better security
control if required.
ISCS-SysRS- 2.5.2.5 The level of control and authority of user profiles shall be pre-defined by the system Functional ISCS-SWRS-
020502-05 administrator. 202010-04
2.5.2.6 The system administrator shall have the authority to configure all user profiles.
020502-06 202010-05
ISCS-SysRS- 2.5.2.7 The HMI design shall have the capacity to drive multiple monitors simultaneously from any Info N/A
020502-07 individual operator workstation. Each operator workstation in the main control room shall have its own
set of (multi-monitor) displays.
Page 128 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.2.8 In order to produce well-designed, visually and functionally consistent Graphical User Info N/A
020502-08 Interfaces (GUI) for the system, it is essential to have a common Human Machine Interface (HMI)
design. The purpose of this section is to provide the HMI scope and to specify the design review
requirement for the designers and system providers. The scope includes the user interface design
principles, overall screen design layout, screen objects, user interaction and design review
requirements.
ISCS-SysRS- 2.5.2.9 The desktop area shall be able to be subdivided into split screens in order to Functional ISCS-SWRS-
020502-09 simultaneously display multiple graphical displays as required by the operator. 205060-02
2.5.2.10 The split screens shall be resizable by the operator.
020502-10 205060-02
ISCS-SysRS- 2.5.2.11 The software shall be able to have URL (uniform resource locator) hyperlinks anywhere on Info N/A
020502-11 the graphics pages.
ISCS-SysRS- 2.5.2.12 The ISCS shall ensure that only one “logged in” operator has authority over a defined area Functional ISCS-SWRS-
020502-12 of control and alarm acknowledgement, at any one time. 202010-06
ISCS-SysRS- 2.5.2.13 The HMI functionality for the ISCS shall allow full control over, and access to, all ISCS Functional ISCS-SWRS-
020502-13 functionality and data. 201010-01
2.5.2.14 This shall include, but not be limited to:
020502-14 201010-02
1. Controls
020502-14-01 201010-02-01
2. Event and alarm management functionalities
020502-14-02 201010-02-02
3. Control inhibition
020502-14-03 201010-02-09
4. Read/Write capability
020502-14-04 201010-02-11
5. Alarm inhibition
020502-14-05 201010-02-12
6. Automation, scheduling functionality
020502-14-06 201010-02-03
7. Printing
020502-14-07 201010-02-04
8. Database and Views configuration and management
020502-14-08 201010-02-05
Page 129 of 171

Rev. No. 0.4.0

ID
9. Access authority management
020502-14-09 201010-02-06
10. Backup and archiving management
020502-14-10 201010-02-07
11. Object Tagging (to support Permit to Work (PTW) arrangements)
020502-14-11 201010-02-08
12. LOTO
020502-14-12 201010-02-10
13. Object state forcing
020502-14-13 201010-02-13
ISCS-SysRS- 14. Software functions available within each of the sub-systems (as required to achieve Functional ISCS-SWRS-
020502-14-14 day to day operation). 201010-02-14
2.5.2.15 The HMI design shall support video feed interaction and audio interface functionality.
020502-15 201010-04
2.5.2.16 LOTO
020502-16 201031
ISCS-SysRS- 1. The HMI shall allow the operator to apply a LOTO procedure onto any controlled Functional ISCS-SWRS-
020502-16-01 equipment 201031-01
ISCS-SysRS- 2. The HMI shall display an indication of the applied LOTO on the corresponding Functional ISCS-SWRS-
020502-16-02 equipment symbol 201031-02
ISCS-SysRS- 3. The removal of LOTO shall be performed through an additional confirmation Functional ISCS-SWRS-
020502-16-03 procedure 201031-03
ISCS-SysRS- 4. All tagged, LOTO and inhibited equipment shall be listed in an operator navigable Functional ISCS-SWRS-
020502-16-04 view, with filtering capabilities 201010-04
ISCS-SysRS- Deleted N/A
2.5.2.17 Not Used
020502-17
ISCS-SysRS- 2.5.2.18 Both within a single HMI application and among various HMIs within the same system, Functional ISCS-SWRS-
020502-18 consistency is important. It must be possible to achieve coherence between different screens, as well 205040-01
as in the shape and colour of the symbols used.
ISCS-SysRS- 2.5.2.19 Applications shall provide feedback to users to indicate that the computer has received Functional ISCS-SWRS-
020502-19 their input. Feedback shall be provided to let the user know that the operation is being processed. 205050-01
ISCS-SysRS- 2.5.2.20 Types of visual feedback shall be appropriate to the situation in a simple form, such as a Functional ISCS-SWRS-
020502-20 pointer changing to an hourglass shape. More complex feedback may require the use of a feedback 205050-02
message in a message box.
Page 130 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.2.21 The feedback message shall be properly and consistently conveyed, especially in Functional ISCS-SWRS-
020502-21 informational and warning dialogues. 205050-03
ISCS-SysRS- 2.5.2.22 A warning message shall be given and shall require the user to take an explicit action for Functional ISCS-SWRS-
020502-22 any action that has irreversible negative consequences. 205050-04
ISCS-SysRS- 2.5.2.23 All messages, warnings, errors or information shall be consistently presented and be easily Functional ISCS-SWRS-
020502-23 distinguishable from one another. 205050-05
ISCS-SysRS- 2.5.2.24 The hourglass pointer shall be displayed after any user-initiated action that may take more Functional ISCS-SWRS-
020502-24 than one second to complete. 205130-02
2.5.2.25 ISCS WPC shall develop the methodology, design, and implementation of ISCS.
020502-25
ISCS-SysRS- 2.5.2.26 ISCS shall also conduct the detailed study for computation modelling and performance Info N/A
020502-26 proofing / studies of the Hyper-V.
ISCS-SysRS- 2.5.2.27 The system shall be designed so as to achieve the overall objective of providing instant Functional ISCS-SWRS-
020502-27 information for having meaningful action. The vital response times of time between a change of state 205050-06
at a remote station and its display at the OCC/BOCC, the time taken between initiation of a command
and its display on the OCC/BOCC, etc. shall be considered in the design to cater for the overall
equipment response time.
ISCS-SysRS- 2.5.2.28 The HMI user interface is designed with simplicity based on the concept of a common look Functional ISCS-SWRS-
020502-28 and feel to preserve consistency for easy to look at and easy to use interface. 404010-05
ISCS-SysRS- 2.5.2.29 This scope shall be read in conjunction with the HMI requirements as specified in the main Info N/A
020502-29 body of the appropriate PS.
ISCS-SysRS- 2.5.2.30 This scope shall be applied to equipment consisting of a Video Display Unit (VDU) to ensure Info N/A
020502-30 that the design is user friendly, easy to use, thoughtfully organised supporting effective and efficient
operations, and compatible with current industry’s Window standards.
ISCS-SysRS- 2.5.2.31 This scope applies to the VDU used in the Operations Control Centre, Backup Control Info N/A
020502-31 Centre, Depot Control Centre, Station Control Room, Incident Management Room, on board the Train
and within station premises wherever applicable. In addition, some of the equipment shall also be
used in training simulators.
Page 131 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.2.32 ISCS HMI GUI design for the ISCS display screens shall include all railway systems but Info ISCS-SWRS-
020502-32 not limited to the Building Management System (BMS), Environmental Control System (ECS), Tunnel 205070-04
Ventilation System (TVS), Power SCADA, VSS, Passenger Information Display System (PIDS), ISCS-SWRS-
Public Address System (PA System), Radio System, Central Transmission (CTS) and etc. 205070-04-01
ISCS-SWRS-
205070-04-02
ISCS-SWRS-
205070-04-03
ISCS-SWRS-
205070-04-04
ISCS-SWRS-
205070-04-05
ISCS-SWRS-
205070-04-06
ISCS-SWRS-
205070-04-07
ISCS-SWRS-
205070-04-08
ISCS-SWRS-
205070-04-09
ISCS-SysRS- 2.5.2.33 Each HMI workstation or equipment display shall be specifically designed to individual user Functional ISCS-SWRS-
020502-33 requirements dependent upon the requirements of each user’s role. 201010-01
ISCS-SysRS- 2.5.2.34 The HMI shall utilise a GUI for ease of use and to provide intuitive behaviour. The HMI Functional ISCS-SWRS-
020502-34 design shall achieve consistency and conformity across the whole interface in appearance and 201010-02
behaviour.
2.5.2.35 Consistency shall include the following:
020502-35 205040-02
ISCS-SysRS- 1. Similar components shall operate similarly and have similar uses. Components shall Functional ISCS-SWRS-
020502-35-01 be organised in a familiar manner. The user shall be able to quickly find the proper component for 205040-02-01
each task.
2. The same action shall always have the same result.
020502-35-02 205040-02-02
ISCS-SysRS- 3. The function of components shall not change based on context. The result of the Functional ISCS-SWRS-
020502-35-03 action may, however, change with context. 205040-02-03
Page 132 of 171

Rev. No. 0.4.0

ID
4. Common terminology, wording and symbols shall be used throughout.
020502-35-04 205040-02-04
ISCS-SysRS- 5. The position of components shall not change based on context. Components shall Functional ISCS-SWRS-
020502-35-05 not be removed and added, rather they shall be made functional or non-functional. This shall not 205040-02-05
apply to menus and other windows which are allowed to pop-up and pop-down.
ISCS-SysRS- 6. The position of the mouse pointer shall not warp, i.e., the application shall not move Functional ISCS-SWRS-
020502-35-06 the pointer. 205040-02-06
ISCS-SysRS- 7. Interaction is familiar, i.e., the same window shall have similar functionality in Functional ISCS-SWRS-
020502-35-07 different applications. 205040-02-07
ISCS-SysRS- 2.5.2.36 Display pages and symbol libraries shall be submitted to the Employer for review and Info ISCS-SWRS-
020502-36 approval. 404000-02
ISCS-SysRS- 2.5.2.37 The ISCS allow an operator with sufficient privileges to inhibited, suspended from the Functional ISCS-SWRS-
020502-37 scanning process, or forced to the required value to an alarm from a certain device, for example no 201030-01
alarms from this device are generated during maintenance of the device.
ISCS-SysRS- 2.5.2.38 Inhibition/scan suspension/forcing/LOTO will be notified on the display where the device Functional ISCS-SWRS-
020502-38 appears by icons, text or a change in colour. 201030-02
ISCS-SysRS- 2.5.3 Graphic Display [ISCS-SysRS-020503] Header Heading/
020503 Subheading
ISCS-SysRS- 2.5.3.1 The ISCS HMI Graphical User Interface shall provide a readily navigable series of display Functional ISCS-SWRS-
020503-01 pages to enable efficient operator usage of the ISCS connected systems, to enable efficient control 205010-02
and monitoring operations.
2.5.3.2 These display pages shall include, but not be limited to:
020503-02 205010-03
ISCS-SysRS- 1. geographical location dynamic displays showing the site or train layout, in plain view Functional ISCS-SWRS-
020503-02-01 and elevation, on to which the location of each item of monitored equipment is to be superimposed 205010-03-01
along with the associated equipment description and identification numbers. The geographical
coordinates shall be included in this view, if applicable
2. coordinated plan views representing all systems in a respective location
020503-02-02 205010-03-02
3. sub-system views
020503-02-03 205010-03-03
4. event/status and alarm lists
020503-02-04 205010-03-04
Page 133 of 171

