Upload
nguyentuyen
View
216
Download
0
Embed Size (px)
Citation preview
MTG Satellites B2/C/D ITT Volume 2 – Part 8 – Attachment 2.61
Proposal n° TASF-09-OOS/COI-8991343 Appendix 1WW : 10119A All rights reserved, 2009, Thales Alenia Space
VOLUME 2 : TECHNICAL PROPOSAL
PART 8 : VOLUME 2 ATTACHMENTS
Attachment 2.61 PA-2 - Subcontractor and Supplier PA Requirements Document
Appendix 1 to Attachment 2.61 : PA-2 AD77 Standard Instruction and Data Base for Dependability Analysis
MTG Satellites B2/C/D ITT
Proposal n° TASF-09-OOS/COI-8991343 WW : 10119A All rights reserved, 2009, Thales Alenia Space
Page left blank intentionally
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 1/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
MTG
STANDARD INSTRUCTION AND DATA BASE FOR DEPENDABILITY ANALYSIS
Approval evidence is kept within the documentation management system.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 2/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
CHANGE RECORDS
ISSUE DATE § CHANGE RECORDS AUTHOR
01 30/07/09 Initial issue for MTG based on Standard
Instruction Data Base for Dependability analysis Doc. 100141982F-EN issue 02.
D. DEMARQUILLY
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 3/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
TABLE OF CONTENTS
1. SCOPE .........................................................................................................................6
2. RELATED DOCUMENTS.............................................................................................6
2.1 APPLICABLE DOCUMENTS .....................................................................................................6
2.2 REFERENCE AND GUIDELINE DOCUMENTS.........................................................................7
3. DEPENDABILITY ANALYSIS......................................................................................7
3.1 GENERAL ...................................................................................................................................7
3.2 TASK APPLICABILITY MATRIX................................................................................................9
4. FAILURE MODES EFFECTS ANALYSIS (FMEA)....................................................11
4.1 GENERAL .................................................................................................................................11
4.2 FMECA APPROACH ................................................................................................................12
c. Functional block .......................................................................................................14
4.3 SEVERITY CATEGORIES ........................................................................................................16
4.4 DEFINITION OF SINGLE POINT FAILURE (SPF) AND INPUTS FOR CRITICAL ITEMS LIST (CIL)..................................................................................................................................17
4.5 FMEA REPORT.........................................................................................................................18
4.6 PRODUCT DESIGN FMEA.......................................................................................................18
5. PARTS DERATING AND STRESS ANALYSIS ........................................................19
5.1 GENERAL .................................................................................................................................19
5.2 PARTS DERATING ANALYSIS OF ELECTRONIC EQUIPMENT ..........................................20
5.3 STRESS ANALYSIS OF STRUCTURAL ELEMENTS AND MECHANISMS..........................21
5.4 PRESENTATION OF PARTS APPLICATION REVIEW ..........................................................21
5.5 DERATING REQUIREMENTS..................................................................................................22
6. WORST-CASE ANALYSIS (WCA) ............................................................................25
6.1 GENERAL .................................................................................................................................25
6.2 ANALYSIS METHOD................................................................................................................26
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 4/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
6.3 PRESENTATION OF WCA DOCUMENTATION......................................................................27
6.4 WORST CASE ANALYSIS (WCA) AND PART PARAMETER DEGRADATION ...................28
6.5 PARAMETRIC CHANGE DUE TO AGING...............................................................................28
7. RELIABILITY ASSESSMENT....................................................................................28
7.1 GENERAL .................................................................................................................................28
7.2 RELIABILITY ASSESSMENT...................................................................................................30 7.2.1 Asumptions .......................................................................................................................30 7.2.2 Mission time......................................................................................................................30
7.3 RELIABILITY ASSESSMENT DOCUMENTATION .................................................................30 7.3.1 Reliability Assessment models .........................................................................................31 7.3.2 Functional block diagrams ................................................................................................31 7.3.3 Reliability block diagrams .................................................................................................32 7.3.4 Reliability calculations.......................................................................................................32 7.3.5 Documentation of failure rates from stress data (unit level) .............................................32 7.3.6 Documentation identification.............................................................................................33
7.4 FAILURE RATES ASSESSMENT............................................................................................33 7.4.1 program failure rates.........................................................................................................33 7.4.2 Failure rate thermal and electrical stress derating............................................................34 7.4.3 Special failure rate models ...............................................................................................35 7.4.4 Failure rate adjustment factors - non operating factor......................................................37 7.4.5 Quality factor adjustments ................................................................................................38 7.4.6 Failure rate computation from test data............................................................................39
7.5 MATHEMATICAL MODELING .................................................................................................39 7.5.1 Exponential model ............................................................................................................39 7.5.2 Single shot model .............................................................................................................40 7.5.3 Mechanical items model ...................................................................................................42 7.5.4 Early life and wearout models...........................................................................................48 7.5.5 MTTF and MMD calculations............................................................................................48
8. AVAILABILITY AND OUTAGE ANALYSIS...............................................................48
8.1 AVAILABILITY ANALYSIS.......................................................................................................48 8.1.1 General .............................................................................................................................48 8.1.2 Method ..............................................................................................................................49 8.1.3 Outputs .............................................................................................................................49
8.2 OUTAGE ANALYSIS (DATA COLLECTION) ..........................................................................50
8.3 INFORMATION AND DATA TO BE PROVIDED .....................................................................50
ANNEX 1 - COMPONENTS FAILURE MODES ....................................................................51
ANNEX 2 - FAILURE MODE DISTRIBUTION TABLES TO BE USED FOR FMEA.............54
ANNEX 3 - AGING TABLES TO BE USED FOR WCA ........................................................59
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 5/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
ANNEX 4 - FIXED FAILURE RATES ITEMS ........................................................................68
LIST OF TABLES TABLE 3.2 TASKS APPLICABILITY MATRIX FOR DEPENDABILITY ANALYSIS..............10 TABLE 4.1 SEVERITY CATEGORIES..................................................................................16 TABLE 7.1 STRESS/OPERATING FAILURE RATE MULTIPLIERS ....................................38 TABLE 7.2 QUALITY LEVEL EQUIVALENCE......................................................................38 TABLE 7.3 : χ² DISTRIBUTION (60 % CONFIDENCE) ........................................................39 TABLE 7.4 SINGLE SHOT RELIABILITY (60 % CONFIDENCE) .........................................42 TABLE 7.5 USUAL DISPERSION FOR MATERIAL STRENGTH ........................................47 TABLE 7.6 USUAL DISPERSION FOR APPLIED LOADS...................................................47 TABLE A3.1 CAPACITOR AGING DEGRADATION FOR 10 YEARS & 18 YEARS ............60 TABLE A3.2 RESISTOR AGING DEGRADATION FOR 10 YEARS & 18 YEARS...............61 TABLE A3.3 DIODE AGING DEGRADATION FOR 10 YEARS & 18 YEARS (1/2) .............62 TABLE A3.3 DIODE AGING DEGRADATION FOR 10 YEARS & 18 YEARS (2/2) .............63 TABLE A3.4 IC AGING DEGRADATION FOR 10 YEARS & 18 YEARS (1/2) .....................65 TABLE A3.4 IC AGING DEGRADATION FOR 10 YEARS & 18 YEARS (2/2) .....................66 TABLE A3.5 TRANSISTOR AGING DEGRADATION FOR 10 YEARS & 18 YEARS ..........67 TABLE A4 FIXED FAILURE RATE ITEMS (1/3)...................................................................68 TABLE A4 FIXED FAILURE RATE ITEMS (2/3)...................................................................69 TABLE A4 FIXED FAILURE RATE ITEMS (3/3)...................................................................70
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 6/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
ACRONYMS CDR Critical Design Review, CIDL Configuration Item Data List, CMD CoMmanD, EEE Electrical, Electronic and Electromechanical, FDIR Failure Detection Isolation and Recovery, FIT Failure In Time, FMECA Failure Mode Effects and Criticality Analysis, GO Geostationary Orbit, HYB HYBrid, IC Integrated Circuit, IOT In Orbit Test, LEOP Launch Early Orbit Phase, MIP Mandatory Inspection Point, MMD Mean Mission Duration, MTTF Mean Time To Failure, PCB Printed Circuit Board, PTH Plated Through Hole, RF Radio Frequency, RFD Request For Deviation, SEP Single Event Phenomena SEU Single Event Upset, SOW Statement Of Work, SPF Single Point Failure, TWT Travelling Wave Tube, WCA Worst Case Analysis, WG WaveGuide
1. SCOPE The Company Dependability program is shared in two applicable documents :
• MTG TAS SA RS 0309 "Product Assurance Requirements for Sub-Contractors and Suppliers " with a chapter dedicated to the Dependability based on the tailoring of ECSS Q 30 C, which defines and describes the dependability requirements to be considered and the corresponding analysis and activities to be conducted.
• MTG TAS SA RS 0318 "Standard Instruction and data base for dependability analysis" i.e the present document, which provides all necessary data and rules to conduct dependability analysis.
2. RELATED DOCUMENTS The documents listed below are applicable to the extent specified herein or will be used as a reference.
2.1 APPLICABLE DOCUMENTS AD1 : MTG TAS SA RS 0309 : PA Requirements for sub-contractors and suppliers (chapter dedicated to dependability). AD2 : REF-ASPI-AQ-21-E General Product Assurance Requirements AD3 : MIL-HDBK-217 F + N2 Reliability prediction of electronic equipment
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 7/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
AD4 : MIL-HDBK-217 E + N1 (for hybrids only) Reliability prediction of electronic equipment AD5 : ECSS-Q-HB-30-01 Worst case analysis AD6 : ECSS-Q-ST-30-08 Components reliability data sources AD7 : ECSS-Q-ST-30-09 Availability analysis AD8 : ECSS-Q-ST-30-11 Derating rules for EEE parts AD9 : ECSS-Q-ST-30-02 Failure modes, effects and criticality analysis (FMEA)
2.2 REFERENCE AND GUIDELINE DOCUMENTS RD1 : UTEC 80810 (RDF 2000- “Recueil de Données de Fiabilité”) dated July 2000
3. DEPENDABILITY ANALYSIS
3.1 GENERAL
Reference STD-DEP2-REQ-001
A program shall be established and maintained to ensure fulfillment of the Dependability requirements and design life requirements of the spacecraft and its equipment.
Reference STD-DEP2-REQ-002
The Dependability program shall be planned, implemented, and integrated in conjunction with other product assurance functions and with design, development, and production functions.
Reference STD-DEP2-REQ-003
The organization and individuals responsible for the implementation of the Dependability program and the relation to the other groups shall be identified in the product assurance plan.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 8/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
Reference STD-DEP2-REQ-004
The Dependability program activities shall include but not be limited to : • Failure Modes Effects Analysis (FMEA), with identification of Single point Failure
(SPF), • Product Design FMEA (For equipment which include internal redundancy), • Parts Derating and Stress Analysis (Parts Application Review), • Worst-case analysis, • Reliability assessment, • Availability assessment and outage analysis (data collection).
Reference STD-DEP2-REQ-005
All Dependability activities shall be carried out in parallel with the design process in close co-operation with design engineers.
Reference STD-DEP2-REQ-006
When issuing a document at a given level, the references (title, issue, date) of analysis coming from lower level shall be clearly identified, as well as the analyzed design (description, reference to drawings and/or to C.I.D.L.).
REF
EREN
CE
: D
ATE
:
MTG
-TA
F-S
A-R
S-0
318
30/
07/0
9
IS
SUE
:
01
Page
: 9/
71
A
ll rig
hts
rese
rved
, 200
9, T
hale
s A
leni
a Sp
ace
3.2
TASK
APP
LIC
AB
ILIT
Y M
ATR
IX
The
AD
1 as
wel
l as
the
pres
ent
docu
men
t ap
ply
to d
iffer
ent
type
s of
pro
duct
s (s
pace
craf
t w
ith t
elec
om o
r sc
ient
ific
payl
oad,
GS
E,
Gro
und
stat
ion)
, diff
eren
t lev
els
(sys
tem
, sub
syst
em, f
unct
iona
l cha
nnel
s, u
nits
) and
diff
eren
t pha
ses
with
in th
e pr
ojec
ts (p
relim
inar
y up
to o
pera
tiona
l).
Ref
eren
ce
STD
-DEP
2-R
EQ-0
07
Diff
eren
t act
iviti
es a
re th
eref
ore
sele
cted
or n
ot ,
depe
ndin
g on
the
a.m
crit
eria
and
als
o in
ord
er to
con
side
r spe
cific
requ
irem
ents
. The
follo
win
g “T
ask
App
licab
ility
Mat
rix”
shal
l be
used
to id
entif
y w
hich
ana
lysi
s w
ill b
e pe
rform
ed v
s ty
pe o
f pro
duct
s, le
vel a
nd p
hase
s.
L
E V
E L
A
naly
sis
Sate
llite
pa
yloa
d /
Func
tiona
l ch
anne
ls
/ su
bsys
tem
s
On
boar
d eq
uipm
ent
EGSE
G
roun
d co
ntro
l st
atio
n so
ftwar
e
relia
bilit
y as
sess
men
t P
DR
:
gene
rally
lim
ited
to
a bu
dget
C
DR
: d
etai
led
and
cons
olid
ated
PD
R a
nd C
DR
(1)
PD
R a
nd C
DR
N
/A
N/A
N
/A
FME
A
PD
R
: ge
nera
lly
limite
d to
lis
t of
id
entif
ied
criti
cal
item
s an
d S
PFs
C
DR
: d
etai
led
and
cons
olid
ated
PD
R a
nd C
DR
(1)
PD
R
and
CD
R
Prod
uct
Des
ign
Fmea
nee
ds a
re t
o be
cov
ered
in
case
of
in
tern
al
redu
ndan
cy (
5)
N/A
N
/A
N/A
parts
stre
ss a
naly
sis
N/A
N
/A
PD
R a
nd C
DR
N
/A
N/A
N
/A
wor
st c
ase
anal
ysis
N
/A
N/A
P
DR
and
CD
R
N/A
N
/A
N/A
qu
alita
tive
failu
re
anal
ysis
at I
/F le
vel
(4)
N/A
N/A
N/A
the
tool
to b
e us
ed
(Fm
ea, f
eare
d ev
ent
anal
ysis
, FTA
or
othe
rs) i
s se
lect
ed in
or
der t
o be
the
mor
e co
nven
ient
w.r.
t the
co
ntex
t
N/A
N
/A
REF
EREN
CE
: D
ATE
:
MTG
-TA
F-S
A-R
S-0
318
30/
07/0
9
IS
SUE
:
01
Page
: 10
/71
A
ll rig
hts
rese
rved
, 200
9, T
hale
s A
leni
a Sp
ace
L
E V
E L
av
aila
bilit
y an
alys
is
PD
R :
gene
rally
lim
ited
to
met
hodo
logy
CD
R :
deta
iled
and
cons
olid
ated
(2)
Out
age
data
(7)
Out
age
data
(7)
N/A
PD
R :
gene
rally
lim
ited
to
met
hodo
logy
CD
R :
deta
iled
and
cons
olid
ated
(3)
N/A
HS
IA
see
SW c
olum
n N
/A
N/A
N
/A
N/A
(6
)
Tabl
e 3.
