20070213 S2-RS-ESA-SY-0011 PA Requirements …emits.sso.esa.int/emits-doc/S2_PARD_B2CDE1_EMITS.pdf · S2-RS-ESA-SY-0011 1/1 ... 9.1.5 Corrosion ... Standardization (replaces MIL-HDBK-5)

Ref.: Issue/rev. Date: Page:

S2-RS-ESA-SY-0011 1/1 14 February 2007 2/25

GMES SentinelGMES SentinelGMES SentinelGMES Sentinel----2222

DOCUMENT CHANGE RECORD

Iss./Rev. Date Section Observations

1/0 5 Feb.

2007

All First Issue for pre-TEB.

1/1 13 Feb

2007

3.1

9.1.13

Update issue number of ECSS-M-00B and

DOT/FAA/AR-MMPDS-02

Request printed circuit board to be

procured from ESA qualified manufacturers




TABLE OF CONTENTS

1. SCOPE ................................................................................................................6

2. Applicability ......................................................................................................6

3. Documents ........................................................................................................6

3.1 Applicable Documents ................................................................................ 6

3.2 Reference Documents ................................................................................. 8

4. Product Assurance............................................................................................9

4.1 PA Programme............................................................................................... 9

4.2 PA Plan ............................................................................................................ 9

4.3 Right of Access .............................................................................................. 9

4.4 PA Progress Reporting................................................................................. 10

4.5 PA Database................................................................................................ 10

5. Quality Assurance ..........................................................................................10

5.1 Normative documents................................................................................ 10

5.2 QA Programme Audits................................................................................ 10

5.3 Critical Items Control................................................................................... 11

5.4 Non-conformance Control System........................................................... 11

5.5 Alert System .................................................................................................. 11

5.6 Handling, Storage, Preservation................................................................ 11

5.7 Statistical Quality Control and Analysis .................................................... 11

5.8 Cleanliness and Contamination Control ................................................. 12

5.9 Manufacturing, Assembly and integration reports ................................ 12

5.10 Test Facilities.............................................................................................. 12

5.11 Test Reports ............................................................................................... 12

5.12 End Item Data Package (EIDP) ............................................................. 12

5.13 Packaging, Marking and Labelling, Transportation ........................... 12

6. Dependability Assurance ..............................................................................13

6.1 Consequence Severity Categories........................................................... 13

6.2 Failure Tolerance ......................................................................................... 13

6.3 Reliability Analysis ........................................................................................ 14

6.4 Failure Propagation..................................................................................... 14

6.5 Dependability Testing and Demonstration.............................................. 15

7. Safety ...............................................................................................................15

7.1 Safety Programme ...................................................................................... 15




7.2 Safety Plan.................................................................................................... 15

7.3 Safety certification ...................................................................................... 15

7.4 Launcher Safety Submission....................................................................... 16

8. EEE Components .............................................................................................16

8.1 General ......................................................................................................... 16

8.2 Components Control Programme............................................................ 16

8.3 Declared Components List ........................................................................ 16

8.4 EEE Components Selection........................................................................ 16

8.5 EEE Components Approval........................................................................ 17

8.6 EEE Component De-rating ......................................................................... 18

8.7 Radiation-Sensitive EEE Components....................................................... 18

8.8 Components in Off-The-Shelf equipment................................................ 19

8.9 Components from stock............................................................................. 19

8.10 Specific component requirements ....................................................... 19 8.10.1 Application Specific Integrated Circuits (ASIC)........................................ 19 8.10.2 Hybrids ............................................................................................................. 20 8.10.3 Field programmable Gate Arrays (FPGA).................................................. 20 8.10.4 Monolithic Microwave Integrated Circuit (MMIC) ................................... 21 8.10.5 Electro-optical devices................................................................................. 21 8.10.6 Electro-magnetic devices............................................................................ 21

9. Materials, Processes, and Mechanical Parts ...............................................21

9.1 Technical Requirements For Selection of Materials and Mechanical Parts

21 9.1.1 Vacuum........................................................................................................... 21 9.1.2 Forbidden Materials ...................................................................................... 22 9.1.3 Thermal Cycling ............................................................................................. 22 9.1.4 Electrochemical Compatibility.................................................................... 22 9.1.5 Corrosion ......................................................................................................... 22 9.1.6 Stress Corrosion............................................................................................... 22 9.1.7 Fluid Compatibility ......................................................................................... 22 9.1.8 Solar Radiation ............................................................................................... 22 9.1.9 Allowable Stress.............................................................................................. 23 9.1.10 Limited Life Time............................................................................................. 23 9.1.11 Atomic Oxygen.............................................................................................. 23 9.1.12 Magnetic Materials ....................................................................................... 23 9.1.13 Printed Circuit Boards.................................................................................... 23

9.2 Processes....................................................................................................... 23

9.3 Material/Mechanical Parts and Process Lists.......................................... 24




10. Configuration management........................................................................24

11. Software Product Assurance .......................................................................24

12. Off-The-Shelf Space Equipment ..................................................................24




1. SCOPE

This document defines the Product-Assurance and Safety requirements applicable to the Sentinel-2 project.

The satellite shall be designed, tested, manufactured and operated in compliance with these requirements, which are applicable to the Prime-contractor, sub-contractors and suppliers. It is the responsibility of the Prime-contractor to tailor these requirements to sub-contractors and suppliers and to ensure their implementation.

