Standardization training program

Q30 discipline:
Dependability

October 2021 ESTEC-NL (WebEx)

ESA UNCLASSIFIED – For Official Use

 Standardization
Introduction training program
Q30 discipline:
Dependability

 Trainer

 Course Objectives

 Course Contents

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 2
 Standardization
Trainer training program
Q30 discipline:
Dependability

Name: Antonio HARRISON SANCHEZ

Education: MS Aerospace Engineering (Reliability Engineering Option), 2006
The University of Arizona, Tucson, USA

Relevant Work Experience

2005-2006 The University of Arizona, Tucson, USA

Graduate Research Assistant
Deterministic & Probabilistic Design Optimization Group

2006-2008 European Space Agency, ESTEC, Noordwijk, NL

Young Graduate Trainee
Dependability and Safety Assurance Section

2008-2015 TERMA B.V., Leiden, NL

Product Assurance Engineer
ESTEC On-site contractor

2015-today European Space Agency, ESTEC, Noordwijk, NL

Dependability and Safety Engineer
Dependability and Safety Assurance Section

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 3
 Standardization
Objectives training program
Q30 discipline:
Dependability

 Familiarize with dependability basic concepts

 Have an overview of the most important principles to “design & operate”

a dependable system

 Understand the dependability program & requirements defined in ECSS-

Q-ST-30C Rev. 1

 Consider relevant interfaces to other disciplines (such as quality

assurance, software product assurance, configuration management,
safety, risk management, systems engineering…) and ECSS standards

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 4
 Standardization
Contents training program
Q30 discipline:
Dependability

 Introduction to dependability basic concepts

 Introduction and overview of ECSS-Q-ST-30C Rev. 1

 Detailed contents of ECSS-Q-ST-30C Rev. 1 and practical considerations

 Time for questions

Three
pillars of
reliability
Thorough
Verification and
Validation
Parts
Procurement

Robust
Requirements
and Design

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 5
 Introduction to dependability Standardization
training program
What is dependability ? [ECSS-S-ST-00-01] Q30 discipline:
Dependability

The extent to which the fulfilment of a required

function can be justifiably trusted

Maintainability
Reliability: the ability of an item to perform a
required function under given conditions for a given
time interval

Maintainability: ease of performing maintenance on Reliability Availability

a product. Maintainability can be expressed as the
probability that a maintenance action on a product
can be carried out within a defined time interval,
using stated procedures and resources. Main components of dependability: Reliability,
availability and maintainability. Dependability is
also addressed by the acronym RAM.
Availability: ability of an item to be in a state to
perform a required function under given conditions at
a given instant of time or over a given time interval,
assuming that the required external resources are
provided

Dependability shall be considered in conjunction with safety

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 6
 Introduction to dependability Standardization
training program
What is dependability ? (cont.) Q30 discipline:
Dependability

 Dependability should be seen as the capability to provide the required functionalities

at a performance level sufficient to achieve the mission objectives

 Dependability is a capability/performance characteristic and not a functionality. It

cannot be implemented by a dedicated subsystem/item but it is an inherent
characteristic of each item/function

 Dependability is a “built-in” design characteristic that is traded off with the other
item characteristics (mass, volume, complexity, cost, etc.). It is implemented by the
design engineer together with the dependability engineer to find the optimum
solution for the implementation of the required function while assuring the required
dependability performance

 Dependability applies to systems, products or services. It applies to hardware,

software and human

 Dependability focuses on failures, failure prevention and on the reduction of the

consequences of failure (life, cost, schedule, availability of service, etc.)

 Dependability risks are related to the potential loss or degradation of the required
technical performance that affects the achievement of “mission objectives”

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 7
 Introduction to dependability Standardization
training program
What is dependability ? (cont.) Q30 discipline:
Dependability

 Example 1: Driving a car

 Safety risk of getting injured or even killed in an accident / totalling the car

 Dependability risks of having a breakdown on the highway (reliability), not

having the car (availability) while its being fixed or maintenance that takes
much longer than expected (maintainability)

 Example 2: Designing & operating a spacecraft & Moon base

 Safety risk of loss of an astronaut, spacecraft or Moon base due to accident

 Dependability risks: Complete failure of an experiment ORU (reliability), shut

down of an ORU (availability), and ORU repair or replacement problem
(maintainability)

Mission failures are always more costly than proactive investments into
safety and dependability assurance !