2 T
asks
app
licab
ility
mat
rix fo
r dep
enda
bilit
y an
alys
is
(1) :
fo
r sub
syst
ems
or fu
nctio
nal c
hann
els,
ana
lysi
s m
ay b
e in
clud
ed in
spa
cecr
aft o
ne, i
n ac
cord
ance
with
the
SO
W.
(2) :
in
cas
e it
is p
erfo
rmed
, be
caus
e of
qua
ntita
tive
requ
irem
ent,
S/C
ava
ilabi
lity
anal
ysis
may
be
incl
uded
in
relia
bilit
y as
sess
men
t rep
ort.
(3) :
co
nduc
ted
in c
ase
of n
eed
to c
onso
lidat
e th
e m
aint
enan
ce p
lan.
. (4
) :
deci
sion
to p
erfo
rm o
r not
suc
h an
alys
is fo
r a g
iven
EG
SE
is d
riven
by
the
outc
ome
of ri
sk a
naly
sis.
Ana
lysi
s is
gen
eral
ly m
ade
avai
labl
e fo
r inf
orm
atio
n bu
t not
del
iver
able
. (5
) :
this
com
plem
enta
ry e
xerc
ise
can
be s
ubje
ct to
a s
peci
fic d
ocum
ent o
r inc
lude
d in
the
Fmea
, (6
) :
this
ana
lysi
s, w
hich
con
cern
s S
W w
ith C
atas
troph
ic o
r Crit
ical
cat
egor
y, c
an b
e su
bjec
t to
a sp
ecifi
c do
cum
ent o
r in
clud
ed
in th
e Fm
ea,
pr
ovid
ing
the
need
as
indi
cate
d in
EC
SS
Q 8
0 is
cov
ered
. It
is c
ondu
cted
at
spac
ecra
ft le
vel w
ith in
puts
fro
m in
volv
ed
subs
yste
ms.
(7
) :
outa
ge d
ata
may
be
incl
uded
in F
mea
or r
elia
bilit
y as
sess
men
t
Ref
eren
ce
STD
-DEP
2-R
EQ-0
08
It sh
all b
e id
entif
ied
for e
ach
equi
pmen
t/uni
t con
cern
ed b
y su
ch a
naly
sis
the
refe
renc
e of
the
docu
men
t (w
ith is
sue
and
date
), th
e ap
plic
abili
ty to
th
e de
sign
of t
he p
rogr
am, t
he c
ompl
eten
ess
of th
e st
udy,
and
the
mai
n ou
tcom
e (e
.g. :
non
com
plia
nce
to d
erat
ing
requ
irem
ent i
f any
, and
re
fere
nce
to is
sued
RFD
).
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 11/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
4. FAILURE MODES EFFECTS ANALYSIS (FMEA)
4.1 GENERAL
Reference STD-DEP2-REQ-009
To ensure that potential failures in the hardware are recognized early, FMEAs of system, subsystems and equipment shall be performed. FMEAs shall be prepared for electronic, mechanical, electromechanical, and pyrotechnic assemblies, and this according to AD9.
Reference STD-DEP2-REQ-010
FMEAs shall consider software implications to ensure that designs react acceptably to hardware failures and that the proper compensatory measures are implemented.
Reference STD-DEP2-REQ-011
The spacecraft mission phases, environmental constraints, and hardware operating modes shall be considered in the analyses.
Reference STD-DEP2-REQ-012
Single failure effects shall be analyzed to determine the need for design change or other action.
Reference STD-DEP2-REQ-013
The FMEAs shall be performed to the circuit functional level or subassembly level (mechanical items) with emphasis on interface failure effects (part level FMEA), propagation of failure effects to redundant, cross-strapped, or interfacing assemblies, and identification of single-point failure effects and failure tolerant features.
This approach shall allow identification of all possible effects resulting from failure of any single part.
Reference STD-DEP2-REQ-014
FMEAs shall also provide basic information for use in developing tests and troubleshooting equipment failures, to aid in the preparation of other reliability analysis, and as input for the outage analysis and system contingency analysis (this last analysis is regarded as engineering activity).
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 12/71
All rights reserved, 2009, Thales Alenia Space 100181547K-EN-1
Reference STD-DEP2-REQ-015
For EGSE, if selected on view of outcome of risk analysis, a qualitative failure analysis shall be conducted with the aim as identifying the risk of failure propagation to the flight HW. In such case the most appropriate tool shall be selected for this purpose. It may be an FMEA (limited to I/F), or an analysis based on feared events or a Fault Tree Analysis.
4.2 FMECA APPROACH
Reference STD-DEP2-REQ-016
The FMEA's shall be generated from the outset of the design and updated throughout the design phases.
Reference STD-DEP2-REQ-017
All heritage hardware FMEA's shall be reviewed to ensure that the applicable failure modes and effects for spacecraft hardware items are addressed, shall be updated as necessary, and severity classifications shall be assigned in accordance with program usage and missions.
Reference STD-DEP2-REQ-018
Severity classifications shall be assigned to rank lower level effects and establish their resulting influence on spacecraft operation.
Reference STD-DEP2-REQ-019
FMEA shall be implemented to: • Document the interfacing failure modes of functional blocks of spacecraft hardware
and the resulting failure effects on spacecraft assemblies, subsystems, and the spacecraft systems,
• Identify single point failure modes and measures used to mitigate their failure effects or reduce their probability of occurrence,
• Identify critical failure effects for concentration of efforts in the areas of quality, inspection, manufacturing controls, design review, configuration control, and traceability,
• Determine the need for more reliable designs; change in designs affecting parts, materials, or processes; adequacy for failure tolerant design features; possibilities for design simplification; and/or implementation of redundancy and cross-strapping.
Example of a suitable FMEA format (unit, subsystem) is shown in Figure 4.2.
REF
EREN
CE
: D
ATE
:
MTG
-TA
F-S
A-R
S-0
318
30/
07/0
9
IS
SUE
:
01
Page
: 13
/71
A
ll rig
hts
rese
rved
, 200
9, T
hale
s A
leni
a Sp
ace
Item
(a
) S
ub-
asse
mbl
y (b
)
Func
tiona
l bl
ock
(c)
Func
tion
(d)
Failu
re
mod
e (e
)
Effe
ct
on
sub-
asse
mbl
y (f)
Effe
ct
on
equi
pmen
t (g
)
Obs
erva
ble
sym
ptom
s (h
)
Com
pens
atio
n (i)
R
emar
ks
(j)
Sev
erity
(k
)
1
2
3
4
5
6
7
8
Figu
re 4
.2 E
xam
ple
of F
MEA
For
m
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 14/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-020
The hereafter subclauses a to k shall be provided in the FMEA form .
a. Item - sequential number for each step of the analysis. b. Sub-assembly c. Functional block d. Function - short description of the function of the block under consideration. e. Failure mode - identification of the assumed failure mode of the item under
consideration. Some of the possible failure modes that are normally considered are :
• for mechanical parts : jamming or friction to other parts, fractures, leakage. • for electrical parts : short circuit, open circuit, • for functional electronic assemblies : short and open circuit on all inputs and outputs,
premature and late operation,
Reference STD-DEP2-REQ-021
The Annex 1 indicates the list of failure modes which shall be considered in such analysis. In case additional failure modes are considered as relevant for a given application, or if some of the failure modes are considered as not applicable, this will be submitted to the Company approval before application.
Reference STD-DEP2-REQ-022
The Annex 2 provides the failure mode distribution tables to be used for Fmea. In case different distribution is intended to be used in the analysis, this shall be submitted to the Company approval before application.
f,g. Effects on subassembly, equipment and system - short description of the effects of the assumed failure on the performance of the equipment, subsystem or system, depending on the level of the analysis. The effects on the interfaces of the analyzed item toward the next higher assembly level should be described so as to provide a useful input for the next higher assembly level FMEA.
Reference STD-DEP2-REQ-023
In case a hardware failure can entail a software action, effects shall be presented in the two following cases : software disabled and software enabled.
Reference STD-DEP2-REQ-024
Effects shall be differentiated according to modes and mission phases wherever relevant.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 15/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-025
Effects of radiations (e.g heavy ions ,SEP) shall be indicated.
Reference STD-DEP2-REQ-026
It shall be indicated if the failures present a risk of propagation to redundancies or protections by thermal, mechanical, chemical, ... effects.
Reference STD-DEP2-REQ-027
h. Observable symptoms - e.g. the expected indication if the failure occurs during ground test, or if it is observed in flight (including telemetry channel designation) shall be listed.
Reference STD-DEP2-REQ-028
Parameters triggering the software actions shall be identified.
i. Compensating provisions - state the methods to compensate for a particular failure
mode and its effects including recovery actions performed by software. Wherever relevant, indicate which provision prevents failure propagation to redundancies/protections.
Reference STD-DEP2-REQ-029
j. Recommendations and remarks - this column shall be used to make recommendations and/or remarks to prevent particular failure modes or minimize their effects. Each recommendation should be numbered and evidence should be provided for it's follow up.
k. Severity - number categorizing the severity of the failure effect according to Table 4.1 On project request (additional activity), information of untestable failure modes during
acceptance tests can be given.
Reference STD-DEP2-REQ-030
The FMEA activity shall be carried out in a systematic way to ensure that all spacecraft items and their interfaces are adequately addressed. Lower level FMEAs shall be used as input in a build-up process to generate the subsystems and spacecraft higher level FMEAs.
Reference STD-DEP2-REQ-031
Each FMEA shall be clearly documented and provide : • A description of the functional elements of the hardware being reviewed along with
the applicable interfaces, redundancy features, and implementation and operational features
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 16/71
All rights reserved, 2009, Thales Alenia Space
• Sufficient description of the function and technical parameters of the hardware being analyzed for an adequate understanding of its role in the spacecraft operation
• Definitions of any applicable mission or mission phase, environmental considerations, modes of operation, and related software implications
Reference STD-DEP2-REQ-032
A list of all the items to be included in the CIL shall be attached to the FMEA, with probability of occurrence.
Reference STD-DEP2-REQ-033
The results of the FMEAs shall be used as input to the design reviews and for implementing corrective actions or to generate operational planning.
Reference STD-DEP2-REQ-034
FMEA shall be used as input to the system Contingency Analysis.
4.3 SEVERITY CATEGORIES
Reference STD-DEP2-REQ-035
A severity level shall be assigned to each assumed failure mode according to its effect ; if not otherwise specified in the program the criticality levels shall be in accordance with Table 4.1
It is defined without considering possible redundancy to compensate the effects of initial failure.
A suffix "R" shall be added to the criticality category number if redundancy is provided.
A suffix "S" shall be added to the criticality category number for a single-point failure (no redundancy or back up implemented).
A suffix "H" shall be added to the criticality category number in case of hazard risk. NAME SEVERITY CATEGORIES DEFINITION (ALL LEVELS) CATASTROPHIC 1 Risk of propagation to upper level CRITICAL 2 Assumed failure mode results in
complete loss of mission or functionality
MAJOR 3 Assumed failure mode results in major degradation of mission or functionality
MINOR OR NEGLIGIBLE 4 Assumed failure mode results in minor or negligible degradation mission or functionality
Table 4.1 Severity Categories
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 17/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-036
The severity category for a particular failure mode shall be determined by the most severe effect of the failure considered (worst case).
The “Mission” or “functionality” is to be understood as the one of the perimeter under consideration in the analysis.
Reference STD-DEP2-REQ-037
The criteria for mission success, as well as those associated to the definition of “major degradation” and “minor or negligible degradation” shall be established by the upper level, and in a way to avoid confusion. In principle, “major degradation of the mission” is associated to situation where the mission is not completely fulfilled. Those situations where the degradation could be considered as “minor” shall be identified to be able to share without ambiguity the failure cases among criticalities 3 and 4.
4.4 DEFINITION OF SINGLE POINT FAILURE (SPF) AND INPUTS FOR CRITICAL ITEMS LIST (CIL)
A Single Point Failure (SPF) is an item for which no redundancy or back up is implemented in the design. Such item is identified with a suffix “S” in the Fmea.
Reference STD-DEP2-REQ-038
Those items identified in the system and subsystem Fmeas with criticalities 1(all suffixes), 2 (H and S) and 3 (S) shall be considered as critical items and processed as such in the CIL.
Reference STD-DEP2-REQ-039
Items identified in the unit Fmeas with criticalities 1 (all suffixes) and 2 (H) shall be considered as critical items and processed as such in the CIL. Furthermore, for SPFs at unit level with criticality 2 and 3 , the decision to consider them as to be included in CIL or not shall be taken in cooperation with the upper level, i.e with consideration of possible redundancy identified at this level.
Reference STD-DEP2-REQ-040
In addition justification for retention (including in particular the probability of failure occurrence) of each identified input for CIL shall be submitted to the upper level approval.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 18/71
All rights reserved, 2009, Thales Alenia Space
4.5 FMEA REPORT
Reference STD-DEP2-REQ-041
A FMEA report shall be supplied and updated in accordance with the SOW. The FMEAs shall include the following information : a. A description of the mission, function and interfaces for the item for which the FMEA is
being prepared, b. The functional block diagram of the item with a description of the functional elements of
the hardware, c. Reliability block diagram, if the analyzed item includes redundancy, d. The functional block level FMEA, e. For equipment level FMEA, a part level FMEA, performed on each external interface and
on each internal interface involved in internal redundancy. The analysis at part level interface will include each failure mode for each passive part until the first active circuit excluded,
f. A list of single point failure items g. A summary of the FMEA, including the main following results :
• list of items to be included in Critical Items List (CIL), • recommendations to upper level, • effects of radiations (e.g heavy ions). • input data for the safety analysis if not provided in separate safety document.
4.6 PRODUCT DESIGN FMEA
Reference STD-DEP2-REQ-042
The Product Design FMEA deals with failure mode aspects which are complementary to those of the FMEA as specified by SOW. It shall be performed on electromechanical and electrical equipment which include internal redundancy.
