Table of Contents
2.4 System Overview
3 Business Requirements
3.3 Regulatory and Legal
3.4 Market Considerations
3.5 Risk and Alternatives
3.6 Human Resources and Training
4 Context Diagram
5.1 Functional Descriptive Requirements
5.2 Requirement Use Cases
5.3 Use Case Diagrams
5.4 Non-Functional Descriptive Requirements
6.1 Component Architecture Diagram
6.2 Component Descriptions
6.3 Class Diagrams
6.4 Class Relationship/Interaction Diagrams
6.5.2 Event Di agrams
6.6 Activity/State Diagrams
6.7 State Logic
6.8.1 Sequence Diagrams
6.8.2 Collaboration Diagrams
7.5 Key Event
The purpose of this document is to break down the business specifications and record the scope, overview, deliverables, requirements and risks for the BMS system. The audience for the document is the customer’s project manager and development team.
Team name: Team 1
Project name: Business Management System (BMS)
Version number: 1
The BMS will include an interface connecting each thermostat, if digital, to the system allowing zone level climate automation such as the setpoints functionality. The existing lighting of the building will be modified at the breaker level to provide zone level control of lighting (on or off). A Business renting one or more zones in the building will have control of climate and lighting set points to control the environment of its workspace. The building owner will not take responsibility for establishing this schedule. The schedule will be in effect for the duration of the lease
To allow for a transition into the building for new business tenants, the building will allow businesses to establish their set points prior to their lease period. Thus the system will accommodate new tenants accessing their setting prior to moving in.
An automated phone assistant will be provided to make a request to override the conditions of a room for uncommon schedule modifications (for example overtime during the weekend). Flexible security settings will be provided, meaning the clearance requirements are controllable at the individual room level. A reliable digital lock interface will be provided that unlock doors for three seconds upon successful clearance validation. The BMS will also have the ability to circumvent all security procedures by manually disabling the locking mechanism on a given entrance, initiated by authorized personnel, which will leave it unlocked at all times.
There are two primary external systems that the BMS will interact with, the relevant buildings HVAC system as well as the lighting system. The existing doors will remain in place and only have their locks modified or replaced to operate in accordance with the ID badge magnetic scanning and 5 digit identification key code verification technology. The security officers will be considered as a third party and thus are external to the BMS. Real-time and stored historical data trace malfunctioning or any other issues in performance closely; however, repairs and solutions are are not provided by the system.
Employees will have the option to ask the building supervisor to release the room from the zone control, which allows the employee to use the thermostat to set the temperature for that room. The thermostat will either be outfitted with a network relay to send and receive data from the BMS or will be fully replaced with an off the shelf “smart” thermostat such as the Nest Connected Thermostat, capable of wired and internet communication. The thermostat is thus a key boundary between the BMS and the external HVAC system. Digital locking mechanisms are complex and thus may not be added onto existing locks found in the building; however, the door, it’s frame, and the latching mechanism in place will still be used with the new locks. Hence, they must be closely inspected to provide sufficient security for businesses, as the locks are only as robust as the door they are mounted on. Employees may also phone in a request to change the conditions of a specific room, any phone may be used to call a toll-free number, so this will present another interface between the user and the BMS. The security officers will be trained to learn how the alert system works in the case of the prescribed unsuccessful attempt limit, making them an integral part of the BMS’s safety features
2.3 Objectives Deliverable Dates:
Week Date Project
7 10/18 Business Specification
10 11/7 Requirement Specification
13 11/28 Analysis
13, 14, or 15 11/28, 12/5, or 12/19 Presentation
2.4 System Overview
The proposed BMS will be responsible for automating two major management components, the office security and climate control for each rental space. Each building owner is in need of a system that automates two major responsibilities for office rental management: These responsibilities are office security and office climate control.
The BMS will control security by allowing each business to specify a level of clearance needed to enter each individual room. Security will be maintained by a locking mechanism, and employees will be required to identify themselves. If the employee is cleared by the BMS to enter the room and if an employee is denied access to a room several times a security guard will be alerted. Businesses will have the opportunity to manually disable the locking mechanism, which leaves the door unlocked at all times.
The BMS will also allow the tenant to control the climate in their office space through the use of set points and the climate is controlled globally at the zone levell.
3. BUSINESS REQUIREMENTS
The impact of the BMS system will allow us to automate processes such as maintaining temperature and lighting across zones within buildings, and implementing security measures on a room basis, with minimal manual effort. This will support the mission of the company to become more technically advanced by replacing previous systems that were controlled manually (i.e. lock & key for rooms and individual thermostats).