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 8
 Introduction to dependability Standardization
training program
Why is dependability important ? Q30 discipline:
Dependability

 Example 1: Driving a car

 The implications of a car accident can be catastrophic for your family (loss of a
family member, financial loss, …)

 The implications of a car breakdown can be severe (delays, loss of driving

pleasure, loss of reputation of car manufacturer, higher life-cycle costs, …)

 Example 2: Designing & operating a spacecraft & Moon base

 The implications of a major accident can be catastrophic for the customer

organisation (loss of life, destruction of premises, consequences to the
environment , loss of reputation & credibility and funding, …)

 The implications of a loss or degradation of a mission can be very “expensive”

(no scientific return of a “one chance only mission”, need to rebuild system, …)

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 9
 Introduction to dependability
Standardization
How do dependability and safety training program
Q30 discipline:
interact ? Dependability

 A safe system is not necessarily a dependable system, a dependable

system is not necessarily a safe system

 An increase of safety can decrease the reliability and vice versa

 “Dependability & safety” needs to be integrated and optimised during

the design & operation development process

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 10
 Introduction to dependability
Standardization
How do dependability and safety training program
Q30 discipline:
interact ? (cont.) Dependability

 Example 1: Driving a car

 Safety features ABS, VSC, airbag, … can decrease the reliability of

the car (increased failure rate of added electronics). A fire
extinguisher poses a safety hazard (pressure vessel) but decreases
the fire safety risk

 Example 2: Designing & operating a spacecraft & Moon base

 Redundancy in the propulsion system can increase the reliability

but also the chance of leaks

 Increase of environmental shielding can require more

transportation flights to the Moon base, which increase the overall
launch risks and introduce additional costs

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 11
 Introduction to dependability
Standardization
How is dependability performance training program
Q30 discipline:
expressed ? Dependability

 Qualitative requirements

e.g. “No single failure in the monitoring function shall cause the loss
of the monitored function.”

 Quantitative requirements

e.g. “The launcher shall have a reliability of no less than 0.98 for
successfully inserting the payload in its target orbit with the
specified separation performance.”

Only meaningful together with specified environmental and operational

conditions !

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 12
 Introduction to dependability
Standardization
How is dependability achieved / training program
Q30 discipline:
enhanced ? Dependability

 Reliability
 De-rating
 Use of redundancy and cross-strapping
 Design diversity
 Effects limitation: fail safe/fail operational/acceptable
degradation

 Maintainability
 Modularity
 Accessibility
 Failure Detection
 Tools and skills to perform maintenance

 Availability
 Optimization of reliability and maintainability balance

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 13
 Introduction to dependability Standardization
Dependability engineering training program
Q30 discipline:
Dependability

1. Aims at the integration and prioritisation of dependability in project

activities

 Involves the application of dependability design & operation principles

and requirements such as the “failure tolerance”, “fail safe”, “emergency,
caution & warning”, “failure detection, isolation & recovery”, …

 Involves the identification & control of “dependability critical functions”

 Is based on the application of dependability analyses as design &

operation drivers through the identification, reduction and control of
dependability risks

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 14
 Introduction to dependability
Standardization
Dependability engineering during training program
Q30 discipline:
life cycle Dependability

•Establishment of the dependability policy and initial conceptual trade offs

Phase A

•Definition of project specific failure effect severity categories and preliminary

dependability analyses to support design trade offs
Phase B

•Detailed analyses down to the lowest design level as verification of the defined
design to comply with the applicable dependability requirements
•Support to the definition, execution and evaluation of tests and simulations for the
Phase C/D
verification of compliance with the applicable dependability requirements

•Support of in-flight anomaly investigations and resolutions and collection of

dependability data from operational and anomaly data.
Phase E/F

A detailed list of dependability activities along the different phases is provided in ECSS-Q-ST-30C Rev. 1
Make use of it!

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 15
 Introduction to dependability
Standardization
Dependability assurance basic training program
Q30 discipline:
principles and objectives Dependability

What is dependability assurance?

