January 16, 2012

Product assurance plan - PA-1

Set out the mesures guaranteeing that the product will perform its functions

A. Scope

The Product Assurance Plan (PA) specifies all the Produce Assurance activities meeting the requirements, criticality and constraints at the highest level of the project.

Product Assurance covers the following subjects:

Quality Assurance:

To ensure that the final product meets the requirements of the Specification of Requirement.


To guarantee the reliability, availability and maintainability of the product for its life cycle.

EEE Component Quality:

To guarantee that the "EEE" components meet the product's performance requirements.

Quality of Materials, Mechanical Parts and Processes:

To guarantee that Materials, "non-EEE" components and "Processes" meet the product's performance requirements.

Software Quality:

To guarantee the safety and reliability of developed or reused software.

The measures adopted through the PA plan should essentially guarantee that:

  • risks are identified, assessed and controlled;
  • the product traceability and quality level are permanently accessible;
  • the final product complies with the specifications, and anomalies are known and processed.


B. Fundamentals

The product assurance plan is initiated in phase A. It develops and becomes established in phase B, at the end of which it must be put together.

The product assurance plan is drawn up by the Product Assurance Manager alongside the Project Manager. Consideration of the requirements applicable at the highest level should be shown in a quality requirements compliance matrix (see FM-7). The product assurance plan specifies the practical methods which will be implemented to meet higher level requirements.

The product assurance plan details the organisation and all the activities implemented to satisfy the requirements.

C. Typical content

1. Scope

This section should contain general information defining the purpose and field of application of the Product Assurance Plan.

It specifies the product in question and the project of which it forms part.


This document describes the tasks and responsibilities relating to Product Assurance for the R2D2 instrument.

The instrument is divided into sub-systems, which are :

  • the telescope whose prime contractor will be an industrial prime contractor.
  • its associated electronics produced by the Tatooine laboratory,
  • its software produced by the Alderaan laboratory.


The instrument will be integrated into the STARWARS multi-mission platform.


2. Field of application

This section specifies the fields, products and phases to which the PA Plan applies.


The PA plan of the R2D2 instrument covers: the management of Product Assurance, Quality Assurance, Dependability, EEE Component Quality Assurance, Quality Assurance for Materials, Mechanical Parts and Processes, and Software Quality Assurance.

It applies to the instrument and the following equipment:

  • qualification, flight and spare models,
  • TIE (test and inspection equipment),
  • Flight software.



3. Documentation

3.1 Applicable documents

This paragraph contains:

  • higher level "customer" specifications and requirements;
  • the list of the procedures, design rules and standards which must be taken into consideration in the PA provisions.


These documents will be kept to a minimum to avoid extra costs.


Product Assurance Specification for carrier satellite.


3.2 Reference documents

This paragraph contains the list of the procedures, rules and standards on which the project depends for the implementation of the plan. If the supplier does not have its own documents, space standards, in particular "useful" ECSS, may be cited.


RNC-ECSS-Q-ST-60-14 Relifing procedure - EEE components
RNC-ECSS-Q-ST-60-05 Generic procurements hybrids
RNC-ECSS-Q-ST- 60 EEE components


3.3 Glossary

Terminology and acronyms used in the document will be explained in this section.

4. Product Assurance Management

4.1 Organisation

This paragraph describes the internal arrangements and resources implemented for "supplier" control. In particular, PA Managers (or contacts) will be appointed directly.


The Product Assurance tasks are placed under the responsibility of the PA Manager for the CNES R2D2 instrument.

The PA Manager will be assisted by experts from CNES:

  • an expert in EEE components,
  • an expert in assembly technology,
  • a Dependability expert,
  • an expert in materials / contamination,
  • an expert in Software Quality.


Every cooperating laboratory will appoint a PA contact, in charge of implementing the PA plan.


4.2 Reports on Product Assurance progress status

This paragraph describes the process of monitoring PA activities for the various project contributors.