The BMS system will allow the organization to control heating costs by limiting employee interaction with thermostats (employees must ask the business supervisor for thermostat control) and controlling the HVAC and lighting system at a zone level. There will also be an opportunity to decrease the temperature / lighting requirements during off periods such as weekends and evenings, to further save on heating and electrical costs. Automated security management will allow the business to save on personnel cost (less security staff), and prevent robberies. Additionally, the ability to control the building through the BMS will improve ease of management which can decrease the need for building supervisors.
3.3 Regulatory and Legal
The BMS will facilitate the leasing company to abide by “Tenant’s Right to Privacy Act”, a mandated statute that involves restrictive building and room access for commercial tenants.
It will also support clean energy efforts and will satisfy regulations for business energy consumption as per EPA requirements. The BMS security subsystem will support intellectual property confidentiality by limiting access to sensitive information. This is relevant for regulatory compliance such as PCI-DSS, the Protect Cardholder Data act, which calls for “Building and Maintaining a Secure Network and Systems, Implementing Strong Access Control Measures”. Another example would include the FISMA for U.S. federal agencies or affiliates.
3.4 Market Considerations
The technology implementation will expand market segmentation to businesses requiring a timely move-in period. Flexibility and enhanced control over the zone climates will be provided by the BMS which is paramount for certain applications. The BMS is more marketable than off the shelf security systems due to the implementation design (in the case of non technology sector businesses). Those that require specialized climate and lighting control such as fitness/exercise companies following a specific schedule (dim lights every half hour as class begins and change temperature halfway through each class). These companies such as Soulcycle have well-defined class schedules that repeat every week, demanding their leased spaces offer a great deal of environment automation (complex climate setpoints).
3.5 Risks and Alternatives
Business Risk: Internal restructure, or Merger/Acquisition
Probability: Not likely
How discovered: Discovered through status updates with the customer
Responsible Party: Customer is responsible for analyzing the consequences of internal restructure or M&A and communicating new requirements to software company
Mitigation Plan: Analyze new requirements and attempt to develop a plan to apply the BMS to the new organization
Use Case Risk: Change in requirements, specific conditions based on tenant requirements
Probability: May be likely in the future
How discovered: Would be discovered by customer alerting the software company of new requirements
Responsible Party: Customer is responsible for communicating new requirements to the software company
Mitigation Plan: Analyze new requirements and attempt to develop a plan to apply the BMS to the new organization
Technology Risk: New hardware systems such as the HVAC system, lighting system, and/or door hardware
Probability: Not likely in the next 5 years, but may change in the future
How discovered: Would be discovered by customer alerting the software company of changes
Responsible Party: Software company is responsible for adapting the software
Mitigation Plan: Evaluate the ability of the team to create new controls within the software for the new hardware components
Security Risk: Automation of locking/unlocking may pose risk for allowing unauthorized personnel into rooms
Probability: Low probability
How discovered: Security alerts are sent to the guard if a person is unable to enter the correct code 5 times or more within 15 minutes
Responsible Party: Software company is responsible for ensuring security within the buildings, so long as the building is in compliance with proper BMS utilization
Mitigation Plan: If security measures are found to be inadequate, re-design of security system is required
3.6 HR and Training
Currently not applicable, will be updated at a later time.
4. Context Diagram (high-level)
5.1 Functional Descriptive Detailed Requirements
1. Temperature and Lighting Specifications
The BMS system shall allow users to enter the desired temperature and lighting information on a zone level for the building that they control. The system shall also allow rooms to be released from zone control in the event that the employee has asked the building supervisor for thermostat control.
2. Zone-Level Temperature and Lighting Control
The BMS shall interact with the thermostat / HVAC and the lighting systems to maintain temperature control in the zones. Therefore, the BMS system shall realize changes in temperature and lighting and adjust the controls as necessary to comply with the user settings.
3. Security Clearance Information
The BMS shall allow building supervisors to enter in badge-level security clearance information for all employees – which the BMS will store in order to maintain a database that contains information on what employees are able to access which rooms.
4. Room-Level Security Maintenance
The BMS shall interact with the door locking systems to ensure that doors are kept locked until a cleared badge is scanned, and a correct code is entered. The door will remain unlocked for three seconds. If an incorrect code is entered more than 5 times by an employee within a 15 minute window, then a security alert shall be passed on.