2. APPLICABILITY

The requirements are applicable to the spacecraft (flight hardware, flight software and flight spares) for the project phases B, C/D, E1. Other hardware and software shall be safe for ground operations and shall be representative of flight hardware with respect to form, fit, and function, and shall not lead to the failure or degradation of flight hardware/software.

3. DOCUMENTS

3.1 Applicable Documents

The following documents (latest issue at contract signature) shall be applicable with the modifications specified in this document.

ECSS-E-30-01A Fracture Control

ECSS-P-001B Glossary of Terms

ECSS-M-00B Space project management - policy and principles

ECSS-M-40B Configuration Management

ECSS-Q-00A Policy and principles

ECSS-Q-20B Quality Assurance

ECSS-Q-20-04A Critical Item Control

ECSS-Q-20-07A Quality Assurance for test facilities

ECSS-Q-20-09B Non-conformance Control System

ECSS-Q-30B Dependability

ECSS-Q-30-01A Worst case circuit performance

ECSS-Q-30-02A Failure Modes, Effects and Criticality Analysis

ECSS-Q-30-11A EEE components - Derating and end-of-life parameter drifts

ECSS-Q-40B Safety

ECSS-Q-60A EEE Components

ECSS-Q-60-01A European preferred parts list (EPPL) and its management

ECSS-Q-60-02A ASIC and FPGA development

ECSS-Q-60-05A Generic Procurement Requirements for Hybrid Microcircuits




ECSS-Q-60-11A EEE components - Derating and end-of-life parameter drifts NOTE: Applicable only for end-of-life parameter drifts, the Derating requirements are covered in ECSS-Q-30-11A.

ECSSQ-60-12A Design, selection, procurement and use of die form monolithic microwave integrated circuits (MMICs)

ECSS-Q-70B Materials, Mechanical Parts and Processes

ECSS-Q-70-01A Contamination and cleanliness control

ECSS-Q-70-02A Thermal vacuum test for the screening of space materials

ECSS-Q-70-03A Black-anodizing of metals with inorganic dyes

ECSS-Q-70-04A Thermal cycling test for the screening of space materials and processes

ECSS-Q-70-05A Detection of organic contamination of surfaces by infrared spectroscopy 31-Aug-2005 TEC-QM

ECSS-Q-70-07A Verification and approval of automatic machine wave soldering

ECSS-Q-70-08A Manual soldering of high-reliability electrical connections

ECSS-Q-70-09A Measurements of thermo-optical properties of thermal control materials

ECSS-Q-70-10A Qualification of printed circuit board

ECSS-Q-70-11A Procurement of printed circuit board

ECSS-Q-70-13A Measurement of the peel and pull-off strength of coatings and finishes using pressures-sensitive tapes

ECSS-Q-70-18A Preparation, assembly and mounting of RF coaxial cables

ECSS-Q-70-20A Determination of the susceptibility of silver plated copper wire and cable to “red-plague” corrosion

ECSS-Q-70-22A The control of limited shelf-life materials

ECSS-Q-70-25A The application of the black coating Aeroglaze Z 306

ECSS-Q-70-26A Crimping of high-reliability electrical connections

ECSS-Q-70-28A The repair and modification of printed circuit board assemblies for space use

ECSS-Q-70-30A The wire wrapping of high reliability electrical connections

ECSS-Q-70-33A The application of the thermal control coating PSG 120 FD

ECSS-Q-70-34A The application of the black electrically conductive coating Aeroglaze H322

ECSS-Q-70-35A The application of the black electrically conductive coating Aeroglaze L300.

ECSS-Q-70-36A Material selection for controlling stress corrosion cracking

ECSS-Q-70-37A Determination of susceptibility of metals to stress corrosion cracking




ECSS-Q-70-45A Standard methods for mechanical testing of metallic materials

ECSS-Q-70-46A Requirements for manufacturing and procurement of threaded fasteners

ECSS-Q-70-51A Process of terminating and splicing optical fibres/cables/assemblies

ECSS-Q-70-71A-1 Data for selection of space materials and processes

ECSS-Q-80B Software Product Assurance

ECSS-E-40B Software

PSS-01-202 Preservation, storage, handling and transportation of ESA spacecraft hardware

PSS-01-204 Particulate Contamination Control in Clean Rooms by Particle Fall- out Measurement

PSS-01-604 Generic specification for silicon solar cells

PSS-01-605 Capability approval programme for hermetic thin-film hybrid micro circuits

PSS-01-606 Capability approval programme for hermetic thick-film hybrid micro circuits

PSS-01-706 The particle and ultraviolet (UV) radiation testing of space materials

PSS-01-738 High-reliability soldering for surface-mount and mixed-technology printed circuit boards

PSS-01-748 Requirements for ESA approved skills training and certification (Electronic assembly techniques)

DOT/FAA/AR-MMPDS-02 Metallic Materials Properties Development and Standardization (replaces MIL-HDBK-5)

ESCC 9000 Generic Specification

MIL-STD-981 Electro-magnetic Devices

3.2 Reference Documents

ISO 19011:2002 Guidelines for quality and/or environmental management systems auditing.