Rev. No. 0.4.0

ID
5. dynamic graphical displays
020503-02-05 205010-03-05
6. dynamic symbols
020503-02-06 205010-03-06
7. equipment tags
020503-02-07 205010-03-07
8. executive summary of the RTS Link status for a quick display of key data
020503-02-08 205010-03-08
9. synoptic and schematic views of all controlled and monitored systems
020503-02-09 205010-03-09
10. help pages
020503-02-10 205010-03-10
ISCS-SysRS- 2.5.3.3 Monitored points shall be dynamically presented through appropriate symbols and Functional ISCS-SWRS-
020503-03 analogue displays. 205070-06
ISCS-SysRS- 2.5.3.4 The state of a displayed symbol shall always reflect the real time field status and shall Functional ISCS-SWRS-
020503-04 highlight, by means of a change in colour and an alarm, if the equipment has “lost communication” 205110-06
with the ISCS.
ISCS-SysRS- 2.5.3.5 The user interface shall feature simple point and click actions that minimises the use of Functional ISCS-SWRS-
020503-05 the keyboard. 205030-05
ISCS-SysRS- 2.5.3.6 It shall be possible to filter coordinated plan views for symbols pertaining to selected Functional ISCS-SWRS-
020503-06 systems and equipment types. 205090-01
ISCS-SysRS- 2.5.3.7 Access to all functions shall be quick, and “hot spots” shall be used as gateways between Functional ISCS-SWRS-
020503-07 functions and/or views. 205080-01
ISCS-SysRS- 2.5.3.8 The ISCS workstation display icons, graphic displays and pictorial representations shall Functional ISCS-SWRS-
020503-08 be harmonised across all sub-systems integrated into the ISCS. 205010-03
2.5.3.9 The sound file and volume for audio alerts shall be configurable by the operator.
020503-09 201040-01
ISCS-SysRS- 2.5.3.10 The user interface shall be designed and developed so as to provide a consistent look and Info ISCS-SWRS-
020503-10 feel to the operator for all functionalities and views within the ISCS, as defined in ISO 11064-5. The 104000-01
presentation shall allow the users to quickly assimilate all of the data available.
ISCS-SysRS- 2.5.3.11 All ISCS displays and GUI shall also undergo an ergonomic design approach in line with Info ISCS-SWRS-
020503-11 the Ergonomic & Human Factors Guidelines for Control Rooms and Control Centres and shall be 104000-02
compliant with the requirements for electronic visual displays in ISO 9241-303.
Page 134 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.3.12 Graphical layouts shall be developed based on coordinated CAD inputs with the Other Info ISCS-SWRS-
020503-12 WPCs, except were notified by the Employer 205010-05
ISCS-SysRS- 2.5.3.13 The Video Wall Display Panel (VWDP) shall be configurable to display the following, but Functional ISCS-SWRS-
020503-13 not limited to: 205073-01
1. Systems Network Overview
020503-13-01 205073-01-01
2. Critical Alarms
020503-13-02 205073-01-02
3. Changeover status
020503-13-03 205073-02-01
4. Selected alarms from other systems such as Power, fire and ventilation systems
020503-13-04 205073-02-02
ISCS-SysRS- 2.5.3.14 Each element, alarms, instructions shall be clearly readable in lighting of 550 lux to the Functional ISCS-SWRS-
020503-14 operator in OCC/BOCC. 205070-07
ISCS-SysRS- 2.5.3.15 The main display area shall allow an overview screen with important information to be Functional ISCS-SWRS-
020503-15 displayed. Access to a more detailed level or magnifying the graphical view shall be allowed in order 205070-02
to reveal more information on the same screen.
ISCS-SysRS- 2.5.3.16 The general screen shall, as a minimum, display the following: Functional ISCS-SWRS-
020503-16 205070-03
ISCS-SysRS- 1. Real time train movement using track sections status Functional ISCS-SWRS-
020503-16-01 205070-03-01
ISCS-SysRS- 2. Display location and train ID of moving train Functional ISCS-SWRS-
020503-16-02 205070-03-02
ISCS-SysRS- 3. Location of non-communicating train Functional ISCS-SWRS-
020503-16-03 205070-03-03
ISCS-SysRS- 4. Position of points (locking & detection) & status of routes Functional ISCS-SWRS-
020503-16-04 205070-03-04
ISCS-SysRS- 5. In addition, the following alarms shall be displayed on the projection panel: Functional ISCS-SWRS-
020503-16-05 205070-03-05
ISCS-SysRS- 1. Malfunction Power failure Functional ISCS-SWRS-
020503-16-05-01 205070-03-
05-01
Page 135 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2. Train Ready Functional ISCS-SWRS-
020503-16-05-02 205070-03-
05-02
ISCS-SysRS- 3. Blocking/ unblocking of points, route, signals and maintenance blocks Functional ISCS-SWRS-
020503-16-05-03 205070-03-
05-03
ISCS-SysRS- 4. Cycles in the terminal stations and intermediate turn back location Functional ISCS-SWRS-
020503-16-05-04 205070-03-
05-04
ISCS-SysRS- 5. Any other alarm required on operational considerations Functional ISCS-SWRS-
020503-16-05-05 205070-03-
05-05
020503-16-05-06 6. All indications mentioned in the relevant Particular Specification. 205070-03-
05-06
ISCS-SysRS- 2.5.3.17 Screen Objects - Windows Functional ISCS-SWRS-
020503-17 205060
ISCS-SysRS- 1. The HMI design shall follow the principle of multi-window screens. Windows can be Functional ISCS-SWRS-
020503-17-01 classified into primary windows and secondary windows. 205060-03
ISCS-SysRS- 2. A primary window consists of a border which defines its extent, a title bar and a menu Functional ISCS-SWRS-
020503-17-02 area. Other components such as tool bars and status bars may also be included. The primary 205060-04
window shall allow re-sizing and scroll bars shall provide access to virtual window areas that are
beyond the displayable area of the primary window.
ISCS-SysRS- 3. A secondary window is a result of an action carried out on a primary window and is Functional ISCS-SWRS-
020503-17-03 usually concerned with either gathering more information to complete a command or revealing more 205060-05
information as a result of a query command.
ISCS-SysRS- 2.5.3.18 Screen Objects - Menus and Control Buttons Functional ISCS-SWRS-
020503-18 205100
ISCS-SysRS- 1. The HMI shall be menu driven. In case of vital commands like that of remote control, Functional ISCS-SWRS-
020503-18-01 a double-checking facility shall be available for doubly ensuring the correctness of a command that 205100-01
has been input by the operator. Various help levels shall be available for assisting the operator. It
shall be possible to select the required option with the minimum number of operations.
Page 136 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2. A logical and easily understandable menu listing the commands available to the user Functional ISCS-SWRS-
020503-18-02 shall be provided. 205100-02
ISCS-SysRS- 3. Among different types of menus, the most commonly used are drop-down menus and Functional ISCS-SWRS-
020503-18-03 pop-up menus. 205100-03
ISCS-SysRS- 2.5.3.19 Screen Objects - The Use of Colours Functional ISCS-SWRS-
020503-19 205110
ISCS-SysRS- 1. To help the user to distinguish screen objects against the background of a window, Functional ISCS-SWRS-
020503-19-01 appropriate colour and contrast shall be employed. The use of colour shall be subject to Employer’s 205110-01
review and shall be determined during the design stages.
ISCS-SysRS- 2. The GUI shall be designed with visual consistency by using neutral colours over most Functional ISCS-SWRS-
020503-19-02 of its background and most common features. 205110-02
ISCS-SysRS- 3. Certain features in the GUI shall make use of bright colours and strong contrasts to Functional ISCS-SWRS-
020503-19-03 attract the user’s attention, e.g., when an alarm occurs. Different types of alarms shall be 205110-03
differentiated by the use of colour. Alarms shall be divided into different priorities and shall be
distinguished by different colours.
ISCS-SysRS- 4. Colour shall be used to provide additional differentiation among screen objects. Functional ISCS-SWRS-
020503-19-04 Differentiation shall also be achieved by using different shape and size and dynamic behaviour of 205110-04
screen objects.
ISCS-SysRS- 2.5.3.20 Screen Objects - Font and Text Design Functional ISCS-SWRS-
020503-20 205120
ISCS-SysRS- 1. The font type and size shall be designed such that at a suitable viewing distance, the Functional ISCS-SWRS-
020503-20-01 character can be viewed and distinguished clearly on a high-density, high-resolution VDU. Details of 205120-01
the font type and size shall be subject to Employer’s review and shall be determined during the
design stages.
ISCS-SysRS- 2. The character shall have a width of between 70% and 90% of its height. Functional ISCS-SWRS-
020503-20-02 205120-02
ISCS-SysRS- 3. The spacing of two words shall be one upper case character. Functional ISCS-SWRS-
020503-20-03 205120-04
ISCS-SysRS- 4. The spacing between two lines shall be at least 5% of the character height. Functional ISCS-SWRS-
020503-20-04 205120-05
ISCS-SysRS- 5. The stroke width shall be a minimum of 6% of the character height. Functional ISCS-SWRS-
020503-20-05 205120-06
ISCS-SysRS- 6. Upper- and lower-case text shall be used. The use of upper case shall be avoided Functional ISCS-SWRS-
020503-20-06 except for short captions, label or column headings. 205120-07
Page 137 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 7. Hyphenation of words that continue on the next line shall be avoided. Functional ISCS-SWRS-
020503-20-07 205120-08
ISCS-SysRS- 8. At least 10% of the character width shall be used for spacing between 2 characters. Functional ISCS-SWRS-
020503-20-08 205120-03
ISCS-SysRS- 2.5.3.21 Screen Objects - Curser and Pointer Functional ISCS-SWRS-
020503-21 205130
ISCS-SysRS- 1. A pointer is used to help the user to identify the object. The selection of the size and Functional ISCS-SWRS-
020503-21-01 its border colour shall be such that the pointer itself is easily seen on the screen among different 205130-01
objects.
ISCS-SysRS- 2. The hourglass pointer shall be displayed after any user-initiated action that may take Functional ISCS-SWRS-
020503-21-02 more than one second to complete. 205130-02
ISCS-SysRS- 3. The cursor shall be easily seen on the screen minimising the object area obscured by Functional ISCS-SWRS-
020503-21-03 the cursor. 205130-03
ISCS-SysRS- 2.5.3.22 User Interaction - Input Device and Navigation Functional ISCS-SWRS-
020503-22 205060
ISCS-SysRS- 1. The ISCS application may contain many windows. Each window shall receive input Functional ISCS-SWRS-
020503-22-01 from the keyboard, the mouse, touch screen, or a combination of these. The window which receives 205060-07
keyboard events has the input focus. Within each window, the keyboard focus determines which
component of the window gets each keyboard input. Only one window at a time can have the input
focus and that window shall be highlighted by a change of shade or colour to the window border.
Only one component of the window with input focus can have keyboard focus.
ISCS-SysRS- 2. The focus to be used for the HMI shall be explicit, that means, the user must explicitly Functional ISCS-SWRS-
020503-22-02 select which window the keyboard focus is applied to. 205060-08
ISCS-SysRS- 3. A mouse or tracker ball shall be used to manipulate the pointer. Functional ISCS-SWRS-
020503-22-03 205130-04
ISCS-SysRS- 4. User interface applications shall take input from mouse/tracker ball and touch screen Functional ISCS-SWRS-
020503-22-04 devices and from keyboards. 205130-05
ISCS-SysRS- 5. The ISCS application may have several main windows in operation simultaneously. Functional ISCS-SWRS-
020503-22-05 These windows may be displayed on one or more screens of a multi-screen workstation. The focus 205060-06
can be moved from one window to another either by activating the button that enabled the window,
by using a two key combination on the keyboard, or by selecting the window if part of it is visible.
ISCS-SysRS- 6. All menu commands shall be keyboard accessible, and all major system commands Functional ISCS-SWRS-
020503-22-06 shall be available from a menu. 205100-04
Page 138 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 7. Keyboard mnemonics and keyboard shortcuts shall be provided. The keyboard Functional ISCS-SWRS-
020503-22-07 mnemonics are the underlined characters in menu options or command names. 205100-05
ISCS-SysRS- 8. Navigation shall be designed as to be as easy and as logical as possible for the user. Functional ISCS-SWRS-
020503-22-08 When navigating inside a geographical area comprising multiple screens, facilities shall be provided 205080-02
for the user to move from one screen to the next both in the forward and reverse directions.
ISCS-SysRS- 2.5.3.23 The common and essential functions shall be presented in a clear and logical manner. Functional ISCS-SWRS-
020503-23 The more sophisticated and less frequently used functions shall be hidden from immediate view but 205030-02
constantly available.
ISCS-SysRS- 2.5.3.24 An HMI application shall be designed to allow users to personalise aspects of the interface Info ISCS-SWRS-
020503-24 such as colour and fonts. 205030-03
2.5.3.25 Screen Objects - Animation
020503-25 205140
1. The WPC shall provide animation models for Employer approval.
020503-25-01 205140-01
ISCS-SysRS- 2.5.3.26 The layout of the screen shall be consistent within an HMI application as well as across Functional ISCS-SWRS-
020503-26 different HMI applications. The presentation shall allow the users to quickly assimilate all of the data 205070-01
available.
ISCS-SysRS- 2.5.4 User Management [ISCS-SysRS-020504] Header Heading/
020504 Subheading
ISCS-SysRS- 2.5.4.1 The user management system shall ensure that only a “logged in” user can only be logged Functional ISCS-SWRS-
020504-01 in at any one time by default. 202010-06
2.5.4.2 Simultaneous login of the same user ID at different locations shall not be allowed.
020504-02 202040-03
2.5.4.3 User security shall support Windows Active Directory credentials.
020504-03
ISCS-SysRS- 2.5.4.4 The software shall have multiple levels of roles configured based on the types of users Info N/A
020504-04 and process areas. The system shall be able to incorporate the following indicative roles and
privileges:
1. Viewer / Trainee: View only
020504-04-01
ISCS-SysRS- 2. Operator: Change control modes (auto/manual), manual control of plant, alarm Info N/A
020504-04-02 acknowledgement & resetting, change of some set-points
Page 139 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 3. Shift Leader / Supervisor: All operational functions, alarm disable/enable. Creation of Info N/A
020504-04-03 custom trend group
ISCS-SysRS- 4. Engineer: Change of control loop tuning settings. Start-up and shutdown of servers. Info N/A
020504-04-04 Testing and Engineering development work
5. General Manager/ Chief Engineer: includes all the above roles
020504-04-05
ISCS-SysRS- 6. Contractor / System Integrator: Includes the above roles to facilitate the Info N/A
020504-04-06 development and troubleshooting of SCADA
7. System Administrator: Any other functions, access to audit logs
020504-04-07
ISCS-SysRS- 2.5.4.5 All operator actions, including alarm and control parameter changes, (e.g. controller Info N/A
020504-05 setpoints, alarm setpoints, control limits etc.), operator commands, and mode changes shall be stored
in audit trail records which shall be suitably protected from tampering and accessible only by System
Administrator.
ISCS-SysRS- 2.5.4.6 All login shall be configured to time-out (auto log-out) after the user is inactive for a period Functional ISCS-SWRS-
020504-06 of time. This time duration shall be adjustable by the System Administrators. 202040-04
ISCS-SysRS- 2.5.4.7 It shall be possible to configure the maximum login duration for any user account after Info N/A
020504-07 which the account shall be logged out automatically.
ISCS-SysRS- 2.5.4.8 A warning message shall appear to warn the user before being logged out of the system Functional ISCS-SWRS-
020504-08 automatically. This warning message time should be configurable. 202040-05
2.5.4.9 The user access management system shall have the following typical functions:
020504-09 202020-03
1. Definition of User Profiles
020504-09-01 202020-03-01
2. Definition of Users
020504-09-02 202020-03-02
020504-09-03 202020-03-03
4. Profiles Management
020504-09-04 202020-03-04
020504-09-04-01 1. Add/Remove Profiles 202020-03-
04-01
Page 140 of 171