Reference STD-DEP2-REQ-043
The Product Design FMEA shall analyze the failure modes due to the packaging design and physical interactions between parts/components/equipment although they may be well decoupled from a functional point of view.
Reference STD-DEP2-REQ-044
The main purpose shall be to identify the potential single failures which could result in loss or important degradation of the mission, and specify for each of them the method(s) used to eliminate/control the cause of failure.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 19/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-045
The Product Design FMEA report shall consider the following points : a. Identification of failures which have a credible risk to negate a redundancy by physical
(e.g thermal, mechanical, electrical, chemical) failure propagation. b. Identification of single point failures modes caused by single parts having multi-
application elements. (Dual transistors in one package that furnish signals to a pair of redundant circuits; redundant circuits in the same hybrid...)
c. Identification of single point failures modes associated with wiring, connectors pins, solder joints, PCB stripes.
d. FMEA of interfaces between redounded circuits performed at part level.
The Product Design FMEA may be included in the FMEA document.
5. PARTS DERATING AND STRESS ANALYSIS
5.1 GENERAL
Reference STD-DEP2-REQ-046
The parts derating and stress analysis shall be performed for E.E.E. parts and mechanical elements respectively.
Reference STD-DEP2-REQ-047
For electronic equipment, the Parts Derating Analysis shall be performed to identify noncompliance’s with the program derating requirements and to direct the necessary changes to the design to comply with the program derating.
Reference STD-DEP2-REQ-048
Formal methods shall be used to report, track, and to ensure that corrective action takes place and that all derating issues are resolved.
Reference STD-DEP2-REQ-049
For structural elements, the stress analysis shall verify the compliance with the required safety factors for the mission.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 20/71
All rights reserved, 2009, Thales Alenia Space
5.2 PARTS DERATING ANALYSIS OF ELECTRONIC EQUIPMENT
Reference STD-DEP2-REQ-050
All flight equipment shall be analyzed to determine individual part stresses (voltage, current power, temperature, etc.) in transient as well as in steady state conditions and the reference equipment temperature to be used in the analyses shall be the maximum acceptance temperature.
Reference STD-DEP2-REQ-051
The parts stresses shall be compared to the program derating criteria.
Reference STD-DEP2-REQ-052
In cases where no data can be found in the program derating criteria or if data is considered as not applicable due to irrelevant conditions (e.g., low temperature) other sources can be used with justification to be submitted to the Company approval. Meanwhile, in these specific cases, the application rules shall be expressed in a manner similar to the applicable program data base.
Reference STD-DEP2-REQ-053
When a unit is implemented with internal redundancy, the derating analysis shall cover the failure condition in addition to nominal configuration. If the failure condition changes the stress applied to the healthy redundant side, it shall be established that there is no risk of failure propagation due to overstress of parts (parts ratings not exceeded for healthy function, if the failed function can be switched off). Such situation must be reported in the FMEA conclusions.
Reference STD-DEP2-REQ-054
Ratings shall not be exceeded during tests (qualification, acceptance, AIT).
An example of a Parts Derating Analysis form sheet is shown in Figure 5.1.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 21/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-055
All applications exceeding the applicable criteria shall be approved by the Company before incorporation into the design by submission of a Request for Deviation. Request for Deviation to the Program derating requirements shall only be prepared after all applicable design alternatives have been investigated and the risks associated with the electrical stress or part application discrepancies have been determined and found acceptable.
Stresses exceeding the derated value may be permissible for specific periods, such as burn-in and inadvertent overstress due to failure of related components during tests, provided these conditions do not exceed manufacturers approved ratings.
Reference STD-DEP2-REQ-056
A list of the parts exceeding the stress criteria shall be presented in the Derating Analyses.
5.3 STRESS ANALYSIS OF STRUCTURAL ELEMENTS AND MECHANISMS
Reference STD-DEP2-REQ-057
The compliance of the structural elements and mechanisms with the required safety factors shall be verified by engineering. Applications exceeding these criteria where it is not feasible or possible to correct by means of redesign or other means must be approved by the Company before incorporation into the design by submission of a Request for Deviation.
Reference STD-DEP2-REQ-058
A list of the elements which are below the required safety factors shall be included in the appropriate analysis along with actions being taken to resolve the discrepancies and if applicable, justification for retention of each discrepancy.
5.4 PRESENTATION OF PARTS APPLICATION REVIEW
Reference STD-DEP2-REQ-059
The analysis shall include : a. Applicable and reference documents b. Reference to the design baseline under analysis c. The applicable acceptance temperature used in the analysis d. Complete worksheets (see figure hereafter for example) including all appropriate stress
items in accordance with the program derating requirements (voltage, current, power, junction temperatures, stress parameters).
e. A list of parts which exceed the derating requirements for electronics and are below the specified safety factors for structural or mechanical items with cross-reference to any applicable Request for Deviation.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 22/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-060
The part application review documentation shall be supplied in accordance with the SOW.
PART DERATING ANALYSIS
AD04F3.DRW
PROJECT :EQUIPMENT :DWG N° :
APPLICABLE DOCUMENTPREPARED BY :
DOCUMENT :ISSUE :DATE :
Page :
Item N°
PartRef
PartType
Parameter RatedValue
Derat.Value
MaxAllowable
Case orJunctionTemp.
Applied Value
Stress Ratio
Compliance Y/N
Remarks
Figure 5.1 Part Derating Analysis Form (Example)
5.5 DERATING REQUIREMENTS
Reference STD-DEP2-REQ-061
The applicable program derating data base shall be defined in the AD 8 , with the exceptions as described in Table 5.2.
REF
EREN
CE
: D
ATE
:
MTG
-TA
F-S
A-R
S-0
318
30/
07/0
9
IS
SUE
:
01
Page
: 23
/71
A
ll rig
hts
rese
rved
, 200
9, T
hale
s A
leni
a Sp
ace
R
efer
ence
of E
CSS
-Q-S
T-30
-11C
ch
apte
r and
requ
irem
ent
Com
plia
nce
stat
us
Com
men
ts
5.4.
1
Der
atin
g pa
ram
eter
s –
over
view
M
et
Tem
pera
ture
use
d fo
r the
Der
atin
g an
alys
is is
the
hot
acc
epta
nce
tem
pera
ture
.
5.4.
2.a
D
erat
ing
para
met
ers
– re
quire
men
ts
Parti
ally
Met
B
y de
faul
t , T
hale
s A
leni
a S
pace
app
lies
5.4.
2.b
whi
ch is
gen
eral
ly m
ore
cons
erva
tive.
In
cas
e of
non
com
plia
nce
to 5
.4.2
.b, t
he c
ompl
ianc
e to
5.4
.2.a
will
be
verif
ied.
5.
4.2.
c
Der
atin
g pa
ram
eter
s –
requ
irem
ents
M
et
Rep
etiti
ve tr
ansi
ents
are
incl
uded
in th
e M
ax o
pera
ting
cond
ition
s.
The
stea
dy s
tate
der
atin
g ar
e ap
plie
d w
hich
is m
ore
cons
erva
tive.
6.
2.1.
c
Cap
acito
rs :
cera
mic
- ge
nera
l N
ot M
et
Ana
lysi
s is
lim
ited
to c
ritic
al it
ems
like
snu
bber
s in
pow
er s
uppl
ies
6.2.
1.d
C
apac
itors
: ce
ram
ic -
gene
ral
Met
R
emar
k : t
he p
ower
dis
sipa
ted
in th
e ca
paci
tor
is ta
ken
into
acc
ount
for
ther
mal
ana
lysi
s. T
he g
ood
prac
tice
in
desi
gn is
to
limit
diss
ipat
ed p
ower
. Thi
s ap
plie
s to
all
type
s of
cap
acito
rs.
6.2.
2
Cap
acito
rs :
cera
mic
- de
ratin
g Pa
rtial
ly M
et
Not
Com
plia
nt fo
r Hig
h V
olta
ge p
arts
> 5
00V
in E
PC
. Tha
les
appl
ies
60%
6.3.
1.e
and
6.4
.1.b
C
apac
itors
: s
olid
tan
talu
m –
gen
eral
an
d no
n so
lid ta
ntal
um -
gene
ral
Not
Met
C
an n
ot g
ener
ally
be
app
lied
as it
is n
ot s
peci
fied
in th
e pa
rt sp
ecifi
catio
n.
The
incr
ease
of T
empe
ratu
re d
ue to
ripp
le p
ower
is c
onsi
dere
d fo
r the
com
puta
tion
of th
e ca
se te
mpe
ratu
re (r
ef
to 6
.3.1
.f)
6.5.
1.a
and
6.5
.1.b
C
apac
itors
: fil
ms
- gen
eral
Pa
rtial
ly M
et
The
shor
t circ
uit e
ffect
is a
naly
sed
in th
e FM
EA
. Th
e se
lf-he
alin
g re
quire
men
t is
anal
ysed
onl
y w
hen
the
effe
cts
of s
hort-
circ
uit m
ust b
e av
oide
d.
6.12
.2
Con
nect
ors
RF
- der
atin
g N
ot M
et
RF
Pow
er :
50%
of m
axim
um ra
ted
pow
er.
Max
imum
ope
ratin
g te
mpe
ratu
re :
5°C
bel
ow m
axim
um ra
ted
tem
pera
ture
. 6.
14.2
.1
Dio
de (s
igna
l/sw
itchi
ng, r
ectif
ier,
tran
sien
t sup
pres
sion
, var
acto
r, pi
n,
Scho
ttky,
ste
p re
cove
ry)
Parti
ally
met
In
stea
d of
req
uire
men
t on
for
war
d su
rge
curre
nt I
fsm
, ap
ply
75%
on
Forw
ard
curre
nt I
f w
hich
is
mor
e co
nser
vativ
e.
Cla
use
is n
ot a
pplic
able
for t
rans
ient
sup
pres
sors
whi
ch is
tran
sfer
red
to u
nder
cla
use
6.14
.2.2
6.14
.2.2
D
iode
(Zen
er, r
efer
ence
)
Parti
ally
met
65
% d
erat
ing
on th
e di
ssip
ated
pow
er w
hich
is
suffi
cien
t to
insu
re th
at Z
ener
dio
des
are
wor
king
in a
saf
e ar
ea.
This
cla
use
beco
mes
app
licab
le to
tran
sien
t sup
pres
sors
whi
ch h
ave
been
rem
oved
from
cla
use
6.14
.2.1
REF
EREN
CE
: D
ATE
:
MTG
-TA
F-S
A-R
S-0
318
30/
07/0
9
IS
SUE
:
01
Page
: 24
/71
A
ll rig
hts
rese
rved
, 200
9, T
hale
s A
leni
a Sp
ace
Ref
eren
ce o
f EC
SS-Q
-ST-
30-1
1C
chap
ter a
nd re
quire
men
t C
ompl
ianc
e st
atus
C
omm
ents
6.15
.2
Dio
des
: RF/
mic
row
ave-
PIN
- de
ratin
g Pa
rtial
ly m
et
The
50%
D
erat
ing
is a
pplie
d to
the
spe
cifie
d m
axim
um o
pera
ting
forw
ard
curre
nt in
stea
d of
the
surg
e cu
rrent
.
6.20
.2
Inte
grat
ed
Circ
uits
-
non-
vola
tile
mem
orie
s - d
erat
ing
Met
E
ndur
ance
cov
ered
by
Wor
st C
ase
Circ
uit A
naly
sis
6.23
.2
Inte
grat
ed c
ircui
ts –
MM
ICS
- der
atin
g M
et
Ove
rdriv
e co
nditi
ons
are
cov
ered
by
the
WC
CA
Fo
r Com
pone
nt o
f the
she
lves
: 80
% D
erat
ing
can
be a
pplie
d on
V s
uppl
y
6.25
.1.a
R
elay
s an
d sw
itche
s - g
ener
al
Not
met
Th
ales
Ale
nia
Spac
e a
pplie
s c
oil
volta
ge
betw
een
110%
of
the
latc
h/re
set
volta
ge a
nd t
he m
axim
um c
oil
volta
ge.
6.25
.1.b
R
elay
s an
d sw
itche
s - g
ener
al
Not
met
- N
o de
ratin
g is
app
lied
to th
e m
inim
um p
ulse
dur
atio
n.
- Not
Met
for
type
GP
250
, EL2
15 a
nd R
F sw
itche
s - C
ompl
ianc
e is
met
on
Tele
dyne
TL1
2 a
n TL
26.
6.25
.2
Rel
ays
and
switc
hes
- der
atin
g Pa
rtial
ly M
et
For s
urge
dur
atio
n >
10us
: I
²t <
16 Ir
² * 1
0-5 (A
².s)
Pot
entia
l NC
whe
n co
ntac
t is
used
for r
elay
sta
tus.
6.
26.1
.7
Res
isto
rs –
mic
row
ave
load
resi
stor
M
et
Load
resi
stor
are
pas
sive
RF
(fam
ily c
ode
30.1
0) a
nd c
over
ed b
y 6.
34 :
no d
erat
ing
on v
olta
ge.
Max
imum
ope
ratin
g te
mpe
ratu
re :
5°C
bel
ow m
axim
um ra
ted
tem
pera
ture
. 6.
26.1
.8
Res
isto
rs –
pul
se p
ower
ratin
g 6.
26.1
.9 a
and
b
sing
le p
ulse
Parti
ally
met
Fo
rmul
a no
t acc
epta
ble
and
dang
erou
s fo
r the
par
t for
larg
e va
lue
of T
(typ
ical
ly g
reat
er th
an 1
s). F
or la
rge
valu
e of
T, T
hale
s A
leni
a Sp
ace
app
lies
clau
se 5
.4.2
.b re
lativ
e to
non
-repe
titiv
e tra
nsie
nts
Ref
er to
5.4
.2.a
and
b
6.31
.2
Tran
sist
ors
RF
FET
- der
atin
g Pa
rtial
ly M
et
- Ove
rdriv
e co
nditi
ons
cov
ered
by
the
WC
A
- Fo
r G
aAs
tech
nolo
gies
w
ith T
jMax
=
150°
C,
dera
ting
appl
ied
is 1
15°C
acc
ordi
ng t
o Th
ales
Ale
nia
spac
e st
anda
rd.