5.2 Requirement Use Cases
1. Maintain Lighting and Temperature Information
The building supervisor shall have the ability to enter and modify lighting and information specifications for each zone they control
2. Release Room from Zone
The building supervisor shall have the ability to release a room from zone control if they are contacted by an employee and approve the use case
3. Maintain Security Information
The building supervisor shall have the ability to enter the security clearance for each employee, and their encrypted passcode information, as well as modify the information if necessary
4. Scan Badge
The employees shall have the ability to scan their badges in front of the room in order to gain access
5. Enter Passcode
After the employee’s badge has been scanned, the employees shall enter in their passcode to gain access to the door
6. Unlock Door
If the passcode entered is correct, and the employee is cleared to enter the room, the door shall be unlocked for three seconds
7. Thermostat Control
If the building supervisor releases a room from control, the employee shall have access to the thermostat for controlling the temperature of the room
8. Security Alert
If an incorrect passcode is entered five times within a 15 minute window a security alert shall be sent to the necessary security personnel
5.3 Use Case Diagrams
5.4 Non-Functional Descriptive Detailed Requirements
Non-Functional requirements definitions
1. System shall allow building supervisor to make changes to temperature, lighting or security information as often as once every 30 seconds
2. System shall service out changes to the temperature system, lighting system and door locking system within 1 hour of making the change
3. System shall take no more than 1 second to unlock door after correct passcode / badge has been entered
4. System shall send security alert within 3 seconds of the fifth incorrect passcode being entered
5. Badge reader shall be able to scan badges on the first swipe at least 85% of the time
6. Security clearance shall have 0% false positives when unlocking the door
System Capabilities, conditions, and constraints
Physical Resource Requirements
The physical architecture will require specialized materials to accommodate human interaction over time, as well as wiring that is reliable over at least one leasing period (assumed to be minimum of two to three years). The locking mechanism will be accessed dozens or even hundreds of times per day and thus will require a scanner that is impact resistant (generally high strength crosslinked polymers are used) and a water resistant keypad that will withstand skin oils and potential fluid spills (such as if an employee spills coffee when typing in their personal code). Electrical equipment for commercial spaces require components made of higher quality to provide high reliability and low latency in the case of security alerts. Thus high speed cable assemblies will be needed with micro co-ax or twin-ax technology for example to minimize any potential safety threats as quickly as possible.
Computer Hardware Requirements
The BMS has many non functional computer hardware requirements including general scalability, maintainability, interoperability, security, data capacity, and environmental impact. The BMS hardware infrastructure will accommodate a growing workload as the number of active units increases. This will be most significant in the case of the called in override requests because each zone will be tracked on a common server. The servers will thus be part of a cloud storage configuration to allow for indefinite client base growth. Interoperability for the security notification network is important; however, the hardware interface will be up to the specific building managers and their existing communication system. Environmental efforts for electrical components have become increasingly beneficial for businesses in the past decade, with the EPA offering tax deductions. This will be achieved through reuse of PCBs and casings as well as recycling electronics to extend the life cycle of valuable materials.
Computer Software Requirements
Multicore processing is required of a computer interfacing with the BMS. This is crucial for large scale zones implementing many security doors with varying clearance requirements. The quick response time and breach notifications require low latency from the software interpreting I/O and circuit data (such as WaveForms to analyze the output of an example lighting circuit shown below)*. Multiprogramming will thus be used to achieve fast run times taking advantage of modern computing technology (cost efficient processing hardware such as transistors). A modern operating system (Windows XP or later) will also be needed to satisfy the performance requirements presented, especially in the case of computationally demanding data encryption to deter potential hacking. The BMS microcontrollers and networking ports are compatible with Windows, Linux and OSX, however it is the responsibility of the customer to ensure they have the latest version of the software to stay up to date on any defect corrections made. Network accessibility software will also be required for high speed connection with the BMS central command. Optionally the customer is advised to have maintenance tracking software or an alternative such as the Microsoft Office Suite to keep track of any issues that may occur and the associated information.
Example light control circuit
Computer Communications Requirements
Computer and Communications networks infrastructures are necessary for the central command of the BMS, which keeps track of all set points, room clearance requirements, and climate overrides for every leasing space. The Internet will thus be the core of the BMS computer-communication infrastructure. Latency is of high importance for climate overrides and thus the BMS network technologies, architectures and protocols must overcome the limitations of the legacy Internet, moving towards more ubiquitous, secure paradigms. Possible technologies include self organizing/autonomic networking, algorithmic scaling, Green, and opportunistic networking.