Rev. No. 0.4.0

ID
020504-09-04-02 2. Defining profile permissions 202020-03-
04-02
020504-09-05 5. User management 202020-03-05
020504-09-05-01 1. Add/remove users 202020-03-
05-01
020504-09-05-02 2. Assignment of profiles to users 202020-03-
05-02
6. Centralised authentication service
020504-09-06 202020-03-06
ISCS-SysRS- 2.5.4.10 The area of authority shall dictate what the operator could do. An operator may have Functional ISCS-SWRS-
020504-10 multiple areas of authority. 203000-03
020504-11 202030-02
2.5.4.11 Each operator, identified by his password (and/or passphrase), shall have the ascertained ISCS-SWRS-
area(s) of authority by default. This default authority shall be used for each operator’s login. 202030-03
ISCS-SWRS-
202040-02
ISCS-SysRS- 2.5.4.12 There shall be an area of authority for the System Administrator, who has the right to Functional ISCS-SWRS-
020504-12 perform all systems related (both operating system and ISCS system) and engineering functions. 202030-04
ISCS-SysRS- 2.5.4.13 The System Administrator shall regard as a “super user” who has the rights to perform but Functional ISCS-SWRS-
020504-13 not be limited to the following: 202030-05
ISCS-SysRS- 1. To on-line modify the areas of authority for each operator (both temporarily and Functional ISCS-SWRS-
020504-13-01 permanently) 202030-05-01
2. To on-line add / delete / disable operator accounts
020504-13-02 202030-05-02
ISCS-SysRS- 3. To modify ISCS system functions (i.e. modify ISCS database, modify / create HMIs, Functional ISCS-SWRS-
020504-13-03 modify scan parameters, other administration functions) 202030-05-03
4. To perform operating system functions
020504-13-04 202030-05-04
Page 141 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.4.14 The Operations Administrator shall regard as a “super operations user” who has the rights Functional ISCS-SWRS-
020504-14 to perform but not be limited to the following: 202030-06
ISCS-SysRS- 1. To on-line modify the areas of authority for each operator (both temporarily and Functional ISCS-SWRS-
020504-14-01 permanently) 202030-06-01
2. To on-line add / delete operator accounts
020504-14-02 202030-06-02
2.5.4.15 Dynamic assignment on area(s) of authority shall be supported.
020504-15 202030-07
ISCS-SysRS- 2.5.4.16 The Administrators shall have the right to temporarily grant/remove area of authority for an Functional ISCS-SWRS-
020504-16 operator, the granted/removed area of authority shall remain active until the operator logs off. 202030-08
ISCS-SysRS- 2.5.4.17 ISCS HMIs shall be provided to monitor all logged-in users and their assigned areas of Functional ISCS-SWRS-
020504-17 authority and automatic log off enable / disable status. 202020-06
ISCS-SysRS- 2.5.4.18 All login, log off, automatic log off enable / disable, authority grant/removal activities, Functional ISCS-SWRS-
020504-18 together with the identification of the operator concerned, shall be logged in the event log. 205060-03
2.5.4.19 All control actions with the operator identifier shall be logged in the event log.
020504-19 205060-03
ISCS-SysRS- 2.5.4.20 The operator shall be allowed to log-in using his/her profile in the workstation at any location Functional ISCS-SWRS-
020504-20 to perform the control and monitoring functions as granted under the corresponding area of authority. 202020-07
ISCS-SysRS- 2.5.4.21 Control operation shall refer to any operation which results in the activation of an output Functional ISCS-SWRS-
020504-21 device. This shall include the control of field equipment, alarm acknowledgement, alarm inhibition, I/O 202030-09
point overridden, the generation of reports, and the output of data to printers or hard disks.
ISCS-SysRS- 2.5.4.22 A user database containing all operators together with the assigned area(s) of authority Functional ISCS-SWRS-
020504-22 shall be maintained. 202020-05
2.5.4.23 A login procedure shall be required before an operator can access the ISCS functions.
020504-23 202040-01
2.5.4.24 To assist the user to be in control, the following design issues shall be adopted:
020504-24
1. Flexibility – make choices available to the user
020504-24-01
2. Customisation – allow for personalised aspects of the interface
020504-24-02
3. Responsiveness – design with interactive and responsive behaviour
020504-24-03
Page 142 of 171
Rev. No. 0.4.0

ID
4. Direct manipulation of real-world objects
020504-24-04
ISCS-SysRS- 2.5.4.25 The HMI design shall have the flexibility to enable users to choose the methods of access Functional ISCS-SWRS-
020504-25 to functions based on experience, personal preference and circumstances. 205030-01
ISCS-SysRS- 2.5.4.26 The user access management system will allow for the creation of various operator profiles, Functional ISCS-SWRS-
020504-26 each of which determines the actions that an operator with that profile can execute. 202020-02
ISCS-SysRS- 2.5.4.27 Users will be able to manipulate symbols on a graphical display that represent real-world Info N/A
020504-27 equipment to control applications. Each action will be accompanied by a visual response. The function
will be achieved by selecting a symbol or group of symbols and performing an action on those
symbols. This enables the user to see which elements need to be acted on prior to taking action.
ISCS-SysRS- 2.5.4.28 The system administrator shall have the authority required to manage the user access Functional ISCS-SWRS-
020504-28 management system. 202020-04
ISCS-SysRS- 2.5.5 Events and Alarms [ISCS-SysRS-020505] Header Heading/
020505 Subheading
ISCS-SysRS- 2.5.5.1 The ISCS HMI shall provide event and alarm lists, and configurable active views to allow Functional ISCS-SWRS-
020505-01 visual and audible interaction with the system. 206030-01
ISCS-SysRS- 2.5.5.2 The Event Displays and Alarm Displays shall allow the operator to easily supervise and Functional ISCS-SWRS-
020505-02 control all alarms and incidents as they occur. 206030-10
2.5.5.3 Typical information shown in event and alarm displays shall be as follows:
020505-03 206030-02
1. Alarm Tag
020505-03-01 206030-02-01
2. Equipment Name
020505-03-02 206030-02-02
3. Alarm description
020505-03-03 206030-02-03
4. Alarm Severity
020505-03-04 206030-02-04
5. Activation date and time
020505-03-05 206030-02-05
ISCS-SysRS- 6. Actual status of the alarm (active unacknowledged, active acknowledged and Functional ISCS-SWRS-
020505-03-06 inactive unacknowledged) 206030-02-06
Page 143 of 171

Rev. No. 0.4.0

ID
7. Date and time of acknowledgement as applicable
020505-03-07 206030-02-07
ISCS-SysRS- 8. Text or symbol colour depends on severity. Unacknowledged alarms use flashing Functional ISCS-SWRS-
020505-03-08 text or symbol. 206030-02-08
9. Alarm Summary (active alarm count per sub-system, total active alarms)
020505-03-09 206030-02-09
ISCS-SysRS- 10. Filtered Alarm Summary (filtered alarm count per sub-system, total filtered alarms), Functional ISCS-SWRS-
020505-03-10 when applicable 206030-02-10
2.5.5.4 All columns displayed shall be able to be sorted on any of the displayed fields.
020505-04
2.5.5.5 An alarm banner containing the latest three alarms shall always be visible in all pages.
020505-05
ISCS-SysRS- 2.5.5.6 Alarms can be categorized to different severity levels to distinguish the different level of Functional ISCS-SWRS-
020505-06 attention required. 206040-05
ISCS-SysRS- 2.5.5.7 Alarms or events requiring the operator’s urgent response shall be made visible (blinking) Functional ISCS-SWRS-
020505-07 and audible. 206040-08
ISCS-SysRS- 2.5.5.8 The failure alarm shall be classified into different level of severity alarm and each alarm Functional ISCS-SWRS-
020505-08 level shall be shown on the HMI display using a different colour. 206080-01
ISCS-SysRS- 2.5.5.9 The visible and audible alarm alerts shall continue until the alarm is acknowledged or the Functional ISCS-SWRS-
020505-09 alarm is resolved. 206080-02
2.5.5.10 Operators can acknowledge alarms based on individual point or based on visible alarms.
020505-10
2.5.5.11 The system shall support a minimum of four severity levels.
020505-11
2.5.5.12 The alarm resolution shall support 0.1s or better.
020505-12
ISCS-SysRS- 2.5.5.13 It shall be configurable to define alarm response time based on alarm category. Thus, the Info N/A
020505-13 operator takes corrective action to avoid the consequence.
ISCS-SysRS- 2.5.5.14 Acknowledgement of alarm shall mute the audio alert, but the visual alert shall not be Functional ISCS-SWRS-
020505-14 resumed to normal until the alarm condition have been resolved. 206090-03
2.5.5.15 All resolved alarms shall be moved from active alarm display list and automatically be
020505-15 206060-01
inserted into the alarm history database. In order for an alarm to disappear from the Alarm Display it
ISCS-SWRS-
must have been acknowledged by the operator and have returned to the normal state.
206060-02
Page 144 of 171