6.32
.1
Wire
s an
d C
able
s - g
ener
al
Parti
ally
met
- M
anuf
actu
rer’s
max
imum
ratin
g Tm
ax -5
0°C
-
The
dera
ting
on
curre
nt
for
bund
les
with
N
w
ires
is
calc
ulat
ed
as
follo
ws
IB
W =
ISW
× K
for
am
bien
t tem
pera
ture
of 4
0°C
. -
In c
ase
of w
ires
in c
old
redu
ndan
cy o
r w
ires
non
used
in th
e sa
me
bund
le (
one
with
cur
rent
, the
oth
er w
ithou
t cu
rrent
) th
e nu
mbe
r of
wire
s to
take
into
acc
ount
is c
alcu
late
d as
follo
ws
: N e
quiv
alen
t bun
dle
= N
wire
s w
ith
curre
nt +
0,5
x N
wire
s w
ithou
t cur
rent
with
IBW
whi
ch s
hall
not o
verp
ass
ISW
. 6.
34.2
R
F pa
ssiv
e co
mpo
nent
s - d
erat
ing
Not
Met
R
F P
ower
: 50
% o
f max
imum
rate
d po
wer
. M
axim
um o
pera
ting
tem
pera
ture
: 5°
C b
elow
max
imum
rate
d te
mpe
ratu
re.
Tabl
e 5.
2 A
MEN
DEM
ENTS
to d
erat
ing
rule
s of
the
ECSS
Q S
T 30
11
C
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 25/71
All rights reserved, 2009, Thales Alenia Space
In case of application of another source or standard the compatibility with the AD8 document shall be established by the unit supplier, and submitted to the upper level approval.
For units developed before issuance of AD8 the alternative rules shall be subjected to upper level approval.
6. WORST-CASE ANALYSIS (WCA)
6.1 GENERAL
Reference STD-DEP2-REQ-062
The worst-case analysis ensures that item electrical and/or mechanical performances comply with the applicable equipment specification under worst-case operating conditions. It shall be performed on equipment critical elements, or elements subject to accuracy performance requirements or sensitive to environmental conditions. It shall be mutually agreed by the contractor and the next higher customer which circuits shall be subjected to such analysis.
Reference STD-DEP2-REQ-063
Engineering organizations shall be basically responsible for the completion of worst-case analyses on flight hardware items for which they have design responsibility. They shall be required to ensure that the analyses are adequately prepared, that design margins are adequately demonstrated by analyses and/or tests, and that the documentation is complete and sufficient. All WCA shall be formally approved by engineering organizations.
Reference STD-DEP2-REQ-064
Worst-case analysis reports shall be prepared and submitted to the Customer as required by the SOW.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 26/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-065
Reliability personnel shall be responsible for providing the aging effect data, for ensuring that worst-case analyses are appropriately completed (methodology) and that the results of the analyses ensure compliance with all applicable requirements. Applications exceeding these criteria where it is not feasible or possible to correct by means of redesign or other means shall be approved by the Company before incorporation into the design by submission of a Request for Deviation.
6.2 ANALYSIS METHOD
Reference STD-DEP2-REQ-066
The methodology which shall be applied when conducting such analysis is described in AD5.
Reference STD-DEP2-REQ-067
The analysis shall demonstrate sufficient operating margins for all operating conditions of the individual circuits, considering simultaneously the following sources of variation :
• Part parameter tolerance (variations in initial values from specified or nominal values) • Normal and contingency operating modes, including unit and system turn-on
(transienst, In-rush) and turn-off • Circuit stimulus and Full range of input voltages, currents and frequencies, and their
rate of application over mission life : o Input power change to upper/lower tolerance limits o Signal sources drifting to their upper/lower tolerance limits o Circuit loading : o Changes in circuit loads due to drift to their upper/lower tolerance limits
• Potential race conditions (mismatch in delay times) • Temperature extremes (Acceptance temperature to be used in the analysis) • Aging drift from initial values (aging time equals the Mission Design Life) • Radiation degradations (dose time equals the Mission Design Life) • Variations in the parts or circuit due to other environmental influences.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 27/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-068
The analytic method to be implemented shall be justified. The documentation shall indicate the origin of the data used on parts parameters variation and shall compare the result of the analysis with the specification.
A combination of testing and analysis may be employed to obtain results through actual measurements.
Reference STD-DEP2-REQ-069
The analysis method shall be tailored to the circuit function, and to the adequacy of the analytical models (Extreme Value Analysis EVA, , Root Square Sum Method, Monte-Carlo simulation may be used).
Reference STD-DEP2-REQ-070
For parts submitted to Radiation Lot Acceptance Test, the parameter drift values shall be derived from radiation test by comparing the post-test values with the pre-test value.
6.3 PRESENTATION OF WCA DOCUMENTATION
Reference STD-DEP2-REQ-071
WCA documentation shall include : a. Applicable and reference documents b. The reference to the design baseline under analysis c. A list of reviewed circuits with the reason for the analysis (critical element, etc.) d. The source (s) of data e. Detailed calculations with drawings of analyzed circuits f. A summary of the worst case calculations g. Comparison of results with required specification figures.
Reference STD-DEP2-REQ-072
The documentation shall be supplied in accordance with the SOW.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 28/71
All rights reserved, 2009, Thales Alenia Space
6.4 WORST CASE ANALYSIS (WCA) AND PART PARAMETER DEGRADATION The purpose of a WCA is to verify that the circuits will perform their function in accordance with the design specification throughout their "design life" with the part degradations of aging, temperature, and radiation. The part parameter guidelines contained herein define the anticipated EOL values for the degradation sensitive parameters of electronic components. The degradation data presented assumes that the parts have been screened to the program requirements and part application stresses are within the constraints imposed by the Program derating criteria. The parameter changes resulting from aging effects are presented independently and must be summed to determine the total extent of parameter degradation at EOL. In addition to the degradation resulting from aging, certain parameters of electronic components are temperature sensitive and the effects of temperature on these parameters must be included in the determination of EOL worst case parametric values. The temperature coefficients for parametric values are usually attainable from manufacturer's data sheets and have been factored into the aging tables as a function of time.
6.5 PARAMETRIC CHANGE DUE TO AGING Individual part types have been segregated into part type categories. Parametric changes resulting from aging are presented by part type categories. Parameter changes due to aging are shown in the part sections of this document. Since parametric change is primarily a function of time and temperature, the parameter aging tables present the information for 10 & 18 years at three different temperatures.
Reference STD-DEP2-REQ-073
In case other sources are intended to be used, it shall be submitted to the upper level approval before application, with supporting data.
Reference STD-DEP2-REQ-074
Aging Models shall be taken from AD5, and aging data tables which shall be applied are provided in Annex 3.
7. RELIABILITY ASSESSMENT
7.1 GENERAL
Reference STD-DEP2-REQ-075
Reliability numerical evaluation shall be performed for hardware items, subsystems, payloads, and for the spacecraft to demonstrate compliance with the contractual numerical reliability requirements.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 29/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-076
The reliability assessments prepared for the proposal shall be updated during the program to include the impact of design changes and more detailed design information as the spacecraft hardware design matures. Reliability trades shall be used during all phases of the program to identify the relative merits of alternative designs and to assist in problem resolution (i.e., to determine the possible numerical reliability impact resulting from a potential problem situation).
Reference STD-DEP2-REQ-077
Reliability functional block diagrams shall be developed and used to represent the system and subsystem design configurations as they operate over the specified mission phases.
These functional block diagrams shall in turn be the basis for the reliability block diagrams that indicate the redundancy, cross-strapping, and single thread items of the designs. The reliability block diagrams then become the basis for defining the quantitative reliability of hardware from the unit to the end item spacecraft level. Mathematical models (either discrete or dynamic) shall then be used, along with the failure rates calculated for the hardware items, to determine numerical reliability.
Reference STD-DEP2-REQ-078
The numerical reliability assessments shall be governed by the requirements of this chapter which provides the basis for the definition of mission phases and their appropriate failure rate modifiers, applicable program failure rates or their sources, mathematical modeling requirements, and modeling techniques.
Reference STD-DEP2-REQ-079
Numerical reliability shall be allocated to the appropriate system elements and such allocations shall be reviewed whenever current predictions indicate a need for revision. Quantitative reliability requirements shall be specified in the applicable equipment, subsystem, and system performance specifications.
Reference STD-DEP2-REQ-080
Reliability predictions shall be prepared with the necessary level of detail for all spacecraft hardware items, including operational duty cycles, dormancy factors, environmental factors, and functional descriptions. The results of quantitative reliability assessments shall be reported and provided as part of design reviews for all levels of equipment hardware in addition to the spacecraft.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 30/71
All rights reserved, 2009, Thales Alenia Space
7.2 RELIABILITY ASSESSMENT
7.2.1 Asumptions
Reference STD-DEP2-REQ-081
The following assumptions affect the interpretation of quantitative reliability results and shall be true for reliability assessments unless otherwise stated : a. The design assessed is representative of the flight design, b. Useful life of a component begins after the satisfactory acceptance test of the
component, c. Mission phases are independent. Stresses experienced in a phase do not affect the
failure rate of succeeding phases, d. Part failure rates are usually constant during the useful life period and wearout factors
are not operative during the required mission life unless otherwise stated and appropriate models are used in those cases,
e. Individual part failures are independent, f. Parts and materials are qualified for their application and environment, g. Circuit design performance margins are sufficient for the effects of production variance,
radiation environment, thermal environment and aging, h. Production processes and testing do not introduce unknown latent damage or failure
mechanisms and are approved for use for the mission, i. Failures rates are estimated in accordance with the requirements of this chapter, k. For structural items and mechanisms, the most appropriate method among constant
failure rates, stress strength method (reliability estimations taking into account structural and functional safety margins) or other will be selected by the unit supplier and submitted to upper level approval.
l. Possibility of part failure due to radiation will be considered when assessing the failure rate.
7.2.2 Mission time
Reference STD-DEP2-REQ-082
The reliability assessment shall use a basic time unit of hours or years as applicable. For purposes of uniformity, 8 760 hours are assumed applicable for each year of operation.
7.3 RELIABILITY ASSESSMENT DOCUMENTATION
Reference STD-DEP2-REQ-083
A reliability assessment report shall be prepared and submitted in accordance with the Statement of Work for the specified design reviews. Each reliability assessment shall include the following information : a. A description of the item, types of redundancy, and the item operational modes, b. A functional block diagram of the design,
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 31/71
All rights reserved, 2009, Thales Alenia Space
c. A reliability model for each operating phase which is analyzed including : • Reliability Block Diagrams, • Failure Rates for each block of the Reliability Block Diagram, • Mathematical models or applicable dynamic model data, • Probability of success results, • A comparison of the results with the specified requirements.
7.3.1 Reliability Assessment models
Reference STD-DEP2-REQ-084
Reliability models shall be established for the applicable mission phases to support the calculated values of probability of success, describe the reliability aspects of the design, illustrate the redundancy and cross-strapping used, and indicate the single point failure items in the design. When appropriate, the various operating modes, conditions, and configurations will be accounted for in the modeling to describe system behavior. Modeling methods may include dynamic approaches including Markov graph, Petri Networks, or Monte Carlo. However, such modeling approaches should be limited to applications in which conventional means are inadequate since these methods are difficult to verify and document. When used, sufficient information should be provided to substantiate the methodology and the results (for example : matrix with initial condition for Markov graph).
Reference STD-DEP2-REQ-085
The following documentation methods shall be used for reliability assessments prepared beyond the single unit level (i.e. an integrated assembly with multiple units or subsystems) : a. Develop a functional model block diagram of the design assessed, b. Develop a reliability block diagram which tracks the functional model block diagram, c. Develop a reliability mathematical model for the reliability block diagram, d. Calculate the total failure rate for each block of the reliability block diagram and indicate
duty cycle, e. Calculate results for the reliability math model using the failure rates for each block and
the applicable failure rate adjustment factors over the mission time period. Results will be truncated and not rounded.
7.3.2 Functional block diagrams
Reference STD-DEP2-REQ-086
This functional block diagram shall be prepared to aid in the understanding of the reliability model and as result may differ from the engineering functional model. All functionally redundant units shall be clearly indicated and the signal flow identified.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 32/71
All rights reserved, 2009, Thales Alenia Space
7.3.3 Reliability block diagrams
Reference STD-DEP2-REQ-087
Reliability block diagrams shall be prepared to correspond to the reliability functional diagram. The individual blocks shall be numbered and cross-referenced to the reliability functional model. All assumptions used in the reliability block diagrams shall be clearly stated including reasons for not including non critical functions in the modeling.
7.3.4 Reliability calculations
Reference STD-DEP2-REQ-088
Reliability calculation shall be performed at the appropriate level of the design including system, subsystem, and subcontractor item levels. The calculations shall include probability of success results for the mission phases and time duration specified in the technical specification. Parts count assessment : A parts count assessment may be used during the early stages of the program to determine failure rates for each identifiable block of the reliability block diagram.
7.3.5 Documentation of failure rates from stress data (unit level)
Reference STD-DEP2-REQ-089
All failure rates that are calculated from actual stress data shall be documented with the following minimum information : 1. The part generic type will be clearly indicated, 2. The manufacturer's part number, military standard designation for the part, or other
clearly understood part number will be indicated, 3. The part circuit reference number will be indicated (R1, C3, Q5, etc.), 4. The schematic number of other appropriate identification used in the analysis will be
indicated by number and functional name, 5. Stress ratios (actual/rated) will be calculated and the maximum rating of the part will be
given. All MIL-HDBK-217 failure rate multiplying factors and required stress ratios will be calculated and used as a basis for the part level failure rates. The appropriate part value of resistance, capacitance, etc., should also be listed when they are required to calculate part failure rates. The assumed operating temperature of the circuits or assemblies will be indicated,
6. Failure rates from the piece parts as well as solder/joints (interconnects) will be totaled for each circuit subassembly and higher level assembly used in the reliability analysis.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 33/71
All rights reserved, 2009, Thales Alenia Space
7.3.6 Documentation identification
Reference STD-DEP2-REQ-090
The reliability analysis documentation required by the applicable contractual documents for the program including both informal and formal documentation shall have the following minimum information : a. Author and source of the analysis data, b. Date and revision status for the analysis data c. Program and contractual identification, d. Design identification as applicable : 1. Part number, 2. Model number, 3. Design nomenclature. e. Design status information : e.g., drawing number with revision including unincorporated
design change information that was used in the reliability document, f. Identification of the specified reliability requirements documents and paragraphs for
which the reliability document is demonstrating compliance for formal acceptance.
7.4 FAILURE RATES ASSESSMENT
7.4.1 program failure rates
Reference STD-DEP2-REQ-091
The AD 6 shall be applied when selecting a failure rate source. The selected standard is the AD3 (MIL-HDBK-217 F + Notice 2) which shall be used to determine EEE piece part failure rate, with the exception of :
• hybrids for which AD4 (MIL-HDBK-217 E + Notice 1) can be used but shall be explicitly referenced in the analysis.