Dependability assurance as part of product assurance & safety management is a

continuous and iterative process throughout the project life cycle devoted to study,
plan and implement activities intended to minimise dependability risks of a system
within the project constraints

What is the need for dependability assurance?

Dependability assurance ensures that all dependability risks are adequately identified,
assessed, minimised, controlled and finally accepted as part of project risk
management

Dependability assurance ensure conformance to dependability requirements through

the implementation of a dependability assurance programme

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 16
 Introduction to dependability
Standardization
Dependability assurance basic training program
Q30 discipline:
principles and objectives (cont.) Dependability

What are the main objectives of dependability assurance ?

 assure that the system is reliable, available, maintainable

 support trade-offs and system engineering

 prevent that “something goes wrong”

 get it right the first time

 learn from mistakes

 investigate failures and resolve problems

 make sure that only known risks are accepted

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 17
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
training program
What is ECSS-Q-ST-30C Rev. 1 ? Q30 discipline:
Dependability

 ECSS-Q-ST-30C Rev. 1 is the ECSS level 2 standard on

“dependability”
 Dependability comprises reliability, availability
and maintainability
 Reliability is the ability to perform a
required function
 Availability is the ability to be in a state to
perform a required function
 Maintainability is the ability to be retained
in or restored to a state in which an item
can perform the required function

 Defines dependability assurance program and requirements

for space systems
ECSS-Q-ST-30C Rev. 1
 Program and requirements are applied to
hardware, software and human of a space system

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 18
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization

What is ECSS-Q-ST-30C Rev. 1 ? training program

Q30 discipline:
(cont.) Dependability

 Identifies dependability requirements for functions

implemented in software and the interaction between
hardware and software

 Interfaces with other ECSS standards of the Q

(product assurance), M (project management) and E
(engineering) series

 Applies to all European space projects and to all

projects phases

 Is currently in version C Rev. 1 (2017)

ECSS-Q-ST-30C Rev. 1

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 19
 Standardization
Introduction to and overview of ECSS-Q-ST-30C
training program
Overview of ECSS-Q-ST-30C Q30 discipline:
Dependability

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 20
 Standardization
Introduction to and overview of ECSS-Q-ST-30C
training program
Overview of ECSS-Q-ST-30C Q30 discipline:
Dependability

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 21
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
Overview of ECSS-Q-ST-30C Rev. 1 training program
Q30 discipline:
(cont.) Dependability

Structure of ECSS-Q-ST-30C Rev. 1

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

4 Dependability programme

5 Dependability engineering

6 Dependability analyses

7 Dependability testing, demonstration and data collection

8 Pre-tailoring matrix per product types

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 22
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
Overview of ECSS-Q-ST-30C Rev. 1 training program
Q30 discipline:
(cont.) Dependability

What are the contents of ECSS-Q-ST-30C Rev. 1 ?

ECSS-Q-ST-30C Rev. 1

Foreword  Foreword
1 Scope  1 Scope
2 Normative references  2 Normative references

3 Terms, definitions and abbreviated terms

4 Dependability programme

5 Dependability engineering

6 Dependability analyses

7 Dependability testing, demonstration and data collection

8 Pre-tailoring matrix per product types

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 23
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
Overview of ECSS-Q-ST-30C Rev. 1 training program
Q30 discipline:
(cont.) Dependability

What are the contents of ECSS-Q-ST-30C Rev. 1 ?

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references
 3 Terms, definitions and abbreviated
3 Terms, definitions and abbreviated terms terms
 3.1 Terms from other standards
4 Dependability programme
 3.2 Terms specific to the present
standard
5 Dependability engineering  3.3 Abbreviated terms
 3.4 Nomenclature
6 Dependability analysis

7 Dependability testing, demonstration and data collection

8 Pre-tailoring matrix per product types

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 24
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
Overview of ECSS-Q-ST-30C Rev. 1 training program
Q30 discipline:
(cont.) Dependability

What are the contents of ECSS-Q-ST-30C Rev. 1 ?