Rev. No. 0.4.0

ID
ISCS-SWRS-
206060-03
ISCS-SysRS- 2.5.5.16 The alarm system shall provide alarm response procedures for operator to access when Info N/A
020505-16 alarm is triggered. The information should include:
1. Tag name & description
020505-16-01
2. Alarm description
020505-16-02
3. Alarm type
020505-16-03
4. Alarm setpoint
020505-16-04
5. Allowable response time
020505-16-05
6. Alarm class
020505-16-06
7. Additional info (potential causes, consequence on inaction, operator action)
020505-16-07
2.5.5.17 To manage nuisance alarms, alarms can be suppressed, shelved, or labelled out of service.
020505-17 206070
ISCS-SysRS- 1. Alarm suppression under Avalanche conditions shall suppress non-critical alarms to Functional ISCS-SWRS-
020505-17-01 avoid an excessive quantity of alarms in the Alarm Display due to the cascade effect of a high-level 206070-01
equipment failure or alarm.
ISCS-SysRS- 2. The avalanche alarm suppression conditions shall each be defined by Boolean logic Functional ISCS-SWRS-
020505-17-02 expressions of states of one or more equipment and shall be operator configurable. 206070-02
3. Multiple levels of alarm suppression shall be supported.
020505-17-03 206070-03
ISCS-SysRS- 4. The filtering level selected shall depend on the seriousness of the condition. The Functional ISCS-SWRS-
020505-17-04 operator shall have the ability to suppress different alarm severity levels at any time and shall be 206070-04
prompted by the monitor throughout the time when it is in force.
Page 145 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.5.18 It shall be possible to configure criteria of alarm that can perform alarm functions such as Info N/A
020505-18 shelved, suppressed, or out of service. Not all types of alarms can be bypass using this function. The
criteria can be: logic function (interlock actions, etc.), severity/priority, or tag.
ISCS-SysRS- 2.5.5.19 Alarms can be disabled or suppressed. The suppressed alarms page shall show, for all Info N/A
020505-19 disabled alarms, the date and time when each alarm was disabled, the username of the person who
disabled the alarm, and the reason for suppressing the alarm.
2.5.5.20 Clicking on an alarm shall allow the user to navigate to the relevant mimic page.
020505-20 206030-06
ISCS-SysRS- 2.5.5.21 Shelved alarms can be manually or automatically un-shelved. Automatic un-shelved alarms Info N/A
020505-21 are defined by shelve time setting.
2.5.5.22 Out of service alarms are alarms generated from maintenance or testing activities.
020505-22
2.5.5.23 The following information shall be recorded for each out-of-service alarm:
020505-23
1. Tag name
020505-23-01
2. Alarm type
020505-23-02
3. Approval details
020505-23-03
4. Details concerning interim alarms or procedures if required
020505-23-04
5. Reason for taking the alarm out of service
020505-23-05
ISCS-SysRS- 2.5.5.24 By pointing to the activated symbol in the alarm banner, the operator will be rapidly guided Functional ISCS-SWRS-
020505-24 to the relevant diagram display, where alarm acknowledgement can be performed. 206090-02
2.5.5.25 Operators shall be able to record the probable cause of an alarm into alarm logs.
020505-25
2.5.5.26 Alarm log shall be able to be exported to Microsoft Excel format file.
020505-26
ISCS-SysRS- 2.5.5.27 When alarms are triggered, operator shall be able to identify nearest devices to Info N/A
020505-27 check/monitor. These associated devices should be defined by operator.
Page 146 of 171

Rev. No. 0.4.0

ID
2.5.5.28 The system shall support alarm notification via SMS or email to different user groups.
020505-28
ISCS-SysRS- 2.5.5.29 If an alarm is not acknowledged and/or not normalized within a specified time, the alarm Info N/A
020505-29 notification is sent to next level of user groups for escalation.
ISCS-SysRS- 2.5.5.30 The system shall allow users with the authorized role and privilege to perform actions such Info N/A
020505-30 as acknowledge alarms, suppress alarms, shelve alarms etc.
ISCS-SysRS- 2.5.5.31 The alarm system shall be able to process alarm based on priority / severity level or Functional ISCS-SWRS-
020505-31 operational importance, so that higher priority alarms can capture operator’s attention first. 206040-05
ISCS-SysRS- 2.5.5.32 The ISCS shall collect and log the change of state and failure information for all connected Functional ISCS-SWRS-
020505-32 equipment and systems. 206010-01
ISCS-SysRS- 2.5.5.33 The ISCS shall automatically log all internal events, including operator actions and Functional ISCS-SWRS-
020505-33 configuration changes, providing a chronological record of all system interaction into an event log. 206050-01
2.5.5.34 The ISCS shall, as minimum, log internal events, such as operator actions:
020505-34 206050-02
1. Acknowledgement of alarms
020505-34-01 206050-02-01
2. Operator login/logout
020505-34-02 206050-02-02
3. Commands
020505-34-03 206050-02-03
4. ISCS Equipment Alarms
020505-34-04 206050-02-04
5. ISCS Communications alarm
020505-34-05 206050-02-05
6. Backup/archiving events
020505-34-06 206050-02-06
7. Run times of equipment
020505-34-07 206050-02-07
8. Analogue level alarms
020505-34-08 206050-02-08
9. Call history
020505-34-09 206050-02-09
10. Camera to Tile assignment
020505-34-10 206050-02-10
Page 147 of 171
Rev. No. 0.4.0

ID
11. Operator Log Book creation
020505-34-11 206050-02-11
ISCS-SysRS- 2.5.5.35 All events and alarms shall be recorded, and time tagged in the order of their occurrence Functional ISCS-SWRS-
020505-35 to allow evaluation of incidents. 206020-02
ISCS-SysRS- 2.5.5.36 The system shall allow multiple Event Displays and Alarm Displays to be opened at a given Functional ISCS-SWRS-
020505-36 time, each with different filters. 206030-03
ISCS-SysRS- 2.5.5.37 Each display shall be able to have independent filters applied to show only the required Functional ISCS-SWRS-
020505-37 information. 206030-04
2.5.5.38 These filters shall include the following typical criteria for each of the groups:
020505-38 206030-05
1. By Tag ID
020505-38-01 206030-05-01
2. By date and time range
020505-38-02 206030-05-02
3. By Control Zone
020505-38-03 206030-05-03
4. By Location
020505-38-04 206030-05-04
5. By device types
020505-38-05 206030-05-05
6. By particular system
020505-38-06 206030-05-06
7. By particular device
020505-38-07 206030-05-07
8. By alarm status
020505-38-08 206030-05-08
9. By severity/priority
020505-38-09 206030-05-09
ISCS-SysRS- 2.5.5.39 Any combination of these criteria shall be able to be applied to a given filter in order to Functional ISCS-SWRS-
020505-39 achieve the desired information display. 206030-06
2.5.5.40 In general, the states that an alarm can have shall be as follows:
020505-40 206090-04
Page 148 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 1. Unacknowledged Alarm: The alarm has recently occurred and has not been acknowledged by an Functional ISCS-SWRS-
020505-40-01 operator. Alarm colour flashing background and “On / Alarm Condition” text displayed (e.g. Out of 206090-04-01
Service).
ISCS-SysRS- 2. Acknowledge Alarm: The alarm still exists, and an operator has acknowledged it. Fixed alarm Functional ISCS-SWRS-
020505-40-02 colour background and “On / Alarm Condition” text displayed. 206090-04-02
ISCS-SysRS- 3. Unacknowledged Cleared: The alarm situation no longer exists but it has not been acknowledged Functional ISCS-SWRS-
020505-40-03 by an operator. Flashing alarm colour background and “Off / Normal Condition” text displayed (e.g. 206090-04-03
Online).
ISCS-SysRS- 4. Acknowledged Cleared: There is no alarm situation and there is no alarm pending Functional ISCS-SWRS-
020505-40-04 acknowledgement. It disappears from the display but remains available in the historical alarms log. 206090-04-04
ISCS-SysRS- 2.5.5.41 The display order in the alarm windows shall normally be from the most recent alarm to the Functional ISCS-SWRS-
020505-41 last, but it shall be possible to order the alarms displayed by other filter parameters. 206030-09
020505-42 2.5.5.42 A different colour and sound shall be able to be assigned to each different severity/priority 206080-04
of alarm. ISCS-SWRS-
205110-05
ISCS-SysRS- 2.5.5.43 The System shall allow the operator to export all historical logs onto removable media in Functional ISCS-SWRS-
020505-43 an open format, such as CSV, and to USB media using a single export icon allowing to choose the 206060-04
export destination path.
ISCS-SysRS- 2.5.5.44 The system shall be able to replay sequences of recorded events and alarms within an Functional ISCS-SWRS-
020505-44 operator specified time period from any workstation location. 212010-01
2.5.5.45 The system shall be able to define safety critical alarms.
020505-45
ISCS-SysRS- 2.5.5.46 The alarm system performance shall be monitored and can be measured against target Info N/A
020505-46 performance level.
ISCS-SysRS- 2.5.5.47 The alarm rate indicator indicates the overall health of the alarm system. The system shall Info N/A
020505-47 allow user to configure targeted alarm rate and if the alarm system exceeds the targeted alarm rate,
an alarm should be generated.
2.5.5.48 A recommended average alarm rate is 6 alarms per hour, 1 alarm per 10 minutes.
020505-48
ISCS-SysRS- 2.5.5.49 The peak alarm rate shall be calculated at 10 minutes interval over a period of one month Info N/A
020505-49 data. The recommended target performance is less than 1% of the 10 minutes interval should contain
more than 10 alarms.
Page 149 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.5.50 The system shall allow external applications to insert alarms or events into the system with Info N/A
020505-50 proper authorization control.
020505-51 2.5.5.51 All events and alarms shall be time stamped with reference to the system’s synchronised 206020-01
time. ISCS-SWRS-
301080-02
ISCS-SysRS- 2.5.5.52 Events shall be time tagged at the remote ISCS system collection point, PLC/RTU, or on Functional ISCS-SWRS-
020505-52 reception via a serial or Ethernet link (for connected systems). 206020-03
ISCS-SysRS- 2.5.5.53 The ISCS event and alarm system shall allow for the grouping of events and/or alarms by Functional ISCS-SWRS-
020505-53 zone, station or line. 206110-01
ISCS-SysRS- 2.5.5.54 The system shall be able to assign thresholds to each acquired analogue parameter and Functional ISCS-SWRS-
020505-54 generate alarms. 204010-02
ISCS-SysRS- 2.5.5.55 When the thresholds have been changed, they shall be entered on the event log and printed Functional ISCS-SWRS-
020505-55 out with both the old and new thresholds, and the name of the responsible operator. 204010-03
2.5.5.56 It shall be possible to acknowledge single or multiple alarms.
020505-56 206090-01
ISCS-SysRS- 2.5.5.57 A dedicated key shall be provided on the keyboard for the purpose of alarm silencing and/or Functional ISCS-SWRS-
020505-57 a soft key provided in the alarm window for the same purpose. 201040-02
ISCS-SysRS- 2.5.5.58 If shall be possible to allocate events/alarms to specific ISCS HMI operator according to Info N/A
020505-58 specific authority level / area of responsibility.
ISCS-SysRS- 2.5.5.59 The alarm system shall ensure the following design criteria, as a minimum are provided Functional ISCS-SWRS-
020505-59 for: 206010-05
1. Hierarchical alarm system
020505-59-01 206010-05-01
2. Minimise spurious alarms
020505-59-02 206010-05-02
3. Ensure all alarms are actionable
020505-59-03 206010-05-03
4. Identify and reduce spurious alarms
020505-59-04 206010-05-04
5. Reduce alarm storms
020505-59-05 206010-05-05
Page 150 of 171