4. PRODUCT ASSURANCE

4.1 PA Programme

The PA programme shall ensure that the Sentinel-2 mission will successfully achieve the intended objectives. This shall be achieved in the most cost-effective way by managing the available resources and personnel within the allocated budget, and by coordinating in an integrated effort the PA activities with the functions of project management and engineering.

The PA programme shall be established according to the requirements of ECSS-Q-00A, chapter 3, Product Assurance Management and ECSS-M-00B chapter 5.2, Policy and Principles.

4.2 PA Plan

The Prime-contractor shall establish and maintain a PA Plan to describe the resources, tasks, responsibilities, methods and procedures adopted by the Prime-contractor for the implementation of the PA requirements and for the achievement of the PA objectives.

The PA Plan shall serve as a master planning and control document for the product assurance programme.

The PA Plan shall include details as to how the Prime-contractor intends to verify that the programme will be accomplished and how he intends to perform supervisory and monitoring actions on Sub-contractors and Suppliers. Prime-contractor internal company procedures may be referenced in the PA Plan, in this case they shall be provided to ESA on request. Prime-contractor should be aware that referencing internal company procedures in the PA Plan will limit the company's ability to unilaterally change the procedures. All modifications to these procedures shall be considered as modifications to the PA Plan.

The PA Plan shall be approved by ESA.

The Prime-contractor shall deliver with the proposal a compliance matrix, complemented with the relevant supporting documentation.

4.3 Right of Access

ESA reserves the right of access to: � all documentation relevant to the programme; � all areas and operations within the Prime-contractor, sub-contractors or

suppliers facilities in which work is performed or items are stored relevant to the project, even if the information is considered proprietary.

ESA will undertake not to disclose such information to a third party, in accordance with the ESA Contract.

ESA reserves the right to perform or participate in any or all audits, surveys, inspections, reviews, etc. relevant to the project. ESA’s participation shall not in any way replace or relieve the Prime-contractor of his responsibilities.




4.4 PA Progress Reporting

PA progress reporting shall be part of the overall project progress reporting and shall include as a minimum:

� Status of the PA activities since the last progress report, separated for the different disciplines (QA, Dependability, Safety, EEE-Components, MPP, Software PA)

� Non-conformance and waiver / deviation status. � Critical items status. � Accomplishments during the considered period. � Planned accomplishments in the next reporting period � Identified problems & risk which may affect customer requirements

schedule and cost. � Activities planned to control identified problems & risk factors � Alert status report � Audit Programme Status

4.5 PA Database

All PA-related data and analyses (such as NCR’s, RFW/RFD, EEE components list, materials, mechanical parts and processes lists, reliability/safety analysis, CIL, pictures…) shall be stored in an electronic database. This shall allow to import and export data from and to sub-contractors and ESA. The database format and content shall be agreed with ESA.

5. QUALITY ASSURANCE

The Prime-contractor shall prepare, maintain, and implement a plan of the QA activities. The plan describing the QA programme for Sentinel-2 shall be part of the PA plan. The requirements for the QA programme are defined in ECSS-Q-20B with the following modifications.

5.1 Normative documents

This chapter is a supplement to clause 2 of ECSS-Q-20B.

Where suitable, further existing documentation can be applied; besides ECSS, this can be MIL, NASA or ISO standards.

In case of conflict, ECSS standards shall prevail.

5.2 QA Programme Audits

This chapter is a supplement to 4.6 of ECSS-Q-20B.

The Contractor shall perform audits following the guidelines of ISO 19011:2002.

The Prime-contractor shall prepare a checklist to be used when performing audits. This checklist shall be subject to ESA review before it is used.

The Prime contractor shall notify ESA, at least ten working days in advance, of the intention to conduct an audit (external or internal).




A copy of the audit report generated by the Prime-contractor shall be sent to ESA within 2 weeks after the audit has taken place. The report shall include:

� identification of areas of non-compliance or weakness, if any � corrective actions with due dates, � conclusions with statement on the acceptability to proceed with the

activities, � the completed audit checklist.

5.3 Critical Items Control

This chapter is a supplement to clause 4.8 of ECSS-Q-20B.

The Prime-contractor shall established and maintain a list of critical items (CIL) as defined in ECSS-Q-20-04A.

5.4 Non-conformance Control System


All Major NCR’s shall be notified to the Customer within 2 working days.

The Prime-contractor shall provide visibility to ESA of all project NCR using the web based NCTS database throughout the industrial organisation.

5.5 Alert System


The Prime-contractor shall participate in the Alert System established by ESA. The Prime Contractor shall ensure that all subordinate suppliers also participate into the ESA Alert System. This requires, as a minimum, that the prime Contractor distributes all ESA Alerts to the lower tier suppliers and that there is an established procedure for collecting and assessing inputs from lower tier suppliers to provide inputs to the ESA Alert System where warranted.

The prime contractor shall maintain a document that identifies for all alerts (including internal Alerts), their applicability to the projects and where applicable, the actions taken to meet the alert recommendations.

5.6 Handling, Storage, Preservation


Detailed requirements for handling, storage and preservation are defined in PSS-01-202.

5.7 Statistical Quality Control and Analysis

This chapter supersedes clause 5.9 of ECSS-Q-20B.

A Statistical Quality Control and Analysis is not required for the Sentinel-2 project.




5.8 Cleanliness and Contamination Control


The Prime Contractor shall identify the hardware and facilities that require specific controls for molecular or particulate contamination. The cleanliness and contamination control standard to be applied shall be ECSS-Q-70-01A.