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

 4 Dependability programme
 4.1 General
4 Dependability programme  4.2 Organization
 4.3 Dependability programme
plan
5 Dependability engineering
 4.4 Dependability risk
assessment and control
6 Dependability analyses  4.5 Dependability critical
items
 4.6 Design reviews
7 Dependability testing, demonstration and data collection
 4.7 Dependability Lessons
learnt
 4.8 Progress reporting
8 Pre-tailoring matrix per product types
 4.9 Documentation

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 25
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
Overview of ECSS-Q-ST-30C Rev. 1 training program
Q30 discipline:
(cont.) Dependability

What are the contents of ECSS-Q-ST-30C Rev. 1 ?

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

 5 Dependability engineering
 5.1 Integration of
4 Dependability programme
dependability in the project
 5.2 Dependability
5 Dependability engineering requirements in technical
specification
 5.3 Dependability design
6 Dependability analyses criteria
 5.4 Criticality classification
7 Dependability testing, demonstration and data collection
 5.5 Involvement in testing
process
 5.6 Involvement in
8 Pre-tailoring matrix per product types
operational aspects
 5.7 Dependability
recommendations
Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 26
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
Overview of ECSS-Q-ST-30C Rev. 1 training program
Q30 discipline:
(cont.) Dependability

What are the contents of ECSS-Q-ST-30C Rev. 1 ?

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

4 Dependability programme
 6 Dependability analyses
5 Dependability engineering  6.1 Identification and
classification of undesirable
events
6 Dependability analyses  6.2 Assessment of failure
scenarios
 6.3 Dependability analyses
7 Dependability testing, demonstration and data collection and the project life cycle
 6.4 Dependability analyses
– methods
8 Pre-tailoring matrix per product types
 6.5 Dependability Critical
Items Criteria
Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 27
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
Overview of ECSS-Q-ST-30C Rev. 1 training program
Q30 discipline:
(cont.) Dependability

What are the contents of ECSS-Q-ST-30C Rev. 1 ?

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

4 Dependability programme  7 Dependability testing,

demonstration and
5 Dependability engineering data collection
 7.1 Reliability testing and
demonstration
6 Dependability analyses
 7.2 Availability testing and
demonstration
7 Dependability testing, demonstration and data collection  7.3 Maintainability
demonstration
 7.4 Dependability data
8 Pre-tailoring matrix per product types collection and dependability
performance monitoring

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 28
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
training program
Overview of ECSS-Q-ST-30C Rev. 1 Q30 discipline:
(cont.) Dependability

What are the contents of ECSS-Q-ST-30C Rev. 1 ?

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

4 Dependability programme

5 Dependability engineering

6 Dependability analyses

7 Dependability testing, demonstration and data collection

8 Pre-tailoring matrix per product types  8 Pre-tailoring matrix per product

types

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 29
 Introduction to and overview of ECSS-Q-ST-30C Rev. 1 Standardization
Overview of ECSS-Q-ST-30C Rev. 1 training program
Q30 discipline:
(cont.) Dependability

What are the contents of ECSS-Q-ST-30C Rev. 1 ?

 Annex A (informative) Relationship
ECSS-Q-ST-30C Rev. 1 between dependability activities and
project phases
Foreword  Annex B (informative) Dependability
1 Scope documents delivery per review
2 Normative references  Annex C (normative) Dependability
plan – DRD
3 Terms, definitions and abbreviated terms  Annex D (normative) Contingency
analysis – DRD
 Annex E (normative) Reliability
4 Dependability programme prediction – DRD
 Annex F (normative) Failure Detection
Identification and Recovery – DRD
5 Dependability engineering
 Annex G (normative) Zonal analysis –
DRD
6 Dependability analyses  Annex H (normative) Maintainability
analysis – DRD
 Annex I (normative) Common-cause
7 Dependability testing, demonstration and data collection analysis – DRD
 Annex J (normative) Worst Case
Analysis – DRD
8 Pre-tailoring matrix per product types  Annex K DELETED
 Annex L (informative) Common-cause
check lists
Annexes
 Bibliography

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 30
 Detailed contents and practical considerations
Standardization
How is the detailed contents of training program
Q30 discipline:
ECSS-Q-ST-30C Rev. 1 presented ? Dependability

This training session provides:

 A summary of the chapters of ECSS-Q-ST-30C Rev. 1

 Some practical remarks and considerations

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 31
 Standardization
Detailed contents and practical considerations
training program
Foreword and first two sections Q30 discipline:
Dependability

What does ECSS-Q-ST-30C Rev. 1 start with?