Rev. No. 0.4.0

ID
6. The alarm text is clear
020505-59-06 206010-05-06
7. Allow additional alarm action information to be displayed
020505-59-07 206010-05-07
ISCS-SysRS- 2.5.5.60 The Alarm Management Strategy shall be submitted for review, and approved by, the Info ISCS-SWRS-
020505-60 Employer. 404000-05
2.5.5.61 The ISCS event and alarm system shall allow for events and alarms to be restricted or
020505-61 206010-08
allocated to a specific operator or workstation. The ISCS event and alarm restrictions shall depend on
ISCS-SWRS-
the combination of privileges both for display and acknowledgement.
206010-09
2.5.5.62 All audio alarms should be based on human factor studies.
020505-62 201040-03
ISCS-SysRS- 2.5.5.63 When an alarm occurs, it shall appear in the Alarm Display and the equipment’s Functional ISCS-SWRS-
020505-63 corresponding icon awaiting return to normal state or operator acknowledgement. 206010-07
2.5.5.64 The ISCS shall possess configurable alarm processing, in order to manage the following:
020505-64 206010-06
ISCS-SysRS- 1. The reduction of the number of alarms presented to the ISCS operator by Functional ISCS-SWRS-
020505-64-01 suppressing nuisance alarms and substituting a set of alarms with a single synthesised alarm 206010-06-01
corresponding to the severity of the highest aggregated alarm (avalanche alarm suppression
scenarios)
ISCS-SysRS- 2. Diagnose current situations occurring to convey a clearer idea of the condition Functional ISCS-SWRS-
020505-64-02 causing the alarms 206010-06-02
ISCS-SysRS- 3. Aggregate information: group alarms/events sharing the same root, to show ISCS Functional ISCS-SWRS-
020505-64-03 values before the incident 206010-06-03
ISCS-SysRS- 2.5.5.65 The WPC shall engage in a dialogue process with the Employer in order to determine and Info ISCS-SWRS-
020505-65 agree, by means of an Alarm Management Strategy, the alarm philosophy and management to be 206010-03
implemented within the ISCS.
2.5.5.66 The process shall consider the following aspects as a minimum:
020505-66 206010-04
1. Operator profiles and corresponding authorities
020505-66-01 206010-04-01
2. Alarm definition
020505-66-02 206010-04-02
Page 151 of 171

Rev. No. 0.4.0

ID
3. Alarm types (e.g. persistent, secure, transient) and their behaviour
020505-66-03 206010-04-03
4. Definition of safety critical alarms
020505-66-04 206010-04-04
5. Definition of alarm system performance
020505-66-05 206010-04-05
6. Alarm priority / severity rules and levels
020505-66-06 206010-04-06
7. Definition of colour coding
020505-66-07 206010-04-07
8. Audible alarm interaction
020505-66-08 206010-04-08
9. Interpretation of alarm patterns and alarm grouping/masking to reduce alarm storms
020505-66-09 206010-04-09
10. Allocation of roles for management
020505-66-10 206010-04-10
11. Alarm review procedures
020505-66-11 206010-04-11
12. Define process for managing and implementing changes to the alarm system
020505-66-12 206010-04-12
13. Logging and review of alarms to minimise spurious alarms
020505-66-13 206010-04-13
14. Tagging, inhibition and Log Book functionality
020505-66-14 206010-04-14
15. Categorisation/grouping of events/alarms
020505-66-15 206010-04-15
16. Allocation of events/alarms to specific ISCS HMI operator
020505-66-16 206010-04-16
17. Allocation of events/alarms to specific authority level / area of responsibility
020505-66-17 206010-04-17
ISCS-SysRS- 2.5.5.67 The ISCS system will acquire and display analogue parameters from the plant being Functional ISCS-SWRS-
020505-67 monitored. 204010-01
020505-68 2.5.5.68 All alarm will be logged and reported. 206040-01
Page 152 of 171

Rev. No. 0.4.0

ID
ISCS-SWRS-
208000-01
ISCS-SysRS- 2.5.5.69 Alarm lists will be provided to operators to provide them with warnings regarding changes Functional ISCS-SWRS-
020505-69 affecting their area of responsibility and to show what abnormalities are currently affecting it. 206040-02
ISCS-SysRS- 2.5.5.70 Only alarms relevant to an operator's user role will be presented to the operator as a Functional ISCS-SWRS-
020505-70 general philosophy. To display the most recent unacknowledged alarm, an alarm banner will be 206040-03
provided. When an unacknowledged alert occurs, this banner or window will consistently place on all
HMI displays, irrespective of screen display.
ISCS-SysRS- 2.5.5.71 It will be possible to assign any change of state/limit violation to the user based on alarm Functional ISCS-SWRS-
020505-71 priority, allowing the user to distinguish between the alarm's importance levels. A different colour will 206040-06
be used to represent different levels of prioritisation.
ISCS-SysRS- 2.5.5.72 The alerts will be presented in chronological order, with the most recent alarms at the top Functional ISCS-SWRS-
020505-72 of the row. One end of the alarm banner will have a number of unacknowledged alarms. 206040-07
2.5.5.73 The severity of failure alarm subject to be reviewed and acceptance by Employer.
020505-73 206080-05
ISCS-SysRS- 2.5.5.74 A robust and flexible alarm management system shall be implemented to manage the large Functional ISCS-SWRS-
020505-74 volume of alarms likely to be generated by the systems monitored by the ISCS system. 206010-09
ISCS-SysRS- 2.5.5.75 The System shall allow the operator to impose pre-set delays onto individual or groups of Functional ISCS-SWRS-
020505-75 inputs in order to mitigate the effect of intermittent alarms. 206100-01
ISCS-SysRS- 2.5.5.76 All inputs imposed with an operator pre-set delay shall be listed in an operator navigable Functional ISCS-SWRS-
020505-76 view, with filtering capabilities. 206100-02
ISCS-SysRS- 2.5.5.77 Alarm information shall include the date, time, source of the alarm origination and text Functional ISCS-SWRS-
020505-77 defining the alarm condition and equipment involved. 206040-04
ISCS-SysRS- 2.5.5.78 Each incoming alarm shall be classified within an alarm priority level, depending upon the Functional ISCS-SWRS-
020505-78 severity of the alarm condition and the urgency of Operator’s response required. 206040-05
ISCS-SysRS- 2.5.6 Database [ISCS-SysRS-020506] Header Heading/
020506 Subheading
ISCS-SysRS- 2.5.6.1 The system shall provide a real-time data server with read/write capability which ensures Info N/A
020506-01 that data is available, easy to access, accurate, and intact to 3rd party applications.
2.5.6.2 Older records of alarm and event logging shall be stored in an SQL database.
020506-02
Page 153 of 171

Rev. No. 0.4.0

ID
2.5.6.3 The software shall support ODBC compliant databases.
020506-03
ISCS-SysRS- 2.5.6.4 The SQL database shall be used to store long term historical data for alarms and event Info N/A
020506-04 logging, audit trail, and reporting data.
ISCS-SysRS- 2.5.6.5 It shall be configurable to define how much historical data are stored in the database for Info N/A
020506-05 each data type. The configuration parameter shall be specified in days.
2.5.6.6 Older data shall be automatically purged from the system without manual intervention.
020506-06
2.5.6.7 Not Used
020506-07
2.5.6.8 The system shall provide a function to backup and archive database.
020506-08
2.5.6.9 The system shall support backup and recovery of old data.
020506-09 207000-06-06
ISCS-SysRS- 2.5.6.10 In the event that the archive system cannot be updated, due to fault with the backup storage Functional ISCS-SWRS-
020506-10 device or the media is full, the ISCS itself must be able to buffer at least 24 hours of data. 207000-08
2.5.6.11 Buffered data shall also be retrievable by the operator.
020506-11 207000-09
ISCS-SysRS- 2.5.6.12 All tools and applications required for restoration of backed-up data shall be provided by Functional ISCS-SWRS-
020506-12 the WPC such that the data restoration process is intuitive. 207000-10
ISCS-SysRS- 2.5.6.13 A Database Management Plan shall be prepared to address how the database is to be Info N/A
020506-13 managed such that it does not become excessively large and complex. It shall also detail how the
database can be updated and modified.
ISCS-SysRS- 2.5.6.14 The ISCS database management is responsible for the data archiving function for storing Functional ISCS-SWRS-
020506-14 all alarms, events, audit trails, including the command of control and event initiated by the railway 207000-04
operator within the ISCS system.
ISCS-SysRS- 2.5.6.15 A backup solution for the ISCS Database for example, image files or clones of the hard Functional ISCS-SWRS-
020506-15 disk, and any necessary associated software shall be provided. 207000-11
ISCS-SysRS- 2.5.6.16 Analysis of the stored data shall be made by using any workstation connected to the Info ISCS-SWRS-
020506-16 system. 207000-05
ISCS-SysRS- 2.5.6.17 Use of the appropriate tools shall allow queries to be made for specific time periods, Info ISCS-SWRS-
020506-17 system equipment categories and location categories, as a minimum. 207000-12
Page 154 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.6.18 The alarm history storage database will have sufficient capacity to store the anticipated Functional ISCS-SWRS-
020506-18 alarm for a period of at least twelve (12) months without carrying out any housekeeping. 207000-01
2.5.6.19 The following typical functions will be available:
020506-19 207000-06
1. Historical analogue and digital value trend curves;
020506-19-01 207000-06-01
2. Event and alarm lists with filtering;
020506-19-02 207000-06-02
3. Internal events log;
020506-19-03 207000-06-03
4. Operation actions log;
020506-19-04 207000-06-04
5. Generation of reports; and
020506-19-05 207000-06-05
6. Backup and recovery of old data.
020506-19-06 207000-06-06
2.5.6.20 For the previous 365 days, all events, alarms, and analogue data will be retained.
020506-20 207000-07
ISCS-SysRS- 2.5.6.21 Both alarms and events occurring in the system shall be recorded in the historical Functional ISCS-SWRS-
020506-21 database for future viewing and analysis if required. 207000-13
ISCS-SysRS- 2.5.7 Changeover [ISCS-SysRS-020507] Header Heading/
020507 Subheading
ISCS-SysRS- 2.5.7.1 At locations where there is more than one ISCS workstation it shall be possible to transfer Functional ISCS-SWRS-
020507-01 an operator’s level of authority and area of responsibility to other operators, provided that the receiving 202050-02
operator’s authority level is sufficient, and the receiving operator actively accepts the transfer of
responsibility.
ISCS-SysRS- 2.5.7.2 OCC operators shall be able to transfer control to BOCC operators provided the receiving Functional ISCS-SWRS-
020507-02 operator’s authority level is sufficient and the receiving operator actively accepts the transfer of 202050-03
control, and vice versa.
ISCS-SysRS- 2.5.7.3 The transfer of control and area of responsibility shall be handled through an operator Functional ISCS-SWRS-
020507-03 protocol and password dialogue. 202050-04
ISCS-SysRS- 2.5.7.4 The operators shall be alerted to the fact that there has been a changeover or takeover by Functional ISCS-SWRS-
020507-04 means of a system Alarm. The system Alarm shall be sounded at the Control Centre accepting control 202050-05
and the Control Centre relinquishing control.
Page 155 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.7.5 The control changeover process shall be seamless and not result in the loss of any data Functional ISCS-SWRS-
020507-05 except for that relating to operator actions which were being carried out just prior to or at the moment 202050-06
of changeover and which had not yet been executed.
ISCS-SysRS- 2.5.7.6 A control changeover shall not result in the loss of current displays and there shall be no Functional ISCS-SWRS-
020507-06 effect on system performance following completion of a changeover. 202050-14
ISCS-SysRS- 2.5.7.7 Completion is the point at which all functions and indications become available to the Functional ISCS-SWRS-
020507-07 operators and a message shall be displayed at the ISCS workstation to clearly indicate the process 202050-07
has been completed.
ISCS-SysRS- 2.5.7.8 A user with special administrative rights shall be granted the authority to perform a hard Functional ISCS-SWRS-
020507-08 takeover of control, to be used in situations where a cooperative control changeover is no longer 202050-08
possible.
ISCS-SysRS- 2.5.7.9 Failovers of redundant equipment shall be automatic and seamless to the operator. The Functional ISCS-SWRS-
020507-09 affected equipment shall be isolated and new data paths shall be established to maintain the operation 215000-01
of the ISCS uninterrupted.
ISCS-SysRS- 2.5.7.10 No data shall be lost, and the operator shall not have to log in again. No disruption to the Functional ISCS-SWRS-
020507-10 operator shall be visible on the HMI. 215000-02
ISCS-SysRS- 2.5.7.11 The operator shall be notified of failover by means of an alarm and an indicator on the HMI Functional ISCS-SWRS-
020507-11 designating the active equipment. 215000-03
ISCS-SysRS- 2.5.7.12 There shall be facilities for invoking a manual switchover of redundant equipment by the Functional ISCS-SWRS-
020507-12 system administrator only. 202050-09
ISCS-SysRS- 2.5.7.13 The ISCS equipment at BOCC shall be a direct copy of that in the OCC and provide full Functional ISCS-SWRS-
020507-13 redundancy. 202050-15
ISCS-SysRS- 2.5.7.14 The OCC/BOCC Changeover procedure can be completed through a quick and concise Functional ISCS-SWRS-
020507-14 procedure, requiring less than 10 mouse clicks. 202050-10
2.5.7.15 The Employer shall be able to change the password as often as it is required.
020507-15 202050-12
ISCS-SysRS- 2.5.7.16 There shall be provision of a unique password (for the Takeover procedure) held by the Functional ISCS-SWRS-
020507-16 Employer’s senior management. 202050-11
ISCS-SysRS- 2.5.7.17 The Railway Systems shall be able to takeover 100% of the functionalities of the OCC to Functional ISCS-SWRS-
020507-17 the BOCC or vice versa through a secure procedure which can only be activated in case of an 202050-10
emergency.
ISCS-SysRS- 2.5.7.18 The WPC shall be responsible to study the OCC and BOCC change over operation, and Functional ISCS-SWRS-
020507-18 provide a report to Employer that shall cover of, but not limited to, the following items: 202050-13
Page 156 of 171
Rev. No. 0.4.0