The Prime Contractor shall write a Cleanliness Requirement Specification (CRS) according to ECSS-Q-70-01A (Annex G) and a Cleanliness and Contamination Control Plan (C&CCP) according to ECSS-Q-70-01A (Annex H). ESA approval shall be required for these documents.

The allowed particulate and molecular contamination levels shall be agreed with the Instrument providers, based on acceptable performance losses.

5.9 Manufacturing, Assembly and integration reports


Pictures shall be taken of the inside and outside of all flight units.

Pictures shall be taken of both sides of all PCBs prior to coating.

All pictures shall be maintained in the PA database and included in the relevant EIDP.

5.10 Test Facilities

This chapter supersedes clause 9.1 of ECSS-Q-20B.

The Prime-contractor shall ensure that test facilities, either internal or external, are ESA certified to ECSS-Q-20-07A.

The Contractor shall ensure that test facilities are suitably qualified to perform the tests to be conducted, and do not cause any degradation to the test article or its interface.

5.11 Test Reports

This chapter is a supplement to clause 9.3.2 of ECSS-Q-20B.

Each test report shall contain a conclusion stating the actual achievement of test objectives and shall identify any specific deficiencies. Test Reports shall include reference to NCR’s relevant for the test subject of the test report.

5.12 End Item Data Package (EIDP)

This chapter is a supplement to clause 10.2.4 of ECSS-Q-20B.

The content of the EIDP is defined in the Sentinel-2 DRD.

5.13 Packaging, Marking and Labelling, Transportation

This chapter is a supplement to clause 10.4.1, 10.4.2 and 10.5.2 of ECSS-Q-20B.




Detailed requirements for packing, marking and labelling and transportation are defined in PSS-01-202.

6. DEPENDABILITY ASSURANCE

The objective of Dependability Assurance (Reliability, Availability and Maintainability) is to ensure a successful mission (achieving the scientific objectives) by optimizing the system within all competing technical and financial constraints.

The Prime-contractor shall develop, maintain and implement a Dependability Programme plan as part of the overall Product Assurance Plan.

The Prime-contractor shall follow the requirements of ECSS-Q-30B, with the modifications defined in this chapter.

6.1 Consequence Severity Categories

This chapter supersedes Clause 7.3.1 of ECSS-Q-30B.

Failure events shall be classified on the basis of the severity of their consequences, according to the following categories.

1S- Catastrophic: � Loss of life or life-threatening injury, � Permanent disabling injury to personnel or occupational illness, � Loss of launcher, Launch site facilities, spacecraft. � Loss of public or private property, � Long-term detrimental environmental effects.

2S - Safety Critical: � Major damage to private or public property, or ground facilities � Temporary disabling but no-life-threatening injury, or temporary

occupational illness � Short term detrimental environment effects

2 - Mission Critical � Loss of mission or unacceptable degradation of mission performance.

3 - Major: � Mission degradation.

4 - Negligible: � Other less minor events

Note: the suffix “S” is used to indicate Safety impacts.

6.2 Failure Tolerance

This chapter supersedes clause 7.3.2 of ECSS-Q-30B.

The failure tolerance requirements are defined in the Sentinel-2 SRD.




Note: Additional failure tolerance requirements may be defined by the Launch Authority or by the applicable safety regulations.

6.3 Reliability Analysis

This chapter supersedes clause 8.2.2, 8.2.3 and 8.2.4 of ECSS-Q-30B.

The following analyses shall be performed:

Failure Modes Effects Analysis (FMEA)

Clause 8.2.2.a of ECSS-Q-30B and Clause 4 of ECSS-Q-30-02A apply.

Common-mode and common cause failure shall be considered. Multiple failures resulting from common cause or common mode failures shall be considered as single failure when determining failure tolerance, and shall be analysed into the FMEA.

Hardware/Software Interaction Analysis

Clause 8.2.2.b of ECSS-Q-30B and Clause 4.10 of ECSS-Q-30-02A apply.

Probabilistic Reliability and Availability Analyses

The Probabilistic reliability and availability requirements are defined in the SRD

The reliability and availability requirements shall be apportioned to set reliability requirements for lower level products.

Reliability and availability prediction techniques shall be used to demonstrate compliance with the requirements and to optimize the design against competing constraints such as cost and mass.

Worst Case Analysis

Clause 8.2.2.h of ECSS-Q-30B and ECSS-Q-30-01B apply. End-of-life parameter drifts are defined in ECSS Q-60-11A.

Part de-rating Analysis

Clause 8.2.2.i of ECSS-Q-30B applies with the following modification: � ECSS Q-60-11A is replaced by ECSS Q-30-11A

Maintainability Analysis

The Prime-contractor shall identify the preventive and corrective maintenance actions for ground operations. Emergency restoration or repair activities necessary to sustain system capabilities crucial to mission success shall be also identified. The Prime-contractor shall identify those items that cannot be checked after integration and that require late servicing, access or replacement, and limited-life items or consumables.

6.4 Failure Propagation

No hardware or software failure shall propagate to a redundant item or functional path. No hardware or software failure of Support Equipments shall cause damage to interfacing Flight Hardware.




6.5 Dependability Testing and Demonstration

This chapter supersedes clause 9 of ECSS-Q-30B.