The PA Manager for the R2D2 project will report on the progress status of the Product Assurance activities during project progress meetings.

They will include an account of Product Assurance actions covering the following areas:

  • dependability;
  • risk identification and management;
  • anomaly status and processing;
  • the assessment / validation / qualification status of the EEE components, Materials, Mechanical Parts and Processes;
  • the testing schedule and results (hardware and software);
  • the quality monitoring of the products (key points).



4.3 Access rights

This paragraph describes the visibility rights authorized at the higher level and requested at the lower level.

  • rights of access to the documentation,
  • audits, specifying their notification and the time required to carry them out.



The "customer" will be able to carry out audits on supplier premises in the following cases:

  • assessment audits if a manufacturer is unknown in the space sector,
  • curative audits if there are serious and persistent malfunctions.


A period of one month will be necessary between notification and carrying out the audit.


4.4 Taking feedback and alerts into account

This paragraph describes how other projects feedback is taken into consideration and how alerts from either the customer or in-house are processed.

4.5 Risk management

This paragraph describes the contribution of Product Assurance to the general process of risk management.

It concerns:

  • risk identification;
  • the assessment of risks likely to be the cause of significant deterioration in the quality of the product;
  • the assessment of the consequences they cause;
  • the implementation of risk reduction actions.


The following areas are involved:

  • design performance demonstration;
  • development and qualification of new products or processes;
  • procurement, manufacture, assembly, controls, tests, handling, storage and transportation;
  • product use.


Risk identification and assessment of the various Product Assurance disciplines will be taken into account. The proposed methods in the sections on Dependability, EEE Components, Materials, Mechanical Parts, Processes and Software can be used.

A list of the project-specific risk criteria will be drawn up in this section.

A distinction will be made in the request between the project risks included in a Project Risk Analysis (PRA) (see M-10) and those in a Technical Risk Analysis (TRA) (see PA-4).


The PA Manager will update a dashboard of the critical points of the project and report on its progress status at each Project Review.

The selected criticality criteria are:

  • single-points-of-failure,
  • limited-life parts,
  • radiation-sensitive components,
  • ...



5. Quality Assurance Programme

5.1 General requirements

5.1.1 Traceability

The traceability system must make it possible to trace data and equipment monitoring during procurement, manufacture, controls, tests, assembly, integration, and operations.

It will be applied to phases C/D of the project and to the supplies to be delivered.

This paragraph will specify the required levels of identification for each of the elements such as components, materials or products.

In order to minimise costs, traceability systems already in existence at the various suppliers will be preferred.

The identification numbers will be recorded in the documentation whenever possible.


Each component, material or product will be identified by a unique and permanent part or type number.

The components, materials and products will be identified as unitary or group entities using at least one of the following methods:

  • date codes indicating the date of manufacture, to identify elements manufactured according to a continuous process or which are liable to age;
  • Batch numbers, to identify elements manufactured in homogeneous groups and in uniform conditions. This type of identification applies to elements which do not have to be individually distinguished;
  • Serial numbers, to identify individual elements requiring specific data management.



5.1.2 Metrology and calibration

This paragraph specifies the constraints imposed on the testing equipment. Special attention will be paid to test equipment used for qualification and acceptance of the flight model.


The supplier will verify, calibrate and maintain the inspection, measuring or testing equipment that it possesses or borrows, to show that the product complies with the specified requirements.


5.2 Anomaly management system

The paragraph describes the implementation of the anomaly management system.

The system put in place must enable a systematic approach for identifying elements showing anomalies, and allows for the recording, report compilation, examination, anomaly management and analysis, and the definition and implementation of corrective action at all the levels of the project.

To set up an anomaly management system, please see "PA-17 Anomaly Management".

5.2.1 Anomaly classification

This paragraph will put forward an anomaly classification process.