• GaAs FET : special model , see paragraph 7.4.3.b • ICs (including ASICs) : special model , see paragraph 7.4.3.c • The failure rates for Fixed Failure Rate Items listed in Annex 4 can be used instead of
AD3 and are provided for use to assess reliability at all levels of indenture.
Other data can only be used if justified and after the Company approval.
Reference STD-DEP2-REQ-092
For the equipment Preliminary Design Review, the part count reliability prediction method of the MIL-HDBK-217 may be applied.
For the Critical Design Review, the reliability shall be predicted using the part stress method, dependent upon electrical stresses and component temperatures derived from unit thermal analysis.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 34/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-093
The use of failure rates/quality factors other than those contained in the present chapter or AD3/AD4 shall be substantiated by test or demonstrated performance data, published reports or other data, and be subject to approval by "The Prime" prior to use. In such case where manufacturer's test data are used, the following information must be provided :
• number of tested units, • total number of cumulated hours (or cycles), • number of observed failure(s), • test conditions and similarity between tested and flight design.
Reference STD-DEP2-REQ-094
In some cases, actual test data shall be preferred over the use of generic failure rate data since generic data may generate unrealistic predictions. Items for which test data is preferred include high power RF devices, new technology items, small population items, and complex digital devices.
7.4.2 Failure rate thermal and electrical stress derating
Reference STD-DEP2-REQ-095
Thermal and electrical stress influences on part failure rate shall be incorporated into the reliability assessments as soon as the necessary design data are available and stress analyses completed. The final assessment of each design shall incorporate failure rates derived from the calculated stress ratios and the average operating temperature of the units or equipment
Reference STD-DEP2-REQ-096
The equipment average temperatures figures on baseplate shall be considered in the analysis. Reliability assessment at unit level shall be performed over the complete acceptance temperature range (with a minimum of four temperature values), with a reliability target fixed for a typical average baseplate temperature. When performing the reliability assessment at upper level (subsystem or system), the unit average temperature specific to the concerned application shall be considered. The way to assess the average baseplate temperature over the complete lifetime shall be submitted to the Company approval
Reference STD-DEP2-REQ-097
The quantitative reliability objective at unit level shall be introduced in dedicated technical specification (e.g. maximum failure rate for a given average temperature).
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 35/71
All rights reserved, 2009, Thales Alenia Space
7.4.3 Special failure rate models a. Hybrid devices
Reference STD-DEP2-REQ-098
Although the MIL.HDBK.217 FN2 is the basic document to be used to determine failure rates, the reliability figures obtained with the version EN1 shall be used for hybrid devices provided this is indicated in the analysis. In case of use of EN1 version, the following formula for “package failure rate (λs)” is to be used (typing error in the MIL table 5.1.2.9-4 page 5.1.2.9-7 where a minus sign has been omitted just after the second exponential) : λs = (0.01) . S. (1 - exp( -S2/50)).exp(-(5 203.781).(1/(T+273)-1/298))
Reference STD-DEP2-REQ-099
The failure rate assessment for non hermetic "hybrids" with discrete parts shall be conducted as for sub-assemblies.
b. GaAs FET
Reference STD-DEP2-REQ-100
The failure rate of GaAs FET devices shall be estimated with the method and mathematical models described in the RD 1 “UTEC 80810 - RDF 2000 document - Recueil de données de fiabilité".
packagedie .. λλλ +=
hQEBSt /10.)...( 9
0−+= ππλππλλ
with, for die contribution,
3.00 =λ for Low Power FET (P<1W)
10 =λ for High Power FET (P>1W)
π tTje=
−+
⎛⎝⎜
⎞⎠⎟4640 1
3131273
for Low Power FET
π tTje=
−+
⎛⎝⎜
⎞⎠⎟4640 1
3731273
for High Power FET
π π πS S S= 1 2. with π S
Se11 7 10 22= , . , .
S
VVDSOperating
DSMax
1=⎛⎝⎜
⎞⎠⎟
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 36/71
All rights reserved, 2009, Thales Alenia Space
π SSe2
3 20 22= , . .
SV
VGSOperating
GSMax
2 =⎛⎝⎜
⎞⎠⎟
with, for package contribution,
1=Bλ for Low Power FET (P<1W)
2=Bλ for High Power FET (P>1W)
Eπ = 1, for Geostationary Earth Orbit
π E = 4, for Low earth Orbit with quality factor,
1=Qπ for high quality level.
c. ICs (including ASICs)
Reference STD-DEP2-REQ-101
For Silicon digital ICs and ASICs , an extrapolated model of MIL.HDBK.217+N2 , model § 5.1 shall be used:
)10/)(( 621 HoursFailuresCC LQET ΠΠΠ+Π=λ
Where:
For complexity up to 90 000 Gates
C1=0.45 [exp[-0.35(a-1995)]
For complexity greater than 90 000 gates the following formula will be used :
C1=[0.45+0.16(c-90)/30]exp[-0.35(a-1995)] With :
c : complexity (103 gates) a : year in production of the circuit
Example : for a circuit of 100 000 gates that will be made in 2000 : c=100 & a=2000.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 37/71
All rights reserved, 2009, Thales Alenia Space
7.4.4 Failure rate adjustment factors - non operating factor
Reference STD-DEP2-REQ-102
The multiplying factors listed in Table 7.1 shall be used for the purpose of assessing mission reliability. These factors are applicable only to the designated mission phase under evaluation and are to be applied to the base rate to adjust for mission phase environmental and equipment
Reference STD-DEP2-REQ-103
Standby or non operating multipliers shall be used to assess the reliability of non operational equipment in accordance with Table 7.1. The on/off cases for mechanical devices are defined as :
OFF : when mechanism is in fixe mode,
ON : when mechanism is in movement mode (deployment, pointing…).
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 38/71
All rights reserved, 2009, Thales Alenia Space
MISSION PHASE DURATION FOR MULTIPLIERS CALCULATIONS
(typical values) Electrical Mechanical
Phase I LEOP : Launch/Boost Perigee Maneuvers Apogee Maneuvers Transfer orbit GO Period : IOT
0.5 hrs 0.1 hrs 2.5 hrs 336 hrs (2 weeks) 0.5 month , up to 4 380 hrs (6 months)
40 (on); 4 (off) 40 (on); 4 (off) 40 (on); 4 (off) 1 (on); 0.1 (off) 1 (on); 0.1 (off)
40 (on); 1 (off) 40 (on); 1 (off) 40 (on); 1 (off) 1 (on); 0.01 (off) 1 (on); 0.01 (off)
Phase II Orbital Life up to 131 400 hrs (15 years)
1 (on); 0.1 (off)
1 (on); 0.01 (off)
Table 7.1 Stress/Operating Failure Rate Multipliers NOTES : • Equivalent duration for phase I considering multipliers is 460 hours in addition to G.O.
period (says 825 hours in total for typical value of IOT)
Reference STD-DEP2-REQ-104
In case device is used for shorter period (e.g. deployment mechanism in phase I), its reliability shall be assessed for the effective mission duration
• Specific values of mission duration, and associated reliability objectives for phase I, and phase II will be introduced in technical specifications.
7.4.5 Quality factor adjustments Table 7.2 provides a list of equivalencies between failure rate quality levels specified in MIL-HDBK-217 and those specified by European Space Agency documents. PARTS MAIN TYPE EUROPEAN LEVEL MIL-HDBK-217 LEVEL Passives SCC B
SCC C MIL S MIL R
Relays SCC B SSC C
0.5* MIL R MIL R
Discrete Semiconductors
SCC B SCC C
0.5* MIL JANTXV (JANS) MIL JANTXV
Integrated Circuits SCC B SCC C
Class S categories Class B categories
Hybrids ECSS Q-60-05 Others
Class S categories Class B-1 categories
Table 7.2 Quality Level Equivalence
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 39/71
All rights reserved, 2009, Thales Alenia Space
7.4.6 Failure rate computation from test data
Reference STD-DEP2-REQ-105
Given the total number of successful part operating hours (T) and the number of failures (f), the following equations shall be used to calculate failure rates from test data :
Time truncated test, failure rate (10-9) = Txn
21092χ
for n = 2f + 2
Failure truncated test, failure rate (10-9) = Txn
21092χ
for n = 2f where χ² (Chi-Square) is at 60 % confidence (see Table 7.3). n χ² n χ² n χ² n χ² 2 1.830 14 14.700 26 27.200 38 39.600 4 4.040 16 16.800 28 29.200 40 41.600 6 6.210 18 18.900 30 32.300 42 43.700 8 8.350 20 21.000 32 33.400 44 45.700 10 10.500 22 23.000 34 35.499 46 47.800 12 12.600 24 25.100 36 37.500 48 49.800
Table 7.3 χ² Distribution (60 % Confidence)
For n > = 50 use
22 )12253.0(21
−+= nχ
Any alternate method yielding the same result may be used.
7.5 MATHEMATICAL MODELING
7.5.1 Exponential model
Reference STD-DEP2-REQ-106
The exponential decay function shall be used in all math modeling applications where reliability is determined by the random occurrence of failures and a constant failure rate. This model does not apply to initial operation of a system with an early rate of failure higher than the random rate nor does it apply to operation at the end of life of an item.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 40/71
All rights reserved, 2009, Thales Alenia Space
The exponential model is defined by: Ps (t) = e-λt where: Ps = probability of success (reliability), λ=random failure rate in failures/hour, t =the mission time in hours. Standard redundancy models
Reference STD-DEP2-REQ-107
Reliability mathematical models shall be developed in accordance with established and documented modeling procedures.
Reference STD-DEP2-REQ-108
The following models shall be used when applicable: a. Active redundancy, n units of m required for mission success
Ps(t) = xxnmn
x
xn PPC )1(
0
−−−
=∑ Where P is the probability of success for a single unit.
b. Standby redundancy for a single active unit and a standby non operating unit
( ) ( )[ ]QeetPsoresaetPs tsQtatsta /11)(11)( ..... λλλλ
λλ −−−− −+=⎥⎦
⎤⎢⎣⎡ −+=
Where: λa = failure rate of active units, λs = failure rate of standby, nonoperating units, q = λs / λa. c. Standby redundancy for n equal units with m required :
⎭⎬⎫
⎩⎨⎧
⎟⎟⎠
⎞⎜⎜⎝
⎛−+
−+= ∏∑
=
−
=
1!
)1(1)(1
jmiPPtPs
s
ai
lj
iqa
mn
i
ma λ
λ
Pa = tae .λ−, λa = active failure rate, q = λs / λa.
m = number of active elements n = total number of elements, t = mission time in hours
7.5.2 Single shot model
Reference STD-DEP2-REQ-109
The reliability of a single shot reliability item (item with an intended life of one operation) shall be assessed using test results or actual operational experience at the 60 % confidence level.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 41/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-110
Calculations shall be made using the following expression or taken from table 7.4. for the appropriate number of tests and failures:
[ ] )22,22()/())1(11
fnfFfnfPs
−+−++=
α
where: n = number of tests, f = number of failures, α = the risk (60 %), F = values of the F distribution.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 42/71
All rights reserved, 2009, Thales Alenia Space
NUMBER OF FAILURES
NUMBER OF TESTS
0 1 2 3 4 5
1 0.4000 - - - - - 2 0.6324 0.2254 - - - - 3 0.7368 0.4329 0.1566 - - - 4 0.7952 0.5555 0.3292 0.1199 - - 5 0.8325 0.6350 0.4463 0.2656 0.0971 - 6 0.8583 0.6905 0.592 0.3731 0.2226 0.0816 7 0.9773 0.7314 0.5908 0.4539 0.3206 0.1916 8 0.8917 0.7628 0.682 0.5165 0.3975 0.2811 9 0.9032 0.7877 0.6758 0.5664 0.4590 0.3535 10 0.9124 0.8078 0.7064 0.6070 0.50.83 0.4131 20 0.9552 0.9014 0.8490 0.7974 0.7463 0.6957 30 0.9699 0.9337 0.8984 0.8350 0.8291 0.7948 40 0.9773 0.9550 0.9234 0.8972 0.8711 0.8453 50 0.9818 0.9599 0.9386 0.9175 0.8966 0.8758 60 0.9848 0.9665 0.9487 0.9311 0.9136 0.8963 70 0.9869 0.9713 0.9560 0.9409 0.9259 0.9109 80 0.9886 0.9748 0.9614 0.9482 0.9350 0.9220 90 0.9898 0.9776 0.9657 0.9539 0.9422 0.9306 100 0.9908 0.9798 0.9691 0.9585 0.9480 0.9375 150 0.9939 0.9865 0.9794 0.9723 0.9652 0.9582 200 0.9954 0.9899 0.9845 0.9792 0.9739 0.9686 300 0.9969 0.9932 0.9897 0.9861 0.9826 0.9791 400 0.9977 0.9949 0.9922 0.9896 0.9869 0.9843 500 0.9981 0.9959 0.9938 0.9917 0.9895 0.9874 750 0.9987 0.9973 0.9959 0.9944 0.9930 0.9916 1000 0.9990 0.9979 0.9969 0.9958 0.9948 0.9937
Table 7.4 Single Shot Reliability (60 % Confidence)
7.5.3 Mechanical items model
Reference STD-DEP2-REQ-111
The reliability assessment of mechanical items shall be made by determining the probability of occurrence of each of its failure modes (structural or functional) identified through the FMEA.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 43/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-112
When relevant, the “Strength/Stress” method as described in the present paragraph, shall be used preferably to the fixed failure rates method.
7.5.3.1 Structural failure modes
7.5.3.1.1 General cases
Reference STD-DEP2-REQ-113
For mechanical aspects, the failure probability shall be calculated by using the Strength/Stress method with the following assumptions:
• the strength S of the materials follows a "Normal Law distribution" with a coefficient of variation (σS/mS) defined in table 7.5 : o σS is the standard strength deviation, o mS is the average value of strength.
• the applied load L (stress) follows a "Normal Law distribution" with a coefficient of variation (σL/mL) defined in table 7.6 : o σL is the standard stress deviation, o mL is the average value of stress.