Dependability Testing and Demonstration is not required for the Sentinel-2 Project.

7. SAFETY

The contractor shall apply ECSS-Q-40B as specified below.

7.1 Safety Programme

The Prime-contractor shall establish a safety program to protect: � ground personnel, � the launch vehicle (including other launcher payloads), � ground support equipment, � public and private properties � the environment from hazards associated with the Sentinel-2

hardware/software and operations.

The safety programme shall ensure compliance to the launch authority safety requirements and the applicable international and national safety regulations (i.e. during manufacturing, integration, testing, handling and transportation).

The Prime-contractor shall identify and plan all activities required to obtain approval from the launch authority.

Accidents and incidents shall be reported and investigated as defined in ECSS-Q-40B clause 4.9. They shall be processed according to the non-conformance control system, and treated as a major non-conformance.

Hazard reduction shall be performed as defined in ECSS-Q-40B clause 5.2.3 using Hazard Analysis as defined in ECSS-Q-40B clause 6.4.2.

7.2 Safety Plan

The Prime-contractor shall show how the Safety Programme is implemented in a dedicated chapter of the Product Assurance Plan. The safety organisation shall comply with ECSS-Q-40B clause 4.2.

7.3 Safety certification

The Prime-contractor shall certify that the flight and ground system products are in compliance with the requirements of the applicable standards as well as any applicable Sentinel-2 specific safety requirements, in accordance with ECSS-Q-40B clause 4.7. In case the verification process is not completed the certification shall include a statement that open verification will be closed in accordance with the established verification tracking log and do not affect further safe processing at third party premises.

The Prime-contractor shall ensure that for testing and general handling of the spacecraft at third party premises the required Ground Support Equipment has a valid calibration/acceptance certification for the planned activities.




7.4 Launcher Safety Submission

The Prime Contractor shall deliver the documentation requested by the launcher authority. The Safety Data Package shall cover the complete Satellite (Spacecraft and Payload), as well as any Ground Support Equipment to be used at the launch site. The content of the Safety Data Package shall be in accordance with launcher authority requirements.

8. EEE COMPONENTS

8.1 General

The objective associated to EEE components is to ensure that the components will satisfy the mission performance requirements during the full life cycle of the product.

The Prime-contractor shall establish and implement throughout the duration of the project an EEE component programme which ensures that the selection, approval, procurement and usage of EEE components used in all flight hardware meet the requirements as defined in ECSS-Q-60A and as modified in the sub-clauses hereunder.

8.2 Components Control Programme

Complementary to the requirements defined in clause 2.3 of ECSS-Q-60A:

The EEE Components Control Plan can be part of the overall Sentinel-2 PA Plan.

The Prime-contractor shall define a policy for the procurement of EEE parts for Sentinel-2 (based on principles of self procurement, centralised procurement via CPPA or combination of both), and shall demonstrate in the Control Plan how this policy will be compliant with the equipment manufacturing schedule..

Long Lead Items may need to be identified before the end of Phase B.

8.3 Declared Components List

In addition to the requirements of ESCC Q-60A, clause 2.4, the Contractor shall be in charge of establishing and updating a consolidated Declared Components List (DCL) at system level.

The DCLs produce in the project shall be provided in a form that is exchangeable, searchable and sort-able and suitable for storage and retrieval.

8.4 EEE Components Selection

This chapter supersedes clause 3.2.8 of ECSS-Q-60A.

Components shall be chosen that satisfy the following requirements:

Components included in recognized QPL’s issued by: � ESCC � US Defence Supply Centre, Columbus (DSCC)- MIL Class S , ER Level R

(exponential), Level C (Weibull)




� Components belonging to QML-V � Components included in NASA NPSL, Level 1 � Components that have been evaluated successfully according ESCC,

ECSS-Q-60A or equivalent requirements and for which a recognized procurement specification is available.

EEE Components shall preferably be selected from the European Preferred Parts List (ECSS-Q-60-01A) Part 1 available at https://escies.org. Alternatively, NASA Parts Selection List (Level 1) shall be used as a baseline for selection.

A justification for the use of non-European components shall be submitted to ESA for approval.

Components shall be selected such that they are not affected by trading barriers (e.g. ITAR regulations). Where this requirement cannot be met, the justification for use of such components shall be supplemented with a risk assessment detailing potential impacts for the project, and identifying back-up solutions.

The selection of components not meeting the above requirements shall be based on knowledge regarding technical performance, qualification status and history of previous use in similar applications. In such cases, the Prime-contractor shall provide a justification for the selection of a specific component type or manufacturer in association with the Parts Approval Document.

The components used for Engineering models shall meet the same functional requirements as the ones used for flight hardware, although they do not have to meet the same quality requirements. It is the responsibility of the developer of the equipment to select components that assure valid results of Engineering models tests.

For Qualification Models the same quality level of components shall be selected as for flight.

8.5 EEE Components Approval

This paragraph supersedes the requirements of clause 3.3 of ECSS-Q-60A.

EEE components used in Sentinel-2 flight hardware require approval by the first-level supplier/sub-contractors/Prime-contractor and ESA prior to usage.