ID
1. Manual switch over individual sub-systems
020507-18-01 202050-13-01
2. Failure on OCC
020507-18-02 202050-13-02
3. OCC server is down
020507-18-03 202050-13-03
4. Server change-over but operation remain at OCC and vice versa
020507-18-04 202050-13-04
5. OCC switchover to BOCC process
020507-18-05 202050-13-05
6. BOCC switch back to OCC process
020507-18-06 202050-13-06
ISCS-SysRS-020508 2.5.8 Logbook [ISCS-SysRS-020508] Header Heading/
Subheading
2.5.8.1 Logbooks are used by operators to leave messages during shift handover.
020508-01 213000-01
ISCS-SysRS- 2.5.8.2 When an operator login to a shift, the logbook window shall automatically appear so that Functional ISCS-SWRS-
020508-02 the messages logged by previous shift operator can be seen. 213000-06
ISCS-SysRS- 2.5.8.3 No further amendments or deletions shall be permitted once an operator has confirmed a Functional ISCS-SWRS-
020508-03 log entry. 213000-08
ISCS-SysRS- 2.5.8.4 For each individual event or alarm in the event and alarm lists, the ISCS HMI shall provide Functional ISCS-SWRS-
020508-04 an operator with a log Book annotation facility. 213000-05
2.5.8.5 These Logbooks shall not be lost in the event of ISCS crashes / changeovers.
020508-05 213000-02
ISCS-SysRS- 2.5.8.6 Annotations pertaining to an operator’s area of responsibility shall be viewable upon Functional ISCS-SWRS-
020508-06 operator login to facilitate operator shift handovers. 213000-07
2.5.8.7 All operator log creations shall be logged as an event in the system.
020508-07
2.5.8.8 A Logbook facility shall be provided for each user profile.
020508-08 213000-04
ISCS-SysRS- 2.5.8.9 The Log Book shall have the same editing functionality as modern commercial off the Functional ISCS-SWRS-
020508-09 shelf word processing packages, at least equivalent to Microsoft Windows WordPad editor. 213000-03
Page 157 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.8.10 The WPC shall liaise with the Employer to acquire all required actions and processes to Functional ISCS-SWRS-
020508-10 be included in the logbook. These actions shall include but not be limited to equipment out of service, 213000-10
Possession, Written Orders, etc.
ISCS-SysRS- 2.5.9 Printing [ISCS-SysRS-020509] Header Heading/
020509 Subheading
ISCS-SysRS- 2.5.9.1 All types of information provided in the ISCS system such as operation, alarms, events, Functional ISCS-SWRS-
020509-01 reports, graphs; both current and recovered from archive, shall be able to be printed. 214000-01
ISCS-SysRS- 2.5.9.2 Operators shall be able to print filtered lists, with clear indication of the filter parameters Functional ISCS-SWRS-
020509-02 applied. 214000-02
020509-03 2.5.9.3 The operators shall be able to define the start and end points in any list (e.g. LogBook 213000-09
entries, Event Logs etc.) in terms of message identity numbers or date/time stamps. ISCS-SWRS-
206120-01
ISCS-SysRS- 2.5.9.4 Printers shall be under the control of a print management facility which provides spooling Functional ISCS-SWRS-
020509-04 such that print requests do not disable operator interaction at a Workstation whilst printing is taking 214000-03
place.
ISCS-SysRS- 2.5.9.5 The WPC shall supply all required printers at the OCC and BOCC, including any large Functional ISCS-SWRS-
020509-05 format plotters required for train graphs etc. 214000-05
ISCS-SysRS- 2.5.9.6 Printers and plotters provided by COMMS WPC shall be shared among all systems Functional ISCS-SWRS-
020509-06 requiring the print service, including Signalling System, MMS and others. 214000-06
ISCS-SysRS- 2.5.10 Trending [ISCS-SysRS-020510] Header Heading/
020510 Subheading
ISCS-SysRS- 2.5.10.1 The ISCS system shall be able to display both real-time and historical data values in text Functional ISCS-SWRS-
020510-01 and graph/trend. Details of pre-defined trends, graphs and historical content shall be submitted during 209000-01
final design to the Employer for approval.
2.5.10.2 The system shall allow pre-defined trends to be configured.
020510-02 209000-02
2.5.10.3 The pre-defined trends can be selected by the operators.
020510-03 209000-02
ISCS-SysRS- 2.5.10.4 The ISCS shall also provide freely definable displays for the operators to construct trend Functional ISCS-SWRS-
020510-04 displays and graphs through a pro-forma screen. 209000-03
ISCS-SysRS- 2.5.11 Programming Tool [ISCS-SysRS-020511] Header Heading/
020511 Subheading
Page 158 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.11.1 The ISCS software shall provide a programming tool that supports software programming Info ISCS-SWRS-
020511-01 such as function block diagrams, structured text, or ladder diagrams. 104000-03
ISCS-SysRS- 2.5.12 Automation, Scheduling and Calculation [ISCS-SysRS-020512] Header Heading/
020512 Subheading
ISCS-SysRS- 2.5.12.1 The ISCS system shall provide scheduler that can manage task execution based on a Functional ISCS-SWRS-
020512-01 specific calendar, event/alarm/set point occurrence, error condition. 203000-06
ISCS-SysRS- 2.5.12.2 The software shall allow the operator the possibility to program a series of commands to Functional ISCS-SWRS-
020512-02 be performed sequentially, save them with a given identifier and subsequently execute them in the 203000-01
same order as they were programmed, upon specific conditions.
ISCS-SysRS- 2.5.12.3 A command sequence shall comprise of a series of command outputs which are executed Functional ISCS-SWRS-
020512-03 sequentially but are initiated by a single command output. 203000-05
ISCS-SysRS- 2.5.12.4 The command sequences shall be executed manually, using the application, or Functional ISCS-SWRS-
020512-04 automatically in response to system events (alarms, changes of state). 203000-09
2.5.12.5 The automation scheduler shall have the following typical functions:
020512-05 203000-02
1. Definition of complex and repetitive sequences
020512-05-01 203000-02-01
2. Selection of orders on devices and management execution order
020512-05-02 203000-02-02
3. Definition of actions in case of error for each command
020512-05-03 203000-02-03
4. Disabling of individual commands from a command sequence list
020512-05-04 203000-02-04
5. Definition of execution conditions for each action
020512-05-05 203000-02-05
6. Created sequences can be used as actions in other sequences
020512-05-06 203000-02-06
7. Different method of activation;
020512-05-07 203000-02-07
020512-05-07-01 1. Manual activation 203000-02-
07-01
Page 159 of 171

Rev. No. 0.4.0

ID
020512-05-07-02 2. Programmed activation 203000-02-
07-02
ISCS-SysRS- 2.5.12.6 The sequences shall be able to be created, modified and deleted as and when required Functional ISCS-SWRS-
020512-06 by operators, dependent on the operator profile. 203000-03
ISCS-SysRS- 2.5.12.7 It shall also be possible to record operator actions, store the recorded sequence and then Functional ISCS-SWRS-
020512-07 run the recorded sequence as a command sequence. 203000-04
2.5.12.8 Each sequence shall also incorporate the appropriate privileges for each user.
020512-08 203000-10
ISCS-SysRS- 2.5.12.9 The system shall perform calculations using received analogue or status/alarm data, in Functional ISCS-SWRS-
020512-09 order to generate synthesised status or alarms, or affect a colour change of an object on a workstation 203000-07
view, for example.
ISCS-SysRS- 2.5.12.10 The system shall be able to transmit the calculation result or synthesised object status or Functional ISCS-SWRS-
020512-10 command, to any connected system. 203000-08
ISCS-SysRS- 2.5.12.11 The system shall be able to use the calculation result or synthesised object status as part Functional ISCS-SWRS-
020512-11 of any automation or scheduling process. 203000-08
ISCS-SysRS- 2.5.13 Reporting [ISCS-SysRS-020513] Header Heading/
020513 Subheading
2.5.13.1 The ISCS system shall provide reporting tool to generate summary of system data.
020513-01
ISCS-SysRS- 2.5.13.2 Reports can be generated automatically or manually according to pre-defined reports or Info N/A
020513-02 customized reports.
2.5.13.3 The reports can be emailed to specific users if desired.
020513-03
ISCS-SysRS- 2.5.13.4 Report generation facilities shall be provided in the ISCS to enable operators to perform Functional ISCS-SWRS-
020513-04 the following functions: 208000-03
1. Construct reports
020513-04-01 208000-03-01
2. Set-up pro-forma type reports
020513-04-02 208000-03-02
3. Generate pre-defined reports
020513-04-03 208000-03-03
Page 160 of 171