• the failure probability is the probability that the stress is higher than the strength: L > S
Figure 7.1 Parameters involved in stress-strength method
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 44/71
All rights reserved, 2009, Thales Alenia Space
The probability to have (S-L < 0) is equal to :
∫ ∞−
−=
u u
duep 2
2
21π
which approximations are :
⎟⎠⎞
⎜⎝⎛ +−+−=
−
...1531
121
642
2
2
uuuue
p
u
π =
( ) ( )
⎟⎟⎟⎟
⎠
⎞
⎜⎜⎜⎜
⎝
⎛−−
+ ∑∏
=
=
−3
121
2121
121
2
NN
N
i
Nu
u
i
ue
π
or u > 2.5, and :
⎟⎟⎠
⎞⎜⎜⎝
⎛−+++=
−
...5.3.13.112
121 532
2
uuuu
ep
u
π = ( )⎟
⎟⎟⎟
⎠
⎞
⎜⎜⎜⎜
⎝
⎛
+++ ∑
∏
∞
=
=
+−
0
1
122
121
21
21
2
NN
i
Nu
i
uu
eπ
for 0 < u < 2.5,
with 22LS
LS mmu
σσ +
−=
if L
S
mm
K =, then
22
2
1
⎟⎟⎠
⎞⎜⎜⎝
⎛+⎟⎟
⎠
⎞⎜⎜⎝
⎛
−=
L
L
S
S
mmK
Ku
σσ
( )MSKKKKK QD +××××= 121 with : K1 = Ratio limit flight load - Average flight load, KD = Design load coefficient, KQ = Qualification load coefficient, MS = Margin of Safety, K2 = Ratio average strength - minimum assured strength.
L
L
mK
σα+= 11
S
S
m
Kσ
β−=
1
12
Coefficients α and β are function of the stress and strength value type. Definitions of strength A and B value are given in the document ESA referenced ECSS-E-30 Part 2A. A-Value Mechanical property value above which at least 99 % of the population of values is expected to fall, with a confidence level of 95 %. B-value :
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 45/71
All rights reserved, 2009, Thales Alenia Space
Mechanical property value above which at least 90 % of the population of values is expected to fall, with a confidence level of 95 %. The coefficients are determined with table of the normal law. For stress : Type A value: α = 2.33, Type B value: α = 1.28, Other: α is determined with the normal law table (confidence level of 95 %) and taking into account population rate below which applied load is expected to fall. Conservative value shall be taken for rate of 97.72 % of the population, with a confidence level of 95 % (i.e. α = 2). For strength : Type A value: β = 2.33, Type B value: β = 1.28, Other: β is determined with the normal law table (confidence level of 95 %) and taking into account population rate above which mechanical strength is expected to fall. Conservative value shall be taken for rate of 97.72 % of the population, with a confidence level of 95 % (i.e. β = 2).
7.5.3.1.2 Particular cases
Reference STD-DEP2-REQ-114
An approach with a reliability figure of 1 for structural components shall be adopted providing :
• Qualification and design coefficients remain higher or equal to 1.25, • Qualification program is completed, • A QA program for the production phase is established, • A stress/strength analysis is available on request and shows positive margins.
In this case all requested data here above shall be indicated in the relevant reliability analysis or in the relevant FMEA.
7.5.3.2 Functional failure modes
Reference STD-DEP2-REQ-115
Functional failures modes include failure modes such as no deployment, untimely deployment release, loss of hold down, etc. … If the normal distribution is assumed for the parameters (i.e. motor torque, deployment speed, utilisation duration, …) and the operational limit values (resistive torque, dimensioning limit speed, life duration, …) etc …, then the probability of success shall be determined by same method as for Structural failure modes (general cases), with modification for u :
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 46/71
All rights reserved, 2009, Thales Alenia Space
22LFP
LFP mmuσσ +
−=
mFP is the mean functional parameter value, σFP is the standard deviation of the functional parameter, mL is the mean limit value, σL is the standard deviation of the limit value. The same method allows to determine the structural probability for motorised system.
21 KKKK M ××= with: K1 = Ratio maximum limit value - Average limit, KM = Functional Safety Margin, K2 = Ratio functional parameter - minimum assured functional parameter.
L
L
mK σ
α+= 11
FP
FP
m
Kσ
β−=
1
12
Conservative value for coefficients: α and β are taken at 2 (97.72 % of the population of values is expected to fall, with a confidence level of 95 %).
:L
L
mσ
deployment and pointing 25 %; operational life 2 %.
:FP
FP
mσ
deployment and pointing 20 %; operational life 10 %.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 47/71
All rights reserved, 2009, Thales Alenia Space
Launching thrust Other static loads Transitional loads Sine vibrations Acoustic vibrations Thermo-elastic loads -without correlation -with correlation Loads induced by attitude control Shock
5 % 30 % 50 % 20 % 40 % 20 % 7.5 % 2 % 10 %
Table 7.5 Usual dispersion for material strength
MATERIAL MECHANICAL STRENGTH DISPERSION Metal Metallic shells Compound Fibre carbon Screw, rivet, Weld Bonding Honeycomb Structural inserts Inserts for equipment
Fracture (and distortion if σR/σD < 1.2) Buckling if σR/σD >1.2 Collapse (joint loads) Fracture Fracture Shear Tension Shear/compression Face wrinkling Axial load Plan load Axial load Plan load
8 % 15 % 14 % 10 % 8 % 12 % 16 % 10 % 8 % 12 % σ/m Honeycomb flange 16 % σ/m flange
Table 7.6 Usual dispersion for applied loads
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 48/71
All rights reserved, 2009, Thales Alenia Space
7.5.4 Early life and wearout models
Reference STD-DEP2-REQ-116
Elements of the design which exhibit early life failures greater than the established random failure rate, or wearout modes of failure prior to the specified design life of the mission, shall be assessed using established reliability modeling techniques such as the Weibull distribution or other appropriate model. The Weibull model is defined by:
ηγ β)()( −
=tetPS
Where: t = mission time in hours, β = shape parameter, η = characteristic life, γ= minimum life.
7.5.5 MTTF and MMD calculations In some specific cases, calculation of either the MTTF (Mean Time to Failure) and the MMD (Mean Mission Duration) may be required. These terms are defined by the following expressions for some time, T: T MMD(T) = ∫ Ps (t) dt o ∞ T MTTF = ∫ Ps (t) dt ≈ ∫ Ps (t) dt for a large value of T such that Ps(t) ≤ 0.01 o o
8. AVAILABILITY AND OUTAGE ANALYSIS
8.1 AVAILABILITY ANALYSIS
8.1.1 General
Reference STD-DEP2-REQ-117
Such analysis shall be conducted only in case of specific request and need identified. It concerns flight hardware , as well as ground stations.
It aims at assessing the performances of the concerned design in term of availability, in order to verify the compliance w.r.t requirements and to consolidate the design (redundancy philosophy) and the maintainability plan if any (spare policy).
Reference STD-DEP2-REQ-118
The basic considered guideline for such analysis shall be the AD7 “Availability analysis”.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 49/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-119
All sources of interruption shall basically be covered in the frame of the analysis, that says : • definitive mission interruption consecutive to single or multiple failures, • outages (i.e temporary non compliance with the technical requirements) caused by
random events (reconfigurable failures , radiations or Single Event Phenomena) or deterministic events (like recalibration phases or un-operational periods )
8.1.2 Method
Reference STD-DEP2-REQ-120
The inputs which shall be collected are the following (to be adapted to the context) : • the list of potential possibility of mission interruption with associated data and
information (MTBF, probability of occurrence, number, effect on mission, down time, MTTRepair, MTTReplace,),
• the proposed redundancy and spare policy (if applicable).
Reference STD-DEP2-REQ-121
For the purpose of the calculation, a defined response time for remedy of the outage causing event shall be taken into account in the accrued downtime.
Reference STD-DEP2-REQ-122
Then a mathematical model shall be built and all the data combined in order to determine the relevant availability of the system, this in a way which is compatible with the requirements terms.
8.1.3 Outputs
Reference STD-DEP2-REQ-123
The outputs in term of availability shall be expressed in order to be adapted with the requirements. It may be presented as follows (examples) :
• average availability versus time. • outage characteristics for certain time internals (month, year, lifetime period)
including : • mean number of outages • mean duration of one outage • mean cumulated outage duration • unavailability versus time due to outages. • Probability to have an interruption with a duration longer than a given value, and over
a given period.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 50/71
All rights reserved, 2009, Thales Alenia Space
Reference STD-DEP2-REQ-124
In addition, recommendation for design modification or maintenance plan adaptation shall be proposed, in order to optimize the robustness of the design w.r.t the risk of mission interruption.
8.2 OUTAGE ANALYSIS (DATA COLLECTION) An outage is defined as a temporary non compliance with requirements caused by a failure. The purpose of the outage analysis is to supply outage data for the availability analysis at upper level and to identify means to minimize the occurrence of outages and their duration. This system analysis is supported by subcontractors documentation supplying outage data. Outage data are defined as :
• failure rate or probability of occurrence of unit failure mode causing the outage,
• outage duration. Typical inputs for the Outage Analysis are FMEA, Reliability Assessment, Engineering Data, Spacecraft Specification and Operations documentation. The causes of outages are limited to failures and radiations (Latch-up, Single / Multiple Event Upset).
8.3 INFORMATION AND DATA TO BE PROVIDED
Reference STD-DEP2-REQ-125
Following information shall be provided either in a specific document or in another Dependability one (e.g Fmea or reliability assessment) :
• Identification of the circuit causing the outage, • Level and type of redundancy • Functional consequences of the failure, • Means of detection (e.g. designation of telemetry signal for identification and location
of the outage origin), • Recovery technique (redundant element(s), etc.), • Outage duration (mean and worst case duration). The assumptions for the calculation
of outage duration has to be stated in the text, • Failure rate corresponding to the outage (if a probability of occurrence is presented,
the model used for the calculation and the value of the parameters are to be indicated),
• Average probabilistic downtime resulting from previous data. • Remarks - Recommendations/actions to minimize the probability of occurrence and
duration of outage will also be entered here.
The outage duration and the corresponding failure rates (or probability of occurrence) will be compared with the specified requirements.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 51/71
All rights reserved, 2009, Thales Alenia Space
ANNEX 1 - COMPONENTS FAILURE MODES
For FMEA analysis the following component failure modes shall be considered : The list of failure modes of each part may be amended or completed by the subcontractor, depending on specific applications (justifications to be submitted to Prime approval). Part Type Failure Mode Remark Resistor
- Open Circuit - Short Circuit
- Short circuit only for wirewound resistors (typical RE, RER, RWR, RB, RBR, ...)
- For networks, the open circuit of the common connection must be considered
Capacitor - Open Circuit - Short Circuit
- for self -healing capacitor (typical MKU, MYL, ...) the short circuit is to be considered in the FMEA (for traceability aspects). The minimum self-healing energy will be indicated
Diodes - Open Circuit - Short Circuit
Opto-Coupler - Open Circuit - Short Circuit - Short Circuit input/output
- diode and transistor (C/E) - to consider according to used
technology Transistor - Open Circuit
- Short Circuit - linear and switching (E/B, E/C,
B/C) + MOSFET - linear and switching (E/B, E/C,
B/C) + MOSFET Digital IC - Output stuck
- Input stuck - Loss of power supply - Short Circuit - SEP - Loss or degradation of function
- VCC+, VCC-, 0, 1, high impedance
- VCC+, VCC-, 0, 1 - VCC+, VCC-
Analog IC - Output stuck - Input stuck - Loss of power supply - Short Circuit - Loss or degradation of function
- VCC+, VCC-, 0, 1, high impedance
- VCC+, VCC- - VCC+, VCC-
Memory - Output stuck - Input stuck - Loss of power supply - Short Circuit - SEP - According to technology : wrong address, wrong bit(s), ...
- VCC+, VCC-, 0, 1, high impedance
- VCC+, VCC-, 0, 1 - VCC+, VCC-
Microprocessor - Failure mode to be defined from functional description, using the digital failure modes. - SEP for sensitive circuit
ASIC - Failure mode to be defined from functional analysis , using the digital or analog IC failure modes. - SEP for sensitive circuit
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 52/71
All rights reserved, 2009, Thales Alenia Space
Part Type Failure Mode Remark Hybrid Failure modes of components when viewed as
discrete components
Relay - Coil Short Circuit - Stuck in one position - Blocked in intermediate position - Contacts in different positions (only for DPDT) - Short Circuit between two contacts - Short Circuit between a contact and the structure
See following annex for the description of relay failure modes. to consider according to the technology of the relay. to consider according to the technology of the relay.
Connection - Open Circuit on a pin - Connector disconnection
- connector disconnection will be
considered as unlikely providing a locking device is existing and verification of locking is done.
Microwave component
- Open Circuit of an access or connection - Short Circuit of an access or connection - Loss of a component - Degradation of performance
- to specify according to elements considered
Inductor - Open Circuit - Short Circuit - Short Circuit
- self, transformer - self - transformer: primary/secondary,
+/- primary, +/- secondary. S.C. between windings is analysed except if insulation (other than enamel) exists between the windings. To be precised in the analysis.
Filtered Feed-through
- Open Circuit - Short Circuit - Short Circuit with structure
Fuse - Open Circuit Quartz - Open Circuit
- Drift of the frequency
Thermistor - Open Circuit - Short Circuit
Heater - Open Circuit - Short Circuit - Drift - Short Circuit between heater and structure - Short-circuit between lines (nominal and redundant)
- Depending on device technology - of resistance value - input or output of the heater ;
depending on device technology - Depending on device technology
Thermostat - Blocked open - Blocked closed - Drift of commutation thresholds - Short circuit of input or output with structure.
- Depending on device technology
Cell of battery NiH2
- Short Circuit - Open Circuit
- 98 %) - (2 %)
Cell of battery LiC
- Short Circuit - Open Circuit
Solar cell Si or AsGa
- Short Circuit - Open Circuit - Short circuit of input or output with structure.