Parts that meet the selection criteria given in paragraph 8.4 are considered as standard components and can be approved via the Declared Components List (DCL). For such components a Part Approval Document (PAD) is only required where the proposed procurement conditions differ from those specified in the lists mentioned in paragraph 8.4 or special evaluations are envisaged. For standard parts, the DCL shall identify the approval status and list the remark “standard EPPL/QPL”, together with the following procurement details:

� Procurement inspections by customer (pre-cap inspection, etc) if any � Single Event Effects Linear Energy Transfer (SEE LET) threshold and/or

total dose sensitivity level (when applicable) � Date code. In case of procurement from stock, date of re-life activities if

applicable.

Specific components (Hybrid Circuits, ASICs, etc…) for which the technology is qualified by Capability Approval (or similarity), but which are newly developed




and for which a Specific Detail Specification is not listed in the EPPL and QPL, shall be covered by an individual PAD.

All components not meeting the selection criteria of paragraph 8.4 are considered as non-standard components, for which the approval requires submittal of a PAD and supporting justification documentation to the first-level supplier/sub-contractors/Prime-contractor and ESA.

8.6 EEE Component De-rating

Clause 3.2.6 of ECSS-Q-60A applies with the following modification:

Reference to ECSS–Q–30–xx is replaced by reference to ECSS–Q–30–11.

8.7 Radiation-Sensitive EEE Components

This chapter complements clause 3.2.4 and supersedes clause 3.4.4 of ECSS-Q-60.

All components used in flight hardware shall be evaluated for the effects of the radiation environment specified for the project.. This evaluation shall include effects in terms of:

• Total Ionising Dose (TID) – including Enhanced Low Dose Rate Sensitivity (ELDRS)

• Single Event Effects (SEU, SEL, SET, SEB, SEGR)

• Displacement damage

and result in a classification of the EEE parts as insensitive or sensitive parts for the project environment.

For Total Ionising Dose (TID), a component is considered insensitive when the components radiation sensitivity is demonstrated by data to be at least a factor of 2 better than the expected dose in the application. Where such demonstration is lacking; where data does not exist or where the data is considered not representative, a sample from the Flight lot shall be subjected to Radiation Verification Testing (RVT). The RVT shall be done to a level of a factor 2 higher than the expected dose in the application. The effects of ELDRS (Enhanced Low Dose Rate Sensitivity) shall be taken into account. RVT testing shall be defined in a Radiation Test Plan to be submitted to ESA for approval.

Regarding SEE, technologies shall be selected, wherever possible, which are inherently insensitive to single event effects and latch-up. For Single Event latch-up (SEL) and Single Event Upset (SEU) sensitivity, components with an assured LETth> 70 MeV/mg cm ² shall be considered as SEL and SEU insensitive.

Components exhibiting a sensitivity between 15 MeV/mg cm² < LETth < 70 MeV/mg cm² shall be subject to the appropriate Heavy Ion SEE rate prediction.

Components with a sensitivity of LETth < 15 MeV/mg cm² shall be subject to the appropriate Heavy Ion and Proton SEE rate prediction.

Parts showing an LETth < 3.7 MeV.mg / cm2 shall not be used.

Depending on the rate prediction results, for sensitive components, SEE countermeasures shall be implemented as required on the application level.




In the case that SEE testing is required for any component, this should be described in the Radiation Test Plan.

Proton test results are not considered conclusive for SEL sensitivity demonstration and must be supported by Heavy Ion test results.

For MOSFET devices, the requirements concerning SEB and SEGR are contained in the derating requirements.

Optocouplers and other optical semiconductors shall be selected on the basis of their hardness against proton radiation, and displacement damage.

The classification of parts as sensitive or insensitive shall be justified by means of submission of a Radiation Analysis report, which shall contain details of the predicted radiation environment and the radiation sensitivity data (including reference to source) for each component.

Radiation sensitive parts shall be classified as non-standard parts regardless of their qualification status and their approval for the project shall be subject to PAD submission. The approval of such PADs will then be dependant on the results from RVT testing or the acceptance of the SEE rate prediction or the proposed countermeasures. Such details are required to be included in the Radiation Analysis report. The PAD’s for such sensitive parts will not be approved until proper justification is demonstrated.

Unless otherwise demonstrated, it shall be assumed that protons and heavy ions can generate transient spikes at the output of linear components and optocouplers that could cause the connecting circuits to respond in an unwanted way (e.g. when the IC output is connected to a “latchable” circuit). It shall be demonstrated that the circuits designs are able to discriminate between a desired condition (for which it has been designed) and the induced transient conditions against which it should be resistant.

8.8 Components in Off-The-Shelf equipment

The Prime-contractor shall review the components used in Off-The-Shelf equipment to verify compliance with the requirements of this document.

8.9 Components from stock

This chapter is a supplement to clause 3.4.5 b of ECSS-Q-60A as follows: � Solderability test on a sample shall be performed � Re-lifeing should be performed on parts with lot date code which indicates

more than 6 years will have elapse from date of manufacture to date of intended installation.

8.10 Specific component requirements

The requirements of this paragraph supersede and replace those of clause 3.5 of ECSS-Q-60A.

8.10.1 Application Specific Integrated Circuits (ASIC)

The design, development, prototyping, manufacturing, testing and validation of ASICs shall meet the requirements of ECSS-Q-60-02A.




All ASICs shall be considered as non-standard parts and therefore controlled via PAD agreement.