Leasing space environmental control, that is, temperature and humidity, are matters of human comfort. The BMS will provide thermal comfort in an office environment within the context of air temperature, humidity, and air movement to satisfy the majority of building occupants, with suggested ranges varying for cold and hot weather . There are no regulations specifically addressing the latter in a commercial leasing setting ; however, there are OSHA guidelines for engineering and administrative guidance to prevent environmental control problems and a dissatisfied customer. The BMS climate control will thus have to interface with an air treatment system to removal air contaminants and effectively control each zone temperature and humidity. The BMS will be capable of reaching any temperature within the range of 65 and 75° F and humidity control in the range of 15%-50%, within a reasonable time frame (must be timely due overrides in the case of settings that were not preset).
System Performance characteristics
The BMS numerical performance requirements are primarily related to human interaction rather than the standalone software. The number of supported office space implementations is theoretically limitless because of the database scalability, making this static quantification difficult to assess. The supported number of simultaneous users is also limitless besides in the case of clearance and atmosphere overrides being made at once. Even with modern multiprogramming, each override will occur subsequently rather than at the same time. Accounting for network communication delay and server refresh rates each override will be done on the order of milliseconds, meaning that up to 600,000 customers will be able to request an override without experiencing any noticeable feedback delays after the one hour waiting period. Thus if each customer modifies all of their clearance settings at the maximum rate of every 30 seconds then each request will be placed in a chronological queue and the n’th request will be fully processed after approximately 100*n milliseconds.
The BMS will notify security officers/guards within the prescribed subsequent failure attempts of accessing a locked room. Thus it will be required to keep the leasing space safe from any
In A review on BMS Design and its Safety Integrity Level requirements , different categories of safety standards are defined in the context of a BMS. Even though this document is centered around industrial settings, it contains categorization factors for safety threats. The BMS must reduce any “Major” safety scenarios into either a “Minor” or “No Effect” category by ensuring connectivity to the designated security authorities.
Security and Privacy Requirements
Use case specifications are used to consider threat scenarios in a quantifiable manner. This is facilitated by “reducing ambiguities and incompleteness in use cases with the Restricted Use Case Modeling method (RUCM) ”, empirically evaluated through controlled experiments and adapted to the application of security threats.
Having use cases already developed allows us to view which stakeholders are involved and thus are at risk of privacy or security breaches. Modifications are needed to develop so-called “abuse cases” or “misuse cases” to identify specific vulnerability exploitation, threat scenarios and threat reduction procedures.A specific example would include the network communication between central command and each BMS implementation. A hacker will seek malicious entry into the system via weak points in the infrastructure such as a wifi router with rogue access points, or susceptible to eavesdropping, man in the middle attacks, DNS cache poisoning… Fortifications will be envisioned with expended effort proportional to the risk associated with successful security breaches to the customer and the company.
System Human Interfaces
The BMS will be primarily designed to accommodate interaction with the leasing space office administrators as well as security authorities. The BMS interfaces must be oriented towards user experience and ease of use ensuring that the customer is satisfied with the product; namely, the interfaces will follow the user’s mental model. This will include clear system feedback (ie. a light and sound indicators showing the status of a door unlock attempt or visual queues for thermostat setting modifications), consistency across the platform (all door mechanisms will behave the same, and intuitive operation (keypad will be linked to the nearest or adjacent locked door, scanning and personal keycode entry order is interchangeable…).
The direct customer issuing the lease generally aims for the highest acceptable rent for as long as possible, meaning a 10 year lease or longer is desired. As stated earlier, the average commercial lease lengths are 3 to 5 years for office space, depending on market conditions, the existing condition of the space, and the scope of tenant improvements needed. The BMS will need to stay up to date with software conducive to updates and re-releases to keep up with evolving technology such as thermally driven air conditioning, sensor enhanced ventilation or multi-fuel heat pumps . Any significant technological advances will need to be implemented at any point during a leasing period and thus having an adaptive BMS will ensure minimal downtime for these upgrades (installed over the weekend or at night when the space is already scheduled to be vacant).