ECSS-Q-ST-30C Rev. 1

Foreword  Foreword
1 Scope  1 Scope
2 Normative references  2 Normative references

3 Terms, definitions and abbreviated terms

4 Dependability programme

5 Dependability engineering

6 Dependability analyses

7 Dependability testing, demonstration and data collection

8 Pre-tailoring matrix per product types

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 32
 Detailed contents and practical considerations Standardization
training program
Foreword Q30 discipline:
Dependability

The foreword of ECSS-Q-ST-30C Rev. 1:

 Gives an explanation of what ECSS standards are

 Points out that the requirements deal with the “what is to be

accomplished” rather than with the “how to organize and perform the
tasks”

 Provides an overview of the changes to the previous versions A, B,

and C (change log)

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 33
 Detailed contents and practical considerations Standardization
training program
1 Scope Q30 discipline:
Dependability

The scope of ECSS-Q-ST-30C Rev.1 comprises the:

 Dependability assurance program definition

 Dependability requirements definition (including identification of

requirements for functions implemented in software)

 Link to software product assurance and to ECSS-Q-ST-80

 Link to risk management process and to ECSS-M-ST-80

 Applicability to all European space projects

 Applicability to all project phases

 Tailoring principles

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 34
Detailed contents and practical considerations Standardization
training program
What should be noted on section 1? Q30 discipline:
Dependability

Some practical remarks and considerations on the “scope” of ECSS-Q-ST-

30C Rev. 1 are:

 Dependability policy is applied by implementing a dependability

assurance programme

 Dependability assurance is a continuous and iterative process

throughout the project life cycle

 Dependability requirements for functions implemented by software

are defined and the link to software product assurance is given

 Pre-tailoring table according to product type is given in clause 8

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 35
 Detailed contents and practical considerations Standardization
training program
2 Normative references Q30 discipline:
Dependability

ECSS-Q-ST-30C Rev.1 makes references to ECSS documents and

requirements in the areas of:

 product assurance management

 critical item control
 FMEA/FMECA
 EEE components derating
 glossary of terms

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 36
 Detailed contents and practical considerations
Standardization
3 Terms, definitions and training program
Q30 discipline:
abbreviated terms Dependability

What are the terms, definitions and abbreviated terms used in ECSS-Q-ST-30C
Rev. 1 ?
ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references
 3 Terms, definitions and abbreviated
3 Terms, definitions and abbreviated terms terms
 3.1 Terms from other standards
4 Dependability programme
 3.2 Terms specific to the present
standard
5 Dependability engineering  3.3 Abbreviated terms
 3.4 Nomenclature
6 Dependability analyses

7 Dependability testing, demonstration and data collection

8 Pre-tailoring matrix per product types

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 37
 Detailed contents and practical considerations
Standardization
3 Terms, definitions and training program
Q30 discipline:
abbreviated terms (cont.) Dependability

ECSS-Q-ST-30C Rev. 1 provides definitions of terms which are specific to

this standard such as:

 Failure scenario: conditions and sequence of events, leading from

the initial root cause, to an end failure
 Limited-life product: product with useful life duration or operating
cycles limitation, prone to wear out, drift or degradation below the
minimum required performance in less than the storage and mission
time
 Criticality (function, software, hardware, operation):
Classification of a function or of a software, hardware or operation,
according to the severity of the consequences of its potential failures
 Criticality (failure, failure mode): Classification of a failure or
failure mode according to a combination of the severity of the
consequences and its likelihood or probability of occurrence

All other definitions are given in the ECSS glossary of terms (ECSS-ST-
00-01)
ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 38
 Standardization
Detailed contents and practical considerations
training program
4 Dependability programme Q30 discipline:
Dependability

What does ECSS-Q-ST-30C Rev. 1 require on dependability programme ?