- (80 %) - (20 %) total or partial surface
loss - Depending on device technology
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 53/71
All rights reserved, 2009, Thales Alenia Space
Part Type Failure Mode Remark Heat pipe (thermal control)
- Rupture - Leakage - Insufficient thermal transfer
Propulsion : All element in pressure (tank, tubing, soldering, filter, valve, regulator, pressure transducer, ...) Pressure transducer Filter Pyro valve, Electro valve (isolation) Bi-ergol thruster valve Pressure regulator Non-return valve Fill & Drain valve
- Rupture - External leakage - Incorrect measurement - Partial obstruction - Insufficient filtering - Internal leakage - Stuck open - Stuck close - Untimely closed - Untimely opened - Internal leakage - Stuck open - Stuck close - Untimely closed - Untimely opened - Disymetric opening - high output pressure - low output pressure - Internal leakage - Stuck open - Stuck close
- compared to normal pressure - compared to normal pressure see "all element in pressure"
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 54/71
All rights reserved, 2009, Thales Alenia Space
ANNEX 2 - FAILURE MODE DISTRIBUTION TABLES TO BE USED FOR FMEA
The aim of this Annex is to give the distribution in % of the different failure modes of electronic and electro-mechanical components. These data shall be used to compute the failure rate of a specific failure mode when necessary. Others failure mode distributions can be used with justification and submitted to the Company approval. The symbol εε means that the relative probability of the failure mode is several orders of magnitude lower than the other failure modes, an so can be ignored in calculations. However it must be analysed in FMEA analysis. Failure modes with a failure rate of 0 are not considered in FMEA analysis. USED ACRONYMS S.C. Short-circuit O.C Open Circuit Vcc+ Power supply + Vcc- Power supply - DPST Double pole single through DPDT Double pole double through E Emitter B Base C Collector D Drain S Source G Gate λ failure rate MG Mechanical ground DAC Digital Analog Converter ADC Analog Digital Converter. RESISTORS TYPE λ DISTRIBUTION REMARKS
S.C. O.C. Metal film (RNR-RNC-RLR-RCR)
0 100 %
Chip 0 100 % Networks 0 100 % Wire wound accurate (RBR) 15 % 85 % Wire wound power (RWR-RER) ε 100 % Potentiometer (RTR) 15 % 85 % Thermistor (RTH) 15 % 85 % CAPACITORS TYPE λ DISTRIBUTION REMARKS
S.C. O.C. Metallised plastic (MKU + PM) ε 100 % ε = 0 if energy stored in capacitor
is greater than 500 μ joules Ceramic (CKR-DLZ-CCR-CLC-CDR)
64 % 36 %
Tantalum (CSR-CLR)
92 % 8 %
Glass (CYR) 63 % 37 % Mica (CMR) 19 % 81 %
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 55/71
All rights reserved, 2009, Thales Alenia Space
DIODES TYPE λ DISTRIBUTION REMARKS
S.C. O.C. Small signal 50 % 50 % Switching 67 % 33 % Rectifier 60 % 40 % Zener (reference) 33 % 67 % Schottky 33 % 67 % transient suppressor (tranzorb) 100 % ε TRANSISTORS AND OPTO-COUPLERS TRANSISTORS λ DISTRIBUTION REMARKS
S.C. O.C. * All SI technologies
Switching Linear
60 % 57 %
40 % 43 %
FET (MOS, XFET) 33 % (D/S) 11 % (G/S) 16 % (D/G)
40 % (D/S) ε (G/S) ε (D/G)
Opto-coupler Diode (λ/3) Transistor (λ x 2/3)
22 % 38 %
11 % 29 %
Insulation diode / transistor ε 0 for the 3C91,ε=0 DIGITAL INTEGRATED CIRCUITS TYPE λ DISTRIBUTION REMARKS
Output stuck at 0 or Vcc- (1,2)
Output stuck at 1 or Vcc+ (1,2)
Others
Digital:Bipolar,TTL,CMOS Memory (3) Microprocessor (4) ADC (digital output) Digital ASIC (4)
60 % 60 %
40 % 40 %
ε ε
NOTA: (1) The % of the λ is shared between all the outputs, including non used outputs. (2) Failure modes of an input or an output stuck at 0 or at 1 are similar to failure modes of
an input or an output in short-circuit with Vcc- or Vcc+. (3) Memory : ROM, PROM, REPROM, RAM, EEPROM. (4) Failure mode analysis on the inputs and outputs is performed at sub-function of the
circuit (sub-functions given by the functional description). HYBRIDES data for micro-devices failure modes are the same as discrete components.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 56/71
All rights reserved, 2009, Thales Alenia Space
LINEAR INTEGRATED CIRCUITS TYPE λ DISTRIBUTION REMARKS
Stuck at Vmin or non active
Stuck at Vmax or always active
Wrong value on output
others
DAC I output 0 0 100 % ε DAC V output 25 % 15 % 60 % ε TYPE λ DISTRIBUTION REMARKS
Stuck at Vmin or non active
Stuck at Vmax or always active
others
Amplifier, comparator Regulator Multiplexer (1)
60 % 60 % 40 %
40 % 40 % 60 %
ε ε ε
always active = S.C.
Voltage reference 60 % 40 % ε NOTE: (1) The % of the λ is shared between all the outputs, including non used outputs. QUARTZ TYPE λ DISTRIBUTION REMARKS
S.C. C.O. DERIVE Quartz 0 100 % ε RELAYS TYPE λ DISTRIBUTION
Locked ON
Locked OFF
interm. Posit. Others
Bistable SPDT DPDT Monostable SPST DPST
40 % 30 % 10 % 10 %
40 % 30 % 70 % 50 %
10 %/C 10 %/C 10 %/C 10 %/C
ε ε ε ε
See following annex for the description of relay failure modes.
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 57/71
All rights reserved, 2009, Thales Alenia Space
FILTERS TRANSFORMERS INDUCTORS TYPE λ DISTRIBUTION REMARQUES
S.C. O.C. SC/MG Pulse Transformers Power Transofrmers Inductors Filtered feed-through Transformers with sheathed wire (1)
40 % (1)
60 % (1)
ε
(1) ε
0
60 %
40 %
100 %
50 %
100 %
0
0
0
50%
0
(1) S.C. between windings is analysed except if insulation (other than enamel) exists
between the windings. To be precised in the analysis.
DIVERS TYPE λ DISTRIBUTION REMARKS
S.C. O.C. discon. Connector 0 %
100 % ε (1)
TYPE λ DISTRIBUTION REMARKS
S.C. O.C. Fuse 0 % 100 % (1) connector disconnection will be considered as unlikely providing a locking device is
existing and verification of locking is done. Exemples of relay failure modes
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 58/71
All rights reserved, 2009, Thales Alenia Space
P e r m a n e n t i ntermediary position for one switch
S h o r t - c i r c u i t between 2 moving contacts of a switch
I n t e r m e d i a r y p osition
in c o n s i s t e n t p o sition
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 59/71
All rights reserved, 2009, Thales Alenia Space
ANNEX 3 - AGING TABLES TO BE USED FOR WCA
The aging tables which shall be used for the individual piece parts are provided in Tables A1-5 for 10 & 18 years. For ICs, transistors, and diodes the parameter aging degradation has been calculated at 55, 85, and 110°C and for capacitors and resistors at 55, 85, and 125°C. For digital ICs the drift of dynamic parameters due to aging and temperature can be the maximum specification limit for wide temperature range (-55°C to + 125°C) for total worst case tolerance. CAPACITOR TYPE
PARAMETER NAME
% CHANGE FROM INITIAL VALUE *
% CHANGE FROM INITIAL VALUE *
10 YEARS 18 YEARS 55 85 .125°C 55 85 .125°CCERAMIC (CKR, CCR, CKS) GENERAL PURPOSE
CAPACITANCE INSULATION RESISTANCE
0 0
+ 0.1 -0.2
+ 20 -50
0 0
+ 0.1 -0.2
+ 21 -53
CERAMIC CHIP (CDR) GENERAL PURPOSE BX
CAPACITANCE INSULATION RESISTANCE
0 0
+ 0.1 -0.2
+ 20 -50
0 0
+ 0.1 -0.2
+ 21 -53
TEMPERATURE COMPENSATED (CERAMIC, NPO)
CAPACITANCE (1) INSULATION RESISTANCE
0 0
0 -0.2
+ 1.5 -50
0 0
0 -0.2
+ 1.6 -52.6
SUPERMETALLIZED FILM WITH POLYCARBONATE AND POLYSULFONE DIELECTRICS (PLASTIC, CRH, CHS)
CAPACITANCE INSULATION (2) RESISTANCE
0 0
0 0
+ 2 -70
0 0
0 0
+ 2.1 -74
PLASTIC FILM, METALIZED / NOMMETALLIZED (CQR)
CAPACITANCE INSULATION (2) RESISTANCE
0 0
0 0
+ 2 -70
0 0
0 0
+ 2.1 -74
GLASS (CYR)
CAPACITANCE (3) Dissipation factor
0 0
0 0
+ 0.5 -0.2
0 0
0 0
+ 0.5 -0.2
FIXED MICA (CMR, CMS)
CAPACITANCE (3) INSULATION RESISTANCE
0 -0.1
0 -1.8
+ 0.5 -70
0 -0.1
0 -1.8
+ 0.5 -74
TANTALUM FOIL (CLR 25, 27, 35, 37)
CAPACITANCE D.C. LEAKAGE (4)
+ 4 +36
+ 15 +130
+ 61 +528
+ 4 +36
+ 15 +130
+ 64 +566
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 60/71
All rights reserved, 2009, Thales Alenia Space
CAPACITOR TYPE
PARAMETER NAME
% CHANGE FROM INITIAL VALUE *
% CHANGE FROM INITIAL VALUE *
SOLID TANTALUM (CSR 13, 33, CSS)
CAPACITANCE D.C. LEAKAGE (4)
+ 2.8 +56
+ 10 +200
+ 40.6 +812
+ 2.8 +56
+ 10 +200
+ 43 +854
FIXED TANTALUM-TANTALUM (SINTERED CLR 79 WET SLUG)
CAPACITANCE D.C. LEAKAGE (4)
+ 4 +36
+ 15 +130
+ 60.9 +528
+ 4 +36
+ 15 +130
+ 64 +555
VARIABLE PISTON TYPE (CERAMIC)
CAPACITANCE (5) D.C. LEAKAGE
0 0
0 +0.1
+ 5 +30
0 0
0 +0.1
+5.3 +32
PORCELAIN CAPACITANCE (6)
0 0 + 0.2 0 0 + 0.2
SOLID TANTALUM CHIP (CWR)
CAPACITANCE D.C. LEAKAGE (4)
+ 2.8 +56
+ 10 +200
+ 40.6 +812
+3.0 +59.4
+10.6 +212
+43 +860
* All values are % change from initial value unless otherwise noted. 1. Change is + 1.5 % or + 0.08pF whichever is greater. 2. Percentage change of minimum limit. 3. Change is + 0.5 % or + 0.5pF whichever is greater. 4. Percentage change of maximum limit. Percentage change of initial set value. NOTE: A zero indicates that there has been no parameter change.
Table A3.1 Capacitor Aging Degradation for 10 Years & 18 Years
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 61/71
All rights reserved, 2009, Thales Alenia Space
RESISTOR TYPE
PARAMETER NAME
% CHANGE
% CHANGE
10 YEARS 18 YEARS 55 85 .125°C 55 85 .125°C CARBON COMP. (RCR)
RESISTANCE 0 +0.6 +15.0 0 +0.6 +16
WIRE WOUND (1) ACCURATE (RBR)
RESISTANCE Tol. = 1.0 % Tol. = 0.51 % Tol. = 0.3 % Tol = 0.03 %
0 0 0 0
<+0.1 0 0 0
+1.0 +0.5 +0.3 (2)
0 0 0 0
<+0.1 0 0 0
+1.1 +0.5 +0.3 (2)
METAL FILM (RNC)
RESISTANCE 0 <+0.1 +2.0 0 <+0.1 +2.1
METAL FILM NETWORK (RZO)
RESISTANCE 0 <+0.1 +2.0 0 <+0.1 +2.1
THIN FILM CHIP (RMO)
RESISTANCE 0 <+0.1 +4.0 0 <+0.1 +4.0
THICK FILM CHIP (RMO)
RESITANCE 0 <+0.1 +4.0 0 <+0.1 +4.2
METAL FILM (RLR)
RESISTANCE 0 <+0.1 +3 0 <+0.1 +3
WIRE WOUND POWER (RWR)
RESISTANCE 0 <+0.1 +1.0 0 <+0.1 +1.1
WIRE WOUND CHASIS (RER)
RESISTANCE 0 <+0.1 +1.0 0 <+0.1 +1.1
METAL FILM PRECISION (RNR)
RESISTANCE 0 <+0.1 +1.0 0 <+0.1 +1.1
VARIABLE (RJR)
RESISTANCE <+0.1 +1.2 +30.0 <+0.1 +1.2 +32
VARIABLE (RTR)
RESISTANCE 0 +0.8 +20.0 0 +0.8 +21
THERMISTOR (3) Glass Bead (-TC) Bead Encap. (+ TC) Disc (+ TC)
RESISTANCE 0 0 0
+0.2 +0.1 +0.1
+5.0 +1.8 +1.3
0 0 0
+0.2 +0.1 +0.1
+5.3 +1.9 +1.4
NOTES: 1. To ensure the appropriate EOL tolerance for RBR resistors, the proper stress ratios need to be taken into consideration. 2. The percent change greater than 0.03 % for temperatures over 100°C. 3. Parameter changes are in addition to normal thermistor change due to temperature. 4. A Resistance change of zero indicates that the change is much less than 1.0 %. 5. These EOL resistance changes do not include initial resistor tolerances. These changes should be summed algebraically with the initial part tolerance.