System Quality Factors
Hardware and software quality factors have been referenced in the prior and following non-functional requirements. In more detail, the system’s reliability; that is, its ability to perform correctly and consistently is guaranteed within the larger expected leasing time period of 5 years. It will be easily maintained in the case of defects reported by the customer or detected by the BMS central command team. The system’s availability is guaranteed to be 24/7 due to its automated nature, excluding override features requiring assistance from the central command. The BMS offers portability primarily for implementation in environments with varying building interfacing, HVAC, lighting, and door locking mechanisms. The fact that the BMS controls easily quantified processes (temperature, humidity, light toggling, and door lock toggling) gives it the ability to be easily and thoroughly tested. Either the building manager or a BMS employee is able to visit the office space and take these measurements within minutes and determine if the system is working properly on that given day (the most complex tests involving overrides and security clearance modifications form central command). Repeating this for seven consecutive days is sufficient to show the system’s long term performance as this is the maximum schedule the BMS may accommodate.
Design and Construction Constraints
The commercial space and housing for the BMS will already be in place for each envisioned customer, as there are many office rental properties throughout the county. Each building owner will have a different zone layout, so the BMS will be versatile and will be minimally constrained by the clearance rooms and their respective entry doors, the security stations and the existing notification/alarm technology in place, and the HVAC equipment.
Life Cycle Model
Software Maintenance is a primary process in the life cycle of a software product , which is comprised of the activities and tasks of the maintainer. The BMS maintenance shall consume a major share of a software life cycle financial resources, and is thus an important project consideration, leading toward improvements and additional customer requirements. Database improvement was mentioned for scalability; however all aspects of the BMS will require regular maintenance achieved using tools, methods, and techniques set forth by the IEEE. The implementation of the latter however is not given as it depends upon each customer’s (the building manager in this case) contractual agreement. An iterative process will be adopted for for all software maintenance activities, using a process model fit to the BMS to illustrate the key phases of maintenance (not simply chronological). As recommended by the International Standard, maintenance criteria and methodologies will be determined during the early planning stage of software development.
The BMS is required to accommodate a large number of personnel for the door locking mechanism, however the two simple steps required to achieve this translate to a simple one-time demonstration of the scanning and keypad entry methods via e-mail or in person. The zone setpoints will be accessed by middle management in each leased office space, meaning specialized instructions may be given demonstrating the various environmental control options provided by the BMS. The most sensitive personnel-related requirement involves the security officers interacting with a security breach notification. As the effects of human error are potentially catastrophic here, security personnel will have extensive training to be adept with the audio and visual indicators and the corresponding scenario (ie. code red requires in person inspection due to adjacent doors attempted to be accessed repeatedly, possibly representing an intentional break-in).
No specific training materials are needed for the BMS project; however, the software and physical package will include a thorough user manual describing the various subsystems and their operation instructions. A help desk phone number will also be given to all customers for any troubleshooting required upon installation of the system.
Commercial office space leases tend to favor the landlord. The BMS will have two levels of customers, completing the transaction with the building owners and having the zone tenants be the end user. Logistics are thus important as both customers have flexibility in terms of using the BMS and their lease negotiations (aiming to avoid the termination option and encourage the extension option). Although the BMS logistics requirements mostly pertain to the initial installation in the leasing space, any maintenance must be hassle-free to ensure the satisfaction of the customer. This includes timely component delivery and assembly as well as ease of integration into the existing building infrastructure (ie. communication technology, door locking mechanisms, HVAC I/O and controllers).
All associated software and documentation will be delivered to the customer on CD’s or digitally by email, depending on the customer’s preference. Compatibility with major distributors such as Amazon.com will be satisfied to ensure the maximum market share possible. Thus each unit must be contained within a single, secure package and have a unique Fulfillment Network Stock Keeping Unit (FNSKU) corresponding to the BMS product. The different subsystems including the software unit (microcontroller, processors and casing), the hardware (door scanner, keypad) must thus be packaged together prior to reaching fulfillment centers for distribution. This will coincide closely with logistic requirements because of the likely subcontracting used for independent subsystems.
Precedence and Criticality Requirements
The requirements mentioned above have varying importance and thus it is important to identify those that are critical to the BMS security and privacy (relating to the customer’s information among others). The Security and Privacy Requirements, Personnel-Related Requirements, as well as System Human Interfaces are of utmost importance for the BMS safety and consequently the commercial office space security. Security and Privacy Requirements are the highest priority for ensuring the customer’s privacy, spanning from sensitive information stored in the office space or safety camera footage, all the way to commonplace electrical consumption data. All other requirements have approximately equal weight and will be treated with the same priority level.