8.10.2 Hybrids

The specific requirements detailed in ECSS-Q-60-05A shall apply, covering the evaluation, qualification and procurement of add-on components.

8.10.3 Field programmable Gate Arrays (FPGA)

ASICs shall be preferred over FPGAs to implement all functions critical for the success of the mission, or wherever the FPGA selection and application can not be conducted in accordance with the requirements of this paragraph.

The design, development, prototyping, manufacturing, testing and validation of FPGAs shall meet the requirements of ECSS-Q-60-02A.

All FPGAs shall be considered as non-standard parts and therefore controlled via PAD agreement. The PAD shall allow traceability to the information related to the procurement of blank parts, the programming and the acceptance of the programmed parts.

Dynamic post–programming burn-in activities at component level shall be required for FPGA according with chart III of ESCC Generic Specification No 9000.

A generic programming specification shall cover the following aspects: � Method of calibration, i.e. verify that the programmer equipment passes

all the diagnostic checks. � Verification of status of the program of the programming equipment. � Method of configuration, i.e. by using data from computer mass memory

and use of reference devices. � Method of identification of each program configuration, i.e. the part

number to be assigned to each device. � Use of Manufacturer’s 100 % serialization to maintain traceability. � Programming procedure, i.e. current/voltage waveform to be applied.

Only 1 programming cycle is allowed. � Method of verification of the contents of the programmed device. � Corrective actions in case of a programming failure. An analysis shall be

carried out if the number of failures for each lot/date code that are programmed relying on the same programmer calibration exceeds 15 %.

� Electrical measurements, in accordance with the part specification (read and record optional).

� Burn-in test with the configuration for burn-in in accordance with the component procurement specification.

� Electrical verification of correct programming and electrical measurements pre- and post-burn-in.

� The maximum PDA shall be 5 % for each lot/date code. If the PDA is higher than 5% the lot shall be rejected and submitted to Material Review Board disposition.




The FPGAs used in Engineering models shall be guaranteed to be fit, form and function representative of the parts intended for Flight, and shall be procured from the same manufacturer with guarantee to contain the same chips as the parts intended for Flight

8.10.4 Monolithic Microwave Integrated Circuit (MMIC)

MMICs shall be considered non-standard parts. The procurement of MMICs shall be governed by ESCC 9010. The design, development, manufacturing and testing of custom MMICs shall in accordance with ECSSQ-60-12A and agreed via PAD sheet 2 (refer to ECSS-Q60A) prior to commencing the said activities.

8.10.5 Electro-optical devices

For components not covered by a generic specification the Prime-contractor shall propose specifications and procedures which shall be coherent with the general quality/reliability and control requirements of the project. They shall be made available for review and approval by the first-level supplier/sub-contractors/Prime-contractor and ESA via the submission of a PAD.

8.10.6 Electro-magnetic devices

The specific requirements detailed in MIL-STD-981 shall apply, covering design, manufacturing and quality control of custom-made electromagnetic devices such as coils and transformers.

9. MATERIALS, PROCESSES, AND MECHANICAL PARTS

ECSS-Q-70B shall be applicable with the following modifications:

9.1 Technical Requirements For Selection of Materials and Mechanical Parts

The chapter supersedes clause 3.1.1 of ECSS -Q-70B.

ECSS-Q-70-71A Rev. 1 shall be used for the selection of materials with a previous history of space use. Specific material data present in the informative annexes may be used for information. Equivalent standards from MIL system or NASA may also be accepted providing ESA approval is obtained.

Materials and Mechanical Parts shall be selected such that they are not affected by trading barriers (e.g. ITAR regulations). Where this requirement cannot be met, the justification for use of such Materials and Mechanical Parts shall be supplemented with a risk assessment detailing potential impacts for the project, and identifying back-up solutions.

9.1.1 Vacuum

The acceptance criteria for materials used in space application shall be generally as follows:

� Residual Mass Loss (RML) < 1.00 % � Collected Volatile Condensable Material < 0.10 %




When relevant out-gassing data are not available (e.g. obsolete if test conducted more than 10 years ago, or unacceptable because missing information such as report reference or insufficient materials/processes description), out-gassing test shall be carried out as per ECSS-Q-70-02A or ASTM E 595-90.

9.1.2 Forbidden Materials

The use of pure tin, mercury, cadmium, zinc, beryllium, beryllium oxide radioactive materials and PVC is prohibited. This applies also to any support equipment used in a vacuum chamber.

9.1.3 Thermal Cycling

Materials (incl. non-flight hardware) subject to thermal cycling shall be assessed to ensure their capability to withstand the induced thermal stresses.

9.1.4 Electrochemical Compatibility

When bimetallic contacts are used, the choice of the pair of metallic materials used shall take into account ECSS-Q-70-71A Rev. 1 (paragraph 5.2.14) or MSFC-SPEC-2 50 (Protective finishes for space vehicle structure and associated flight equipment general specification for) data. Maximum allowed couple is 0.5 V in controlled and 0.25 V in uncontrolled environments (no temperature or humidity controls).

9.1.5 Corrosion

Aluminium surfaces shall be treated for corrosion protection with a chemical conversion coating if necessary. Mechanical parts made of stainless steel shall be “passivated”. Mechanical parts made of Titanium alloys shall be anodised.