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

 4 Dependability programme
 4.1 General
4 Dependability programme  4.2 Organization
 4.3 Dependability programme
plan
5 Dependability engineering
 4.4 Dependability risk
assessment and control
6 Dependability analyses  4.5 Dependability critical
items
 4.6 Design reviews
7 Dependability testing, demonstration and data collection
 4.7 Dependability Lessons
learnt
 4.8 Progress reporting
8 Pre-tailoring matrix per product types
 4.9 Documentation

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 39
 Detailed contents and practical considerations Standardization
training program
4 Dependability programme (cont.) Q30 discipline:
Dependability

What are the key ingredients of a dependability program?

Dependability programme management of a project includes:

 Implementation of dependability assurance as part of product

assurance

 Dependability programme planning and implementation

 Dependability risk assessment and control

 Dependability critical item identification and control

 Participation to design reviews

 Collection of dependability lessons learnt

 Supplier control, progress reporting and documentation

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 40
Detailed contents and practical considerations Standardization
training program
What should be noted on section 4? Q30 discipline:
Dependability

Some practical remarks and considerations on the “dependability

programme” requirements of ECSS-Q-ST-30C are:

 Dependability assurance is a systematic process for specifying

dependability requirements and demonstrating their achievement

 The supplier is responsible for the development, maintenance and

implementation of a dependability plan for all project phases (DRD is
provided in Annex C of the standard)

 The dependability engineer is responsible for the identification and

reporting of dependability associated risks

 The design and all the design changes are assessed for their impact
on dependability through dependability engineering

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 41
 Standardization
Detailed contents and practical considerations
training program
5 Dependability engineering Q30 discipline:
Dependability

What does ECSS-Q-ST-30C Rev. 1 require on dependability engineering?

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

 5 Dependability engineering
 5.1 Integration of
4 Dependability programme
dependability in the project
 5.2 Dependability
5 Dependability engineering requirements in technical
specification
 5.3 Dependability design
6 Dependability analyses criteria
 5.4 Criticality classification
7 Dependability testing, demonstration and data collection
 5.5 Involvement in testing
process
 5.6 Involvement in
8 Pre-tailoring matrix per product types
operational aspects
 5.7 Dependability
recommendations
Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 42
 Detailed contents and practical considerations Standardization
training program
5 Dependability engineering (cont.) Q30 discipline:
Dependability

What are the key ingredients of dependability engineering ?

Dependability engineering involves and is based on:

 Integration of dependability in the project

 Dependability requirements in technical specifications

 Dependability design criteria including:

 mission success criteria
 design approach
 failure tolerance requirements
 Severity category

 Criticality classification (functions, hardware and operations, software

criticality category)

 Involvement in test definition and operational aspects

 Dependability recommendations in support of the risk reduction process

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 43
Detailed contents and practical considerations Standardization
training program
What should be noted on section 5? Q30 discipline:
Dependability

Some practical remarks and considerations on the “dependability

engineering” requirements of ECSS-Q-ST-30C Rev. 1 are:

 Dependability characteristics are traded off with other attributes

such as mass, size, cost and performance

 Dependability requirements are specified as part of the overall

project requirements

 Dependability is apportioned in a top-down process to establish

dependability requirements for lower level elements

 Failure tolerance should never be directly translated into

redundancy and only implemented using the results of
dependability (& safety) analyses

 “Mission success “ criteria shall be defined (at each level) !

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 44
 Standardization
Detailed contents and practical considerations
training program
6 Dependability analyses Q30 discipline:
Dependability

What does ECSS-Q-ST-30C Rev. 1 require on dependability analyses ?

ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

4 Dependability programme
 6 Dependability analyses
5 Dependability engineering  6.1 Identification and
classification of undesirable
events
6 Dependability analyses  6.2 Assessment of failure
scenarios
 6.3 Dependability analyses
7 Dependability testing, demonstration and data collection and the project life cycle
 6.4 Dependability analyses
– methods
8 Pre-tailoring matrix per product types
 6.5 Dependability Critical
Items Criteria
Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 45
 Detailed contents and practical considerations Standardization
training program
6 Dependability analyses (cont.) Q30 discipline:
Dependability

What are the dependability analysis requirements and methods?