Table A3.2 Resistor Aging Degradation for 10 Years & 18 Years
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 62/71
All rights reserved, 2009, Thales Alenia Space
DIODE TYPE
PARAMETER NAME
% CHANGE
% CHANGE
10 YEARS 18 YEARS 55 85 110°C 55 85 110°C RECTIFIER FORWARD
VOLTAGE 0 +0.3 +3 0 +0.5 +5.4
REVERSE CURRENT
+0.4 +9.8 +100 +0.4 +10 +105
BREAKDOWN VOLTAGE
0 -0.2 -2 0 -0.4 -3.6
SWITCHING FORWARD VOLTAGE
0 +0.3 +3 0 +0.5 +5.4
REVERSE CURRENT
+0.4 +9.8 +100 +0.4 +10 +105
BREAKDOWN VOLTAGE
0 -0.2 -2 0 -0.4 -3.6
SMALL SIGNAL FORWARD VOLTAGE
0 +0.1 +1 0 +0.2 +1.8
REVERSE CURRENT
+0.4 +9.8 +100 +0.4 +10 +105
BREAKDOWN VOLTAGE
0 -0.5 -5 0 -0.9 -9
ZENER FORWARD VOLTAGE
0 +0.1 +1 0 +0.2 +1.8
REVERSE CURRENT
+0.4 +9.8 +100 +0.4 +10 +105
ZENER VOLTAGE
0 + 0.2 + 2 0 + 0.4 + 3.6
TRANSIENT SUPPRESSOR
REVERSE CURRENT
+0.4 +9.8 +100 +0.4 +10 +105
BREAKDOWN VOLTAGE
0 -0.3 -3 0 -0.5 -5.4
STEP RECOVERY
FORWARD VOLTAGE
0 +0.1 +1.5 0 +0.3 +2.7
REVERSE CURRENT
+0.4 +9.8 +100 +0.4 +10 +105
BREAKDOWN VOTLAGE
0 -0.2 -2 0 -0.4 -3.6
CAPACITANCE
0 + 0.1 + 1.3 0 + 0.2 + 2.3
Table A3.3 Diode Aging Degradation for 10 Years & 18 Years (1/2)
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 63/71
All rights reserved, 2009, Thales Alenia Space
DIODE TYPE
PARAMETER NAME
% CHANGE % CHANGE
10 YEARS 18 YEARS 55 85 110°C 55 85 110°C REFERENCE REVERSE
CURRENT +0.4 +9.8 +100 +0.4 +10 +105
DYNAMIC IMPEDANCE
0 -0.1
+1.2 -2.9
+12 -30
0 -0.2
+2.1 -5.3
+22 -54
FORWARD VOLTAGE
0 +0.1 +1 0 +0.2 +1.8
ZENER VOLTAGE
0 + 0.2 + 2 0 + 0.4 + 3.6
SCHOTTKY BARRIER
REVERSE CURRENT
+0.4 +9.8 +100 +0.4 +10 +105
BREAKDOWN VOLTAGE
0 -0.3 -3 0 -0.5 -5.4
FORWARD VOLTAGE
0 +0.1 +1 0 +0.2 +1.8
IC SERIES PARAMETER
NAME UNIT 10 YEARS 18 YEARS
55 85 110°C 55 85 110°C5400 TTL
V(OL) V(OH) I(OS) /1. I(IH) /2. I(IL) /2. I(CCH) FREQ.
mV V % µA µA % %
+0.1 0 0 0 -0.9 0 0
+3.9 0 +1 +0.4 -24 +0.5 -1
+40 -0.2 +10 +4 -250 +5 -10
+0.3 0 +0.1 0 -1.7 0 -0.1
+7.0 0 +1.8 +0.7 -44 +0.9 -1.8
+72 -0.4 +18 +7.2 -450 +9 -18
54L TTL
V(OL) V(OH) I(OS) I(IH) /2. I(IL) /2. I(CC) FREQ.
mV V mV µA µA % %
+0.1 0 0 0 -0.1 0 0
+2.9 0 + 0.1 +0.1 -1.8 +0.6 -1
+30 -0.2 + 1 +1 -18 +6 -10
+0.2 0 0 0 -0.1 0 -0.1
+5.3 0 ±± 0.2 +0.2 -3.2 +1.1 -1.8
+54 -0.4 ±± 1.8+1.8 -32 11 -18
Table A3.3 Diode Aging Degradation for 10 Years & 18 Years (2/2)
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 64/71
All rights reserved, 2009, Thales Alenia Space
IC SERIES PARAMETER
NAME UNIT 10
YEARS 18 YEARS
55 85 110°C 55 85 110°C 2900 V(OL)
V(OH) I(IH) I(IL) I(CC) I(OZ) FREQ.
mV mV µA % % % %
+0.1 -0.5 0 0 0.1 0 0
+2.1 -14 + 0.7 +0.8 + 2.4 + 0.7 -1
+22 -140 + 7.6 +8.7 + 25 + 7.6 -10
+0.2 -0.9 0 0 ±± 0.2 0 0
+3,8 -25.2 ±± 1.3 +1.5 ±± 4.3 ±± 1.3 -1.8
+39.6 -252 ±± 13.7 +15.7 ±± 45 ±± 13.7 -18
54 LS TTL
V(OL) V(OH) I(OS) /1. I(IH) /1. I(IL) /1. I(CC) /3. FREQ.
mV V % % % % %
+0.1 0 0 0 0 0 0
+3.9 0 + 1.2 + 1 + 1 + 1 -1
+40 -0.2 + 12 + 10 + 10 + 10 -10
+0.3 0 ±± 0.1 ±± 0.1 ±± 0.1 ±± 0.1 -0.1
+7 0 ±± 2.1 ±± 1.8 ±± 1.8 ±± 1.8 -1.8
+72 -0.4 ±± 22 ±± 18 ±± 18 ±± 18 -18
93L TTL
V(OL) V(OH) /1. I(CC) /1. I(R) I(F) I(CEX) . V(F) /1. FREQ.
mV % % µA µA µA % %
+0.1 0 0 0 0 0 0 0
+2 +1 +.5 +0.2 +1 +0.2 +0.5 -1
+20 +10 +5 +2 +10 +2 +5 -10
+0.1 +0.1 0 0 +0.1 0 0 -0.1
+3.5 +1.8 +0.9 +0.4 +1.8 +0.4 +0.9 -1.8
+36 +18 +9 +3.6 +18 +3.6 +9 -18
MEMORY LSI
V(OL) V(OH) I(IH) I(IL) I(CC) /3. I(OZ) FREQ.
mV V µA µA % µA %
+0.3 0 +.1 -0.1 0 +0.1 0
+8.8 0 +3.6 -2.4 +1 +3.9 -1
+90 -0.2 +37 -25 +10 +40 -10
+0.6 0 +0.2 -0.2 +0.1 +0.3 -0.1
+16 0 +6.5 -4.4 +1.8 +7 -1.8
+162 -0.4 +67 -45 +18 +72 -18
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 65/71
All rights reserved, 2009, Thales Alenia Space
IC SERIES PARAMETER NAME
UNIT 10 YEARS
18 YEARS
CD4000 CMOS
I(IH I(IL) I(DDI) I(OL) /1. I(OH) /1. V(P) V(N) FREQ.
nA nA µA % % V V %
+0.3 -0.3 +0 -0.1 -0.1 0 0 0
+7.3 -7.3 +0.2 -2 -2.1 0 0 -1
+75 -75 +2.5 -20 -22 -0.5 +0.2 -10
+0.5 -0.5 0 -0.1 -0.1 0 0 -0.1
+13 -13 +0.4 -3.5 -3.9 -0.1 0 -1.8
+135 -135 +4.5 -36 -40 -0.9 +0.4 -18
Table A3.4 IC Aging Degradation for 10 Years & 18 Years (1/2)
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 66/71
All rights reserved, 2009, Thales Alenia Space
IC SERIES PARAMETER
NAME UNIT 10
YEARS 18 YEARS
55 85 110°C 55 85 110°C CMOS MEMORY
V(OL) /3. V(OH) /3. I(IH) I(IL) I(CC) FREQ. I(SNK) /1. I(SRC) /1.
% % nA nA nA % % %
0 0 +.1 -0.1 0 0 0 0
+0.6 -0.3 +2.4 -2.4 +0.4 -1 +0.6 -0.6
+6.4 -3.2 +25 -25 +4 -10 +6.4 -6.4
0 0 +0.2 -0.2 0 -0.1 0 0
+1.1 -0.6 +4.4 -4.4 +0.7 -1.8 +1.1 -1.1
+11.5 -5.8 +45 -45 +7.2 -18 +11.5 -11.5
LINEAR OP AMP
V(OS) I(OS) /3. I(B) /3. A(VO) /4. V(OP) /4. C(MRR) P(SRR)
mV % % % % dB dB
0 + 0.2 0 -0.1 0 0 0
+ 0.1 + 4.9 +1 -2.4 -1 + 0.5 -0.5
+ 1 + 50 +10 -25 -10 + 5 -5
0 ±± 0.3 +0.1 -0.2 -0.1 0 0
±± 0.2 ±±9 +1.8 -4.4 -1.8 ±± 0.9 -0.9
±± 1.8 ±± 90 +18 -45 -18 ±± 9 -9
LINEAR COMP.
V(OS) I(OS) I(B) A(VO) V(OP) C(MRR) P(SRR)
mV % % % % dB dB
0 + 0.2 0 -0.1 0 0 0
+ 0.1 + 4.9 +1 -2.4 -1 + 0.5 -0.5
+ 1 + 50 + 10 -25 -10 + 5 -5
0 ±± 0.3 +0.1 -0.2 -0.1 0 0
±± 0.2 ±±9 +1.8 -4.4 -1.8 ±± 0.9 -0.9
±± 1.8 ±± 90 +18 -45 -18 ±± 9 -9
VOLTAGE REG.
F(BS) /1. S(CD) /1.
% %
0 0
+ 0.1 -1
+ 1 -10
0 -0.1
±± 0.2 -1.8
±± 1.8 -18
/1. Percentage of initial value. /2. Degradation per unit fan-in. /3. Percentage of part specified maximum limit. /4. Percentage of minimum limit.
Table A3.4 IC Aging Degradation for 10 Years & 18 Years (2/2)
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 67/71
All rights reserved, 2009, Thales Alenia Space
TRANSISTOR TYPE
PARAMETER NAME
% CHANGE *
% CHANGE *
10 YEARS 18 YEARS 55 85 110°C 55 85 110°C BIPOLAR
H(FE) I(CBO) I(CES) V(BE) (1) V(CE) (1) BV(CBO) (2) BV(CES) (2) BV(CEO) (2)
-0.1 +0.4 +0.4 0 0 0 0 0
-2.4 +9.8 +9.8 +1 +1 -0.5 -0.5 -0.5
-25 +100 +100 +10 +10 -5 -5 -5
-0.2 +0.7 +0.7 0.1 0.1 0 0 0
-4.4 +18 +18 +1.8 +1.8 -0.9 -0.9 -0.9
-45 +180 +180 +18 +18 -9 -9 -5
FET "N" CHANNEL
I(DSS) BV(GSS) V(DS, ON)
+0.4 -0.1 +0.3
+9.8 -1.5 +7.3
+100 -15 +75
+0.7 -0.1 +0.5
+18 -2.6 +13
+180 -27 +135
FET "P" CHANNEL
I(GSS) (3) I(DSS) BV(GSS)
+0.2 +0.2 0
+4.4 +4.9 -1.2
+45 +50 -12
+0.3 +0.3 -0.1
+7.9 +8.8 -2.1
+81 +90 -22
1. Percentage of specified maximum. 2. Percentage of specified minimum. 3. Change is in pA. * The direction of % change (either + or -) can be seen at the left of the column. The direction of change is the same for every value in a row.
Table A3.5 Transistor Aging Degradation for 10 Years & 18 Years
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 68/71
All rights reserved, 2009, Thales Alenia Space
ANNEX 4 - FIXED FAILURE RATES ITEMS
RF ITEMS DESCRIPTION FAILURE RATE (10-9.h-1) Adapter (Transition Guide Coax TGC) 0.4 Attenuator, Coaxial/WG (fixed resistive type) * 0.6/0.15 Circulator, Coaxial/WG * 1.1/0.3 Coaxial Connector * 0.27 Coupler, Coaxial/WG * 0.8/0.3 Diplexer, Coaxial/WG * 2.1/1.3 Equalizer, Coaxial/WG * 1/0.5 Ferrite Bead 0.2 Ferrite Junction/Element 0.1 Filter, Coaxial/WG * 0.6/0.1 --(each additional section) 0.1 Hybrid (splitter/combiner) coaxial (3 way) * 1.0 --(each additional port) 0.27 Hybrid, Waveguide 0.2 Load Element 0.05 Isolator, Coaxial/WG * 1.1/0.3 RF Switch, coaxial (per port, standby) * 0.5 --and for switching 10 / operation RF Switch, waveguide (per port) 0.5 --and for waveguide, ferrite, for switching 10 / operation --and for waveguide, motor type, for switching 50 / operation Termination, coax/WG * 0.9/0.6 Waveguide Section (with flanges) 0.1 Waveguide Section, Flexible (with flanges) 1 Waveguide Tuning Screw (unstaked) 0.1 Waveguide Tuning Screw (epoxy staked) 0.01
Table A4 Fixed Failure Rate Items (1/3) (*) : mated pair coaxial connection
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 69/71
All rights reserved, 2009, Thales Alenia Space
MECHANICAL ITEMS DESCRIPTION FAILURE RATE (10-9.h-1) Accelerometer (MECH) 50 Bearing (1 set, with low load) 10 Boom Hinge Assembly 60/cycle Cable Tension Device 5.0 Catalyst Bed Thruster 166/cycle Compression Spring 10 Electrothermal/Arcjet/Ion Thruster 500/cycle Fill/Drain Valve (or Cap) 56/seal Gear 2 Gimbal 50 Gyro (use manufacturer's data when justified) 2.000 per axis Hinge Joint 100 Hold Down Arm 100 Hold Down Latch 100 Momentum Wheels/Reaction Wheel Assemblies 100 Motor (low speed) 100 Nozzle, Hot Gas 510/cycle Nozzle, Cold Gas 17/cycle Pin Puller Device 4800/cycle Pulley 5 Resolver 100 Separation Nut/Explosive 4800/cycle Shaft (Rotating) 2 Shear Pin Puller 50/cycle Solenoid Valve 160/cycle Squib 900000/cycle Tanks, Propellant 50 Tanks and Plumbing (per inch of weld) 0.6 Thruster, operate 50/cycle Thruster, close 60/cycle Torsion Wire 50 Torsional Spring 10
Table A4 Fixed Failure Rate Items (2/3)
REFERENCE : DATE :
MTG-TAF-SA-RS-0318 30/07/09
ISSUE : 01 Page : 70/71
All rights reserved, 2009, Thales Alenia Space
OTHER ITEMS DESCRIPTION FAILURE RATE (10-9.h-1) Antenna (Reflector) 1 Antenna (Horn) 1 Antenna (Reflector Absorber) 0.5 Antenna (Feed Horn) 0.1 Antenna (Polarizer) 0.1 Antenna (OMT) 1.0 Battery cell, NiH (use test/flight data when available, 2 % open/98 % short)
32 for Geo orbit (Note 3)
Bolometer 100 Crystal, General Purpose Quartz 20 Fuse 0.5 Fusistor 10 Heater (all types) 5 Interconnections (solder, crimped connection, surface mounted technology, connector active pin)
0.035 (Note 1)
Magnetic Amplifier 14 Positioner Transducer 10 Slip Rings and Brushes 10/brush/slip ring contact Solar Cell (20 % open, 80 % short) 1 Strain Gauge (Resistance Type) 10 Thermostat 25/cycle Travelling Wave Tubes (use manufacturer's data)
(Note 2)
GaAs FET Use manufacturer data if available (with justification required in document D1; otherwise use model of § 6.2.1.b)
Table A4 Fixed Failure Rate Items (3/3) Notes: 1. Plated through hole failure rate included in associated solders., 2. The use of any failure rate for TWT will be justified by supporting analysis based on
operational history of the specific TWT design (with 60 % confidence level), 3. This failure rate is resulting from the application of a duty cycle equal to 90 days (eclipse periods)/year to an initial failure rate equal to 100 fit. 4. Failure rates of tables A4 are given for high-rel parts.
END OF DOCUMENT