9.1.6 Stress Corrosion

Metallic materials used in structural applications shall have a high resistance to Stress Corrosion Cracking (SCC) and shall be chosen from Table 1 of ECSS-Q-70-36A. Metallic materials and welds that are not listed in ECSS-Q-70-36A or whose SCC resistance is unknown shall be tested and categorised according to the requirements of ECSS-Q-70-37A.

9.1.7 Fluid Compatibility

Materials that will be in contact with an identified fluid shall be compatible with that fluid. If compatibility data are not available, then testing shall be performed according NASA-STD-6001.

9.1.8 Solar Radiation

Materials shall comply with PSS-01-706 for Solar radiation for particle radiation.




9.1.9 Allowable Stress

Allowable stresses for materials shall be derived from DOT/FAA/AR-MMPDS-01. Other sources shall be subject to ESA approval. Composite structure allowable stresses shall conservatively allow for degradation due to moisture, temperature and process variables. The material justification shall prove hardware structural integrity during storage and on-orbit lifetime.

9.1.10 Limited Life Time

Materials with limited-life characteristics shall be subject to lot/ batch acceptance tests, when required by ESA, and shall have their date of manufacture and shelf-life expiration date marked on each lot/ batch.

9.1.11 Atomic Oxygen

The effects of atomic oxygen in the outer surfaces shall be assessed on the basis of the orbit parameters, mission duration and launch date.

9.1.12 Magnetic Materials

The use of materials or mechanical parts that react in a magnetic field shall be minimised. In the event that such materials or mechanical parts are used, additional testing and verification activities shall be performed to ascertain the magnetic cleanliness of the Sentinel-2 spacecraft.

9.1.13 Printed Circuit Boards

Printed circuit board shall be procured from ESA qualified printed circuit board manufacturers and in accordance with ECSS-Q-70-11A.

9.2 Processes


The Prime-Contractor shall maximise the use of existing ESA specifications. The following specifications shall be applicable:

� ECSS-Q-70-08A for soldering � ECSS-Q-70-18A for coaxial cable assembly � ECSS-Q-70-26A for crimping � ECSS-Q-70-28A for repair and modification of PCB’s � PSS-01-738 for surface-mounting technology assembly

Equivalent standards from MIL system or NASA may also be accepted pending compliance review.

Critical processes shall be identified by the Prime-contractor and reported to ESA through a Declared Critical Process List (DCPL) or as a part of the DPL. Any process that involves critical or catastrophic hazards shall be identified as critical.




9.3 Material/Mechanical Parts and Process Lists

The Prime-contractor’s Materials and Processes Manager shall review all sub-contractors lists and produce a fully consolidated:

� Declared Material List (DML) � Declared Mechanical Part List (DMPL) � Declared Process List (DPL)

A breakdown of such lists and suitable examples are given in ECSS-Q-70B.

The Prime-contractor shall determine and decide upon the acceptability of each line item on the DML, DMPL and DPL prior to delivering each list to ESA for final approval.

In addition to the required paper copies, the DML/DMPL/DPL shall be provided in a form that is exchangeable, searchable and sort-able and suitable for storage and retrieval.

10. CONFIGURATION MANAGEMENT

The Prime-contractor shall establish and implement a system for configuration identification, configuration control, configuration status accounting, and configuration verification, which shall be in effect throughout the complete project life cycle.

This system shall also manage interfaces to the Customer Furnished Instruments.

The requirements of ECSS-M-40B (Configuration Management) shall be applicable.

11. SOFTWARE PRODUCT ASSURANCE

The Prime-contractor shall develop software standards in conformance with the ECSS-Q-80B and ECSS-E-40B requirements.

The ECSS-Q-80B shall apply with the following modifications: � ECSS-Q-80B, through out the document: Delete the references to ECSS-

Q-80-02, ECSS-Q-80-03 and ECSS-Q-80-04. � ECSS-Q-80B, clause 5.4.1: A separate software PA plan is not required.

The Prime-contractor may include the Software PA planning in the overall PA plan.

� Sub-clause 6.2.6.13, ISVV: Replace “Highly critical software” with ”mission or safety critical software”.

� Sub-clause 6.3.4.29, ISVV: Replace “Highly critical software” by “mission or safety critical software”.

12. OFF-THE-SHELF SPACE EQUIPMENT

An "Off the Shelf" item is an item originally developed for a different project (though possibly with a common or generic application) which has been selected for reuse in the current project.




The Contractor who decides to use an OTS item shall demonstrate its full suitability with the Sentinel-2 requirements, both on technical and PA aspects. The Prime Contractor shall submit an Off-the-Shelf Item List.

The Prime Contractor shall establish an OTS Item Suitability File for each selected OTS item. This OTS Item Suitability File shall contain at least:

� Sentinel-2 Technical Specification identifying the Sentinel-2 requirements, � Justification File clearly identifying any non compliance between the

Sentinel-2 requirements and the actual characteristics/performances of the item,

� Delta Activities Program describing all necessary tasks to be performed to verify the fulfilment of the Sentinel-2 requirements, if any,

� OTS Item Suitability Report presenting the results of the Delta Activities and demonstrating the full suitability of the OTS Item.

For each OTS Item, a dedicated OTS Item Suitability Review shall be held. This OTS Item Suitability Review shall take place not later than the PDR of the Upper Subassembly Level.

The Delta Activities Program shall be completed not later than the CDR of the upper Subassembly Level.