The ECSS dependability analysis requirements address the:

 Assessment of failure scenarios (identification and classification of

undesirable events)

 Implementation of the analyses throughout the project life cycle

 Purpose of the analyses and objectives

 Definition of the dependability critical items criteria

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 46
 Detailed contents and practical considerations Standardization
training program
6 Dependability analyses (cont.) Q30 discipline:
Dependability

What are the dependability analysis requirements and methods ?

The ECSS Dependability analyses and methods comprise:

 Reliability analyses

 Maintainability analyses

 Availability analysis
ECSS-Q-ST-30-09 is specifically dedicated to this analysis

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 47
 Detailed contents and practical considerations Standardization
training program
6 Dependability analyses (cont.) Q30 discipline:
Dependability

What are the reliability analyses addressed in ECSS-Q-ST-30C Rev. 1?

 Reliability prediction
 ECSS-Q-HB-30-08 (currently obsolete) is mentioned as a
guideline for the selection of reliability data sources and their
use

 Failure Mode Effects (and Criticality) Analysis (FMEA/FMECA)

 ECSS-Q-ST-30-02 is specifically dedicated to these analyses

 Hardware Software Interaction Analysis (HSIA)

 ECSS-Q-ST-30-02 contains a section dedicated to this analysis

 Contingency analysis

 Fault Tree Analysis (FTA)

 ECSS-Q-ST-40-12 is a guideline for this analysis

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 48
 Detailed contents and practical considerations Standardization
training program
6 Dependability analyses (cont.) Q30 discipline:
Dependability

What are the reliability analyses addressed in ECSS-Q-ST-30C Rev. 1?

 Common-cause analysis
 An example of check list of generic common-cause parameters is
provided in Annex L of ECSS-Q-ST-30C Rev. 1

 Worst Case Analysis (WCA)

 ECSS-Q-HB-30-01 describes the analysis methodology

 Part stress analysis

 Part derating shall be implemented in conformance with ECSS-Q-
ST-30-11 to assure that the stress level applied to all the EEE
parts are within the limits

 Zonal analysis

 Failure Detection Isolation and Recovery (FDIR) analysis

 ECSS-E-ST-70-11 provides the description of the FDIR process

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 49
Detailed contents and practical considerations Standardization
training program
What should be noted on section 6? Q30 discipline:
Dependability

Some practical remarks and considerations on the “dependability analyses”

requirements of ECSS-Q-ST-30C are:

 Dependability (& safety) analyses are the main design & operation
drivers with respect to safety & mission success

 The results of dependability (& safety) analyses are used to define,

optimise, justify, implement and verify dependability (& safety)
requirements

 Dependability (& safety) analyses need to be used as drivers and not

for verification only

 Dependability analyses provide input to safety analyses (e.g.

FMEA/FMECA to hazard analysis, reliability prediction to safety risk
assessment)

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 50
 Detailed contents and practical considerations
Standardization
7 Dependability testing, training program
Q30 discipline:
demonstration and data collection Dependability

What does ECSS-Q-ST-30C Rev. 1 require on testing, demonstration and data

collection ?
ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

4 Dependability programme  7 Dependability testing,

demonstration and
5 Dependability engineering data collection
 7.1 Reliability testing and
demonstration
6 Dependability analyses
 7.2 Availability testing and
demonstration
7 Dependability testing, demonstration and data collection  7.3 Maintainability
demonstration
 7.4 Dependability data
8 Pre-tailoring matrix per product types collection and dependability
performance monitoring

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 51
Detailed contents and practical considerations
Standardization
7 Dependability testing, training program
Q30 discipline:
demonstration and data collection (cont.) Dependability

Dependability testing, demonstration and data collection comprise:

 Validation or verification of dependability analyses, requirements and

data (with test data)

 Data collection from system developments and dependability trend

identification

 Monitoring of dependability performances in the field (in-orbit data,

REX)

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 52
Detailed contents and practical considerations Standardization
training program
What should be noted on section 7? Q30 discipline:
Dependability

Some practical remarks and considerations on the “dependability testing,

demonstration and data collection” requirements of ECSS-Q-ST-30C Rev.
1 are:

 Dependability testing and demonstration should be integrated with

related safety verification activities

 Demonstration of the dependability of critical items is possible or

meaningful primarily when critical items are physical system
constituents

 Dependability data provide diagnostic support during operations

(e.g. after the occurrence of in-orbit anomalies)

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 53
 Detailed contents and practical considerations Standardization
8 Pre-tailoring matrix per product training program
Q30 discipline:
types Dependability

1. What does ECSS-Q-ST-30C Rev. 1 require on pre-tailoring matrix per

product types?
ECSS-Q-ST-30C Rev. 1

Foreword
1 Scope
2 Normative references

3 Terms, definitions and abbreviated terms

4 Dependability programme

5 Dependability engineering

6 Dependability analyses

7 Dependability testing, demonstration and data collection

8 Pre-tailoring matrix per product types

 8 Pre-tailoring matrix per product
types

Annexes

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 54
 Detailed contents and practical considerations
Standardization
8 Pre-tailoring matrix per training program
Q30 discipline:
product types (cont.) Dependability

 The Matrix of Table 8-2 presents the pre-tailoring of this ECSS Standard per
space product type
 There are nine product types, one per column
Launch Ground
Space segment Launch Ground
segment segment Space segment Ground support
Space system element and segment segment Software
element and element and equipment equipment
sub-system equipment equipment
sub-system sub-system

 For each product type the possible values for each requirement are:
 “X” when applicable
 “-” when not applicable
 “//” when pre-tailoring applicability not definable - to be determined
during tailoring
 “X#” when requirement is applicable except in a specific case
 “//#” when pre-tailoring applicability not definable – however
supplementary indications regarding applicability are given
 A requirement is considered applicable for a product type if it is verified on
this product type

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 55
 Standardization
Detailed contents and practical considerations
training program
Annexes Q30 discipline:
Dependability

What does ECSS-Q-ST-30C Rev. 1 require on the Annexes ?

ECSS-Q-ST-30C Rev. 1  Annex A (informative) Relationship

between dependability activities and
Foreword project phases
1 Scope  Annex B (informative) Dependability
2 Normative references
documents delivery per review
 Annex C (normative) Dependability
plan – DRD
3 Terms, definitions and abbreviated terms
 Annex D (normative) Contingency
analysis – DRD
4 Dependability programme  Annex E (normative) Reliability
prediction – DRD
 Annex F (normative) Failure Detection
5 Dependability engineering Identification and Recovery – DRD
 Annex G (normative) Zonal analysis –
DRD
6 Dependability analyses
 Annex H (normative) Maintainability
analysis – DRD
7 Dependability testing, demonstration and data collection  Annex I (normative) Common-cause
analysis – DRD
 Annex J (normative) Worst Case
8 Pre-tailoring matrix per product types Analysis – DRD
 Annex K DELETED
 Annex L (informative) Common-cause
Annexes check lists
 Bibliography

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 56
 Detailed contents and practical considerations Standardization
training program
Annexes (cont.) Q30 discipline:
Dependability

There are two types of annexes, i.e. informative and normative plus bibliography

Informative

 Relationship between dependability activities and programme phases

 Dependability documents delivery per review
 Common-cause check lists

Normative (DRDs)

 Dependability plan
 Contingency analysis
 Reliability prediction
 Failure Detection Identification and Recovery Analysis
 Zonal analysis
 Maintainability analysis
 Common-cause analysis
 Worst Case Analysis

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 57
Detailed contents and practical considerations
Standardization
What should be noted on the training program
Q30 discipline:
Annexes? Dependability

Some practical remarks and considerations on the Annexes are:

 Normative annexes provide DRD’s of the required plan or analysis

 Each DRD includes scope and applicability, description and
purpose, application and interrelationships, and content

 Informative annexes provide inputs for the definition of project

specific requirements on:
 dependability activities to be performed throughout the project
phases
 DRL
 design requirements (common-cause checklist)

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 58
 Standardization
End of dependability session training program
Q30 discipline:
Dependability

Thank you for your attention !

Are there any questions ?

ESA UNCLASSIFIED – For Official Use Q-30: Dependability | ESTEC-NL| October 2021 | Slide 59