Rev. No. 0.4.0

ID
4. Store, archive and retrieve reports
020513-04-04 208000-03-04
5. View reports
020513-04-05 208000-03-05
6. Print reports (automatically, periodically or on request)
020513-04-06 208000-03-06
7. Export reports, eg. CSV
020513-04-07 208000-03-07
2.5.13.5 It shall be possible to construct reports which include any of the following:
020513-05 208000-04
1. Real time data
020513-05-01 208000-04-01
2. Stored or archived data
020513-05-02 208000-04-02
3. Descriptive text, including but not be limited to, titles, page header, footer
020513-05-03 208000-04-03
4. Data derived by manipulation of any of the above
020513-05-04 208000-04-04
ISCS-SysRS- 2.5.13.6 The system shall report the number of failures and system downtime over a configurable Functional ISCS-SWRS-
020513-06 period for each monitored sub-system. 208000-05
ISCS-SysRS- 2.5.13.7 Reports shall be available in a removable storage medium to assist in the preparation of Functional ISCS-SWRS-
020513-07 the following: 208000-08
1. Reports on incidents
020513-07-01 208000-08
2. Reports on outstanding permits to work
020513-07-02 208000-08
ISCS-SysRS- 2.5.13.8 At least 10 different types of pre-defined report templates shall be provided by the WPC Info ISCS-SWRS-
020513-08 for the Employer’s approval. 208000-07
ISCS-SysRS- 2.5.14 Help Functionality [ISCS-SysRS-020514] Header Heading/
020514 Subheading
ISCS-SysRS- 2.5.14.1 The ISCS HMI shall have an intuitive help system which shall provide help not only on Functional ISCS-SWRS-
020514-01 the ISCS systems but also on all other sub systems which are integrated into the ISCS HMI such that 210000-02
an operator only needs to utilise one help system to resolve all foreseeable issues. The Help facility
shall allow the user to refer to a particular operation without searching for the hard copy of the manual.
Page 161 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.14.2 Application help shall be available to the operator to provide context sensitive help in Functional ISCS-SWRS-
020514-02 operation of the ISCS and sub systems. 210000-03
2.5.14.3 The help facility shall allow users to customize texts to build a wiki database with;
020514-03 210000-06
1. Alarm codes
020514-03-01 210000-06-01
2. Descriptions
020514-03-02 210000-06-02
3. Suggested fault resolution actions including priorities
020514-03-03 210000-06-03
The wiki database shall allow future updates by the system administrator.
020514-03 210000-06
ISCS-SysRS- 2.5.14.4 The ISCS HMI shall also provide a “scenario” help function to the operators, in order to Functional ISCS-SWRS-
020514-04 assist them when a specific incident occurs. The “scenario” help procedures shall be able to be 210000-04
modified, expanded and upgraded by the operator administrator, as actual operating experience ISCS-SWRS-
accumulates. 210000-05
ISCS-SysRS- 2.5.15 Decision Support System [ISCS-SysRS-020515] Header Heading/
020515 Subheading
ISCS-SysRS- 2.5.15.1 A Decision Support System shall be provided to aid an ISCS operator in responding to Functional ISCS-SWRS-
020515-01 abnormal situations that may arise within the system. 210000-07
ISCS-SysRS- 2.5.15.2 The DSS shall guide the operator through the individual steps involved in the response Functional ISCS-SWRS-
020515-02 procedure and help the operator to take corrective actions that are appropriate in the circumstances. 210000-08
ISCS-SysRS- 2.5.16 Training Simulator [ISCS-SysRS-020516] Header Heading/
020516 Subheading
ISCS-SysRS- 2.5.16.1 The Training Simulator shall include all features available in the operational system, and Functional ISCS-SWRS-
020516-01 simulate all HMI functions, graphics, and responses. 212000-01
ISCS-SysRS- 2.5.16.2 The Training Simulator shall be able to retrieve data from the operational system but shall Functional ISCS-SWRS-
020516-02 not be able to write any data onto that system. 212000-02
2.5.16.3 The Training Simulator shall be able to use retrieved data to build training scenarios.
020516-03 212000-03
2.5.16.4 The Training Simulator shall include a trainer’s workstation and trainee workstations.
020516-04 212000-05
Page 162 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 2.5.16.5 The Training Simulator shall be able to reproduce all O&M operational scenarios Functional ISCS-SWRS-
020516-05 possible on the RTS Link. 212000-04
ISCS-SysRS- 2.6 System Mode of Operation [ISCS-SysRS-020600] Header Heading/
020600 Subheading
ISCS-SysRS- 2.6.1 Normal Mode Operation [ISCS-SysRS-020601] Header Heading/
020601 Subheading
ISCS-SysRS- 2.6.1.1 Under normal operation, all operations shall be controlled from the Operations Control Non-functional ISCS-SWRS-
020601-01 Centre (OCC). 401020-01
ISCS-SysRS- 2.6.2 Degraded Mode Operation [ISCS-SysRS-020602] Header Heading/
020602 Subheading
ISCS-SysRS- 2.6.2.1 The ISCS architecture shall be designed to be fault tolerant, to maintain system Info N/A
020602-01 functionality when parts of the system have failed (graceful degradation).
ISCS-SysRS- 2.6.2.2 In the event of a redundant link and / or equipment failure, an alarm shall be raised to alert Functional ISCS-SWRS-
020602-02 the operator and maintainer. 215000-04
ISCS-SysRS- 2.6.2.3 Failure or unavailability of the ISCS system shall not impact the ability of the interfaced Non-functional ISCS-SWRS-
020602-03 subsystems from achieving their intended functionality. 401020-12
ISCS-SysRS- 2.6.2.4 In the event of a complete failure or unavailability of the OCC, the system shall be able to Non-functional ISCS-SWRS-
020602-04 be operated from the BOCC. 401020-13
ISCS-SysRS- 2.6.2.5 In the event of failure or unavailability of a remote ISCS workstation, the functionality of Non-functional ISCS-SWRS-
020602-05 the said workstation shall be available at the OCC and BOCC. 401020-14
ISCS-SysRS- Non-functional ISCS-SWRS-
2.6.2.6 No system data shall be lost in the event of a system failure, shutdown or power loss.
020602-06 401020-10
ISCS-SysRS- 2.6.2.7 In the event of a power failure, the system shall resume service without manual intervention Non-functional ISCS-SWRS-
020602-07 once power is restored. 401020-11
ISCS-SysRS- 2.6.2.8 In the event of a core ISCS equipment shutdown or restart, it shall not take more than 10 Non-functional ISCS-SWRS-
020602-08 minutes for the core equipment to be restored and synchronized to all redundant equipment, 401010-04
RTU/PLC/IED, and interfaced systems.
ISCS-SysRS- 2.6.2.9 The ISCS system in degraded mode shall continue interface to the systems specified in Info N/A
020602-09 Section 2.4.
ISCS-SysRS- 2.6.2.10 The design of the ISCS system architecture shall ensure that no data is lost due to failure Non-functional ISCS-SWRS-
020602-10 of any part of the system, whether hardware, software or communications failure. 401020-15
ISCS-SysRS- 2.7 System Maintenance Functionality [ISCS-SysRS-020700] Header Heading/
020700 Subheading
Page 163 of 171
Rev. No. 0.4.0

ID
ISCS-SysRS- 2.7.1 Maintenance Management [ISCS-SysRS-020701] Header Heading/
020701 Subheading
ISCS-SysRS- 2.7.1.1 The ISCS shall include all necessary tools and licenses to allow configuration and Functional ISCS-SWRS-
020701-01 modification of, and additions to, the database, the workstation views, and the Operating System. 211000-04
ISCS-SysRS- 2.7.1.2 The ISCS shall allow the Employer to fully edit the ISCS system configuration, in the event Functional ISCS-SWRS-
020701-02 of modifications to the monitored and controlled infrastructure. 211000-01
ISCS-SysRS- 2.7.1.3 Configuration of any distributed ISCS equipment shall be possible from the OCC and Functional ISCS-SWRS-
020701-03 BOCC. 211000-02
2.7.1.4 ISCS Maintenance workstations shall be provided with:
020701-04 211000-03
1. Capability to perform configuration and modification of the ISCS HMI and database
020701-04-01 211000-03-01
2. Capability to perform maintenance and diagnostic activities for all ISCS equipment
020701-04-02 211000-03-02
2.7.1.5 All configuration and management functions shall be subject to sufficient login privileges.
020701-05 202010-08
ISCS-SysRS- 2.7.2 Remote Access [ISCS-SysRS-020702] Header Heading/
020702 Subheading
ISCS-SysRS- 2.7.2.1 Remote access to the ISCS for diagnostics and maintenance investigations shall be Non-functional ISCS-SWRS-
020702-01 possible from any location within the RTS Link via the CBN, subject to sufficient login privileges. 402000-03
ISCS-SysRS- 3 System Safety Requirements [ISCS-SysRS-030000] Header Heading/
030000 Subheading
ISCS-SysRS- 3.1 General [ISCS-SysRS-030100] Header Heading/
030100 Subheading
The following statements detail on general safety requirement for ISCS;
030100
ISCS-SysRS- 1. System Safety Demonstration activities and methods shall comply with IEC 61508. Where an Info N/A
030101 alternative method is explicitly stated in the PS, the Contract may adopt the alternative method.
However, the alternative method to be adopted shall be subject to approval by and at the discretion
of the Employer.
ISCS-SysRS- 2. Where software is involved, demonstration of the Software SIL (SSIL) shall be performed in Info N/A
030102 accordance with EN 50128 or the method detailed in HSE report “Methods for assessing the safety
integrity of safety-related software of uncertain pedigree (SOUP)”, reference CRR337 HSE Books
2001 /SBN O 7176 2011 5.
Page 164 of 171

Rev. No. 0.4.0

ID
3. The WPC shall submit a System Safety Demonstration Report (SSR).
030103 403000-04
ISCS-SysRS- 3.1.1 EN 50128 [ISCS-SysRS-030101] Header Heading/
030101 Subheading
ISCS-SysRS- 3.1.1.1 All software to be developed shall follow the standardization requirements of EN 50128:2011 Info ISCS-SWRS-
030101-01 + A2:2020 (Railway applications. Communication, signalling and processing systems - Software for 403000-03
railway control and protection systems) according to the SIL level determined.
ISCS-SysRS- 3.1.1.2 The Software Quality Assurance Plan (SQAP) shall define the techniques and measures to Info N/A
030101-02 be applied for the software development. For each installation of modified software to live system, a
software release note, an installation method statement, and a system safety certificate shall be
submitted to the Employer at least seven (7) days prior to the installation. The software release note
shall provide details of the modified software, while the method statement shall identify the
schedule, installation procedure, impact to the operational system, and the fall back procedures.
ISCS-SysRS- 3.1.1.3 The WPC shall produce Software Integration Test Specification to fully detail out how all Info N/A
030101-03 systems shall be integrated into the ISCS.
ISCS-SysRS- 3.2 Safety Integrity Level [ISCS-SysRS-030200] Header Heading/
030200 Subheading
ISCS-SysRS- Safety Integrity Level (SIL) is defined as a relative levels of risk-reduction provided by a safety Info N/A
030200 function. In the functional safety standards based on the EN 50128 standard, 5 SILs are defined,
with SIL 4 the most dependable and Basic Integrity the least.
The applicable SIL and safety functions for Xentral as the ISCS solution are specified in the
following section.
Software requirements that are involved in delivering the safety functions defined in section 3.3 with
SIL 1 and above shall be marked with the determined SIL level. All other requirements with no SIL
level specified are assumed to be Basic Integrity SIL level.
ISCS-SysRS- 3.3 Safety Functions [ISCS-SysRS-030300] Header Heading/
030300 Subheading
ISCS-SysRS- Details of the SIL apportionment and frequency reduction strategy are presented in the external Non-functional ISCS-SWRS-
030300 reference Safety Integrity Level Determination Report RTS-SY03-SYS-GRA-REP-00003. 403000-02
In summary, the identified safety functions for Xentral as the ISCS and their corresponding SIL are
shown in below.
ISCS-SysRS- 3.4 Safety Related Software Component [ISCS-SysRS-030400] Header Heading/
030400 Subheading
Page 165 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- All safety related software components involved in performing safety functions shall be identified Info N/A
030400 and described in the Xentral Software Design Specification.
The safety related software components should be designed in the modular approach to minimize
the complexity of the software.
ISCS-SysRS- 4 Non-Functional Requirements [ISCS-SysRS-040000] Header Heading/
040000 Subheading
ISCS-SysRS- 4.1 Performance Requirements [ISCS-SysRS-040100] Header Heading/
040100 Subheading
ISCS-SysRS- 4.1.1 System Capacity and Loading [ISCS-SysRS-040101] Header Heading/
040101 Subheading
ISCS-SysRS- 4.1.1.1 Under normal or degraded modes, the CPU loading of any core equipment shall be less Non-functional ISCS-SWRS-
040101-01 than 35% on average when measured over a period of 5 minutes. 401030-01
ISCS-SysRS- 4.1.1.2 Under emergency conditions, the CPU loading of any core equipment shall be less than Non-functional ISCS-SWRS-
040101-02 70% on average when measured over a period of 5 minutes. 401030-02
ISCS-SysRS- 4.1.1.3 Buffering shall be controlled so that a full buffering condition shall not cause the system to Non-functional ISCS-SWRS-
040101-03 become unavailable. 401030-03
4.1.1.4 The system shall properly update all requisite graphical displays and remain responsive
040101-04 401010-07
while processing a continuous throughput of 100 alarms per second, and a burst of 1,500 alarms per
ISCS-SWRS-
second over 10 seconds, without the operator noticing any reduction in performance.
401030-04
ISCS-SysRS- 4.1.3 General [ISCS-SysRS-040102] Header Heading/
040102 Subheading
ISCS-SysRS- 4.1.2.1 The Communication systems shall utilise the latest proven technology and be designed to Info N/A
040102-01 allow simple, flexible, safe, reliable, efficient operation and maintenance, robust against any power
interruption and capable of automatic recovery without losing the system configuration.
ISCS-SysRS- 4.1.2.2 The Communication systems shall present very clear, easily comprehensible information Info N/A
040102-02 which shall include display, voice, time and sound for the passengers and operation teams.
ISCS-SysRS- 4.1.2.3 As far as reasonably practicable, the Communication systems’ field equipment shall be IP Info N/A
040102-03 Ethernet based with PoE features.
4.1.2.4 Any non-PoE and non-IP Ethernet equipment shall be subject to Employer’s acceptance.
040102-04
ISCS-SysRS- 4.1.3 Response Time and Accuracy [ISCS-SysRS-040103] Header Heading/
040103 Subheading
Page 166 of 171
Rev. No. 0.4.0

ID
4.1.3.1 The ISCS shall not adversely affect the response times of any integrated sub-system.
040103-01 401010-11
ISCS-SysRS- 4.1.3.2 The ISCS shall add no more than 500ms to a control command or indication from an Non-functional ISCS-SWRS-
040103-02 integrated sub-system. 401010-03
ISCS-SysRS- 4.1.3.3 The maximum time for an ISCS workstation to display a new view after operator request Non-functional ISCS-SWRS-
040103-03 must be less than 2 seconds. 401010-05
ISCS-SysRS- 4.1.3.4 Non-functional ISCS-SWRS-
The following table shows the maximum response times required between detection of a ‘change of state’ at the
040103-04 ISCS monitoring device (RTU/PLC/IED, interfaced system boundary), and the display and annunciation at the operator’s401010-01
workstation, in normal or degraded modes, while operator pre-set delays are disabled.
040103-04 401010-01
ISCS-SysRS- 4.1.3.5 The following table gives the maximum time between the operator command at the Non-functional ISCS-SWRS-
040103-05 workstation and the activation of the relevant output at the ISCS RTU/PLC, or reception by interfaced 401010-02
system, in normal or degraded modes.
040103-05 401010-02

4.1.3.6 Not Used
040103-06
Page 167 of 171
Rev. No. 0.4.0

ID
4.1.3.7 The ISCS HMI shall be fluid and never show signs of system freezing.
040103-07 401010-08
ISCS-SysRS- 4.1.3.8 Execution of any data enquiry functions such as archival and retrieval of historical data, Non-functional ISCS-SWRS-
040103-08 printing or trending functions shall not degrade the performance of the ISCS as outlined above. 401010-12
ISCS-SysRS- 4.1.3.9 In a redundant equipment configuration, switchover / failover from standby to active state Non-functional ISCS-SWRS-
040103-09 and reaching full system operational mode shall be less than 5 seconds. 401010-09
ISCS-SysRS- 4.1.3.10 The equipment switchover /failover shall be seamless and transparent to operators. No Non-functional ISCS-SWRS-
040103-10 data shall be lost during the switchover/ failover. 401010-09
ISCS-SysRS- 4.1.3.11 A complete system shutdown following the correct procedures shall take less than 5 Non-functional ISCS-SWRS-
040103-11 minutes. 401010-10
ISCS-SysRS- 4.1.3.12 The total accuracy of A-D conversion, transmission of digital value, and display in Info ISCS-SWRS-
040103-12 workstation shall be ±0.5% full scale value. 204010-04
ISCS-SysRS- 4.1.3.13 The WPC shall present the analogue parameters and performance for approval by the Functional ISCS-SWRS-
040103-13 Employer, during the design process. 404000-07
ISCS-SysRS- 4.2 Security Requirements [ISCS-SysRS-040200] Header Heading/
040200 Subheading
ISCS-SysRS- 4.2.1 Access Authority [ISCS-SysRS-040201] Header Heading/
040201 Subheading
ISCS-SysRS- 4.2.1.1 For system security, the ISCS shall be equipped with a configurable user access Non-functional ISCS-SWRS-
040201-01 authentication system which shall restrict the actions that can be performed by different operators on 202020-01
the different devices in the system, according to operator profiles.
ISCS-SysRS- 4.2.1.2 The system shall support system hardening features such as strong password, password Info N/A
040201-02 aging, password expiry etc.
ISCS-SysRS- 4.2.1.3 All audit trail records which shall be suitably protected from tampering and accessible only Info N/A
040201-03 by System Administrator.
ISCS-SysRS- 4.2.1.4 The access authority design shall include liaison with the Employer, and the Access and Info N/A
040201-04 Authority Strategy shall be submitted for review and approval by the Employer.
ISCS-SysRS- 4.2.1.5 The operator shall be able to control and monitor all equipment and functions for operation Functional ISCS-SWRS-
040201-05 of the relevant area of control. 202010-11
ISCS-SysRS- 4.2.1.6 The ISCS HMI for different operator’s profile and operator position shall be based of the Functional ISCS-SWRS-
040201-06 workflow study. 202010-09
ISCS-SysRS- 4.2.1.7 The operator shall be able to use ISCS HMI to perform operation function, control function Functional ISCS-SWRS-
040201-07 and monitor function on all railway system and selected E&M systems. 202010-10
Page 168 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 4.2.1.8 All Communication servers, workstations, equipment and etc. shall have multiple access Functional ISCS-SWRS-
040201-08 levels and each level shall have its own assigned functionalities access. These access levels design 202030-10
shall be submitted to Employer for review and acceptance.
ISCS-SysRS- 4.2.1.9 An operator may have multiple areas of authority. Control and monitoring of equipment at Functional ISCS-SWRS-
040201-09 Ancillary Building, if any, shall be under the area of authority of the associated station. 202030-01
ISCS-SysRS- 4.2.1.10 An ISCS HMI related to this user database shall be accessible by Administrators functions Functional ISCS-SWRS-
040201-10 from the ISCS to facilitate easy monitoring and modification. 202030-11
ISCS-SysRS- 4.2.1.11 The location and type of ISCS workstation shall not limit the level of functionality available Functional ISCS-SWRS-
040201-11 at that workstation, except for Security Rooms. 202010-02
ISCS-SysRS- 4.2.1.12 Functionality available in ISCS workstations at Security Rooms shall be restricted to the Functional ISCS-SWRS-
040201-12 functional requirements defined for such locations. The WPC shall propose the functional 202010-03
requirements for such locations.
ISCS-SysRS- 4.2.2 System Security [ISCS-SysRS-040202] Header Heading/
040202 Subheading
ISCS-SysRS- 4.2.2.1 The ISCS system shall implement data protection mechanisms in order to avoid accidental Info ISCS-SWRS-
040202-01 or intentional misuse of data. 402000-01
ISCS-SysRS- 4.2.2.2 The interfaces shall be secure and shall not affect the integrity and safety of the installed Non-functional ISCS-SWRS-
040202-02 systems. 402000-03
ISCS-SysRS- 4.2.2.3 The system shall be protected against viruses, hacking and malicious attack, refer to Non-functional ISCS-SWRS-
040202-03 Cybersecurity Requirements. 402000-04
040202-04 4.2.2.4 The interfaces shall be secure and shall not affect the integrity of the rail systems or the 402000-05
safety of the railway, in line with Cybersecurity Requirements. ISCS-SWRS-
403000-01
040203 4.2.3 Remote Access Security [ISCS-SysRS-040203] Subheading
ISCS-SysRS- 4.2.3.1 The diagnostic and maintenance access shall be protected by security features such as a Non-functional ISCS-SWRS-
040203-01 DMZ, firewall and password protection to ensure the integrity of the ISCS system is maintained. 402000-02
ISCS-SysRS- 4.2.3.2 Activities performed during remote access shall be monitored and automatically recorded in Non-functional ISCS-SWRS-
040203-02 the event log. 402000-06
ISCS-SysRS- 4.3.1 ISCS System [ISCS-SysRS-040301] Header Heading/
040301 Subheading
Page 169 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 4.3.1.1 The ISCS system shall be a fully flexible and scalable system which shall be upgradeable Non-functional ISCS-SWRS-
040301-01 with only configuration data and modular software modification to incorporate future. 401040-01-01
ISCS-SWRS-
401040-04
ISCS-SWRS-
401040-04-01
ISCS-SWRS-
401040-04-02
ISCS-SWRS-
401040-04-03
ISCS-SysRS- 4.3.1.2 The ISCS system shall be able to be upgraded and or modified to incorporate any other Non-functional ISCS-SWRS-
040301-02 changes which may be required during the lifetime of the system. 401040-01-02
ISCS-SysRS- 4.3.1.3 The ISCS system shall be open and modular in nature so as to provide for the maximum Non-functional ISCS-SWRS-
040301-03 adaptability and flexibility during the life of the systems. 401040-01-03
ISCS-SysRS- 4.3.1.4 The ISCS system shall be easily reconfigurable, to allow changes to be made without the Non-functional ISCS-SWRS-
040301-04 need to resort to the original contracting organization. 401040-08
ISCS-SysRS- 4.3.1.5 This shall include but not be limited to the addition, removal or update of HMI graphical Non-functional ISCS-SWRS-
040301-05 objects, RTU/PLC/IED, input and outputs, etc. 401040-09
ISCS-SysRS- 4.3.1.6 The ISCS shall be designed to enable modifications and/or extensions to be executed with Non-functional ISCS-SWRS-
040301-06 no significant disruption of operation across the Project. 401040-10
ISCS-SysRS- 4.3.1.7 The WPC shall provide details of any future proposed updates to the core equipment Non-functional ISCS-SWRS-
040301-07 foreseen within the lifetime of the system. 401040-03
ISCS-SWRS-
401040-03-01
ISCS-SWRS-
401040-03-02
ISCS-SWRS-
401040-03-03
ISCS-SWRS-
401040-03-04
ISCS-SysRS- 4.3.1.8 The WPC shall provide documentary evidence as to how changes to the core operating Info N/A
040301-08 equipment including all hardware and software post commissioning is to be managed during the
lifetime of the system, determining effective strategies to combat the system obsolescence.
Page 170 of 171

Rev. No. 0.4.0

ID
ISCS-SysRS- 4.3.1.9 Software databases, regardless of the mode of operation, shall be designed to allow ease Info ISCS-SWRS-
040301-09 of expansion. 401040-06
ISCS-SysRS- 4.3.1.10 The delivered system database structures shall be able to expand by 100% of the original Info ISCS-SWRS-
040301-10 supplied size without the purchase of any hardware or software for system database structures. 401040-07
Page 171 of 171


P205 ISCS D2.2 SRS Rev0.4.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

P205 ISCS D2.2 SRS Rev0.4.0

Uploaded by

Copyright:

Available Formats

WILLOWGLEN (MALAYSIA) SDN BHD

Document No. : P205_ISCS_D2.2_SRS

Prepared By 1st Reviewed By 2nd Reviewed By Approved By

0.0.0 20 Sept First Issue Siti Nuraini

0.1.2 14 Apr Yaw Choon Kit

Rev. No. Rev. Date Rev. Description Revised By

(c) Section 5.2.2 & 5.2.13,

2. Updated Section 9 based on updated ISCS SysRS

0.3.0 8 June Document baseline. Yaw Choon Kit

0.4.0 14 July Document baseline. Yaw Choon Kit

3.10 General Software Requirements [ISCS-SWRS-110000] ................................................................ 27

4.1.2 User HMI Functionality [ISCS-SWRS-201020] ....................................................................... 29

4.5.11 Colours [ISCS-SWRS-205110]................................................................................................ 39

4.6.11 Alarm Group [ISCS-SWRS-206110]........................................................................................ 44

4.12 Training Simulator Requirements [ISCS-SWRS-212000] ............................................................... 47

5.1.3 Public Address (PA) System Interface [ISCS-SWRS-301030] ............................................... 51

5.1.6 TETRA Radio System (TETRA) Interface [ISCS-SWRS-301060] .......................................... 57

5.2.11 Uninterruptible Power System (UPS) Interface [ISCS-SWRS-302110] .................................. 67

6 Non-Functional Requirements [ISCS-SWRS-400000] ............................................................................ 69

6.1.1 Response Time [ISCS-SWRS-401010] ................................................................................... 69

Figure 5-23 : Sequence Diagram for Traction Power Status .............................................................. 64

(The remainder of the page is intentionally left blank)

1.1 Purpose of Document

1.2 Scope of Works

1.3 Acronyms, Abbreviations and Terms

1.3.1 Acronyms and Abbreviations

Table 1-1: Table of Abbreviations

Acronyms & Definition

ACS Access Control System

AFC Automatic Fare Collection

AMS Access Management System

API Application Programming Interface

ATS Automatic Train Supervision

BDCC Backup Depot Control Centre

BMS Building Management System

BOCC Backup Operation Control Centre

CAD Computer-Aided Design

CBN Communication Backbone Network

COMMS Communications System

CPU Central Processing Unit

CRIS Control Room Server IP

CSV Comma Separated Values

DESV Depot Equipment & Service Vehicle

DSS Decision Support System

DVAS Digital Voice Announcement System

ECS Environmental Control System

EMC Electromagnetic Compatibility

ESP Emergency Stop Plunger

GUI Graphic User Interface

Acronyms & Definition

HMI Human Machine Interface

iBMS Integrated Building Management System

IED Intelligent Electronic Device

IMR Incident Management Room

I/O Input / Output

IPS Intrusion Protection System

ISCS Integrated Supervisory and Control System

JPEG Joint Photographic Experts Group

LAN Local Area Network

LOTO Lock Out Tag Out

MCS Master Clock System

NTP Network Time Protocol

NVR Network Video Recorder