5.2.2 Processing of anomalies

This paragraph will specify the methods for processing faults, in particular the following points:

  • recording of anomalies and corrective actions ;
  • notification of major and minor anomalies ;
  • anomaly processing ; (The setting up of special boards may be specified here.)
  • measures which may be adopted during anomaly processing;
  • the approval rules for the measures adopted during anomaly processing;
  • the list of documents to be produced.


5.3 Handling, storage

This paragraph describes the measures to be taken to prevent any damage due to handling or storage, during manufacture, assembly, integration, tests, storage, transportation and operations.

The following procedures can be referred to:

  • tool verification procedures,
  • storage procedures,
  • packing/unpacking procedures,
  • handling procedures.


N.B. : Storage, packing/unpacking and handling procedures will be integrated into the operating manual.

5.4 Quality Assurance in design and verification

5.4.1 Development Plan and Technical Interfaces

The paragraph describes the provisions guaranteeing that the design activities and requirement verifications are carried out correctly.


The design and verification activities are described in the Development Plan.

The sub-system interfaces are defined in each sub-system Interface Control Document.


5.4.2 Verification

The paragraph describes the provisions guaranteeing that requirement verification takes place, including the qualification process.


The definition Verification matrix will be drawn up for each sub-system. The resources implemented (modelling, testing...) will be clearly indicated in it.


5.4.3 Qualification Process

This paragraph describes the qualification process which consists in demonstrating that the product satisfies all the performance requirements specified in the Technical Specification (STB) (see I-2).

The product and all the product components down to the lowest level (EEE components, materials, processes, etc.) whether they were supplied or specifically designed, will be qualified, with correctly sized margins for the operating environment in question.

The various qualification methods will be suggested below:

  • Qualification by Similarity,


Qualification by similarity with an identical or similar product will be justified by showing that the new application falls within the limits of the previously qualified design.

Any difference in definition compared with the reference product and these qualification tests will be identified. The need for additional qualification tests will be analysed.


  • Qualification Tests,


The model used for qualification tests must be made in accordance with its Definition File. The differences in comparison with the flight model will be identified and analysed to judge representativeness.

The procedures and resources for qualification testing will be defined before the qualification tests begin, and verified at the time of the Test Readiness Review (TRR) (see PA-15).


  • Qualification for off-the-shelf equipment,


The suitability to the mission of existing equipment not specifically developed for the needs of the programme will be assessed, based on the following elements:

  • obtained performances, margin assessment and potential points of non-compliance;
  • comparison of the operational conditions (environment, reliability, service life, etc.);
  • reliability data;
  • differences in flight model configuration compared to the qualification model.


An action programme will be considered, depending on the assessment results.


5.4.4 Qualification progress status

This paragraph indicates the monitoring method of the qualification process, including assessments at "component" level.


A list of the qualification status of the sub-systems and equipment will be updated by the "customer's" PA Manager.

Once qualification is granted, any discrepancy, modification or anomaly will be examined to determine its consequences on the status of the qualification. If necessary, there will be a qualification renewal.


5.4.5 Definition modification

The paragraph specifies the definition modification process.


Before it is applied, any definition modification will be identified, documented, analysed and approved according to the project Configuration Management Plan.


5.5 Procurement

5.5.1 Procurement source selection

This paragraph specifies the process and rules of procurement source selection.


The "customer" will assess the suitability of suppliers according to their competence in the space industry. In the case of uncertainty about their capabilities, a preventive audit will be considered.


5.5.2 Procurement documents

This paragraph specifies the procurement documents to be provided.


  • technical specification of the product,
  • applicable documents and standards,
  • quality rules in force,
  • "customer" terms of acceptance,
  • procurement costs and deadlines,
  • certificate of conformance.



5.5.3 Monitoring of procurement sources

This paragraph specifies the principles of monitoring procurement sources.


Procurement quality can be verified by:

  • key points during manufacture;
  • a visual inspection of the equipment and the state of its packaging;
  • verification of its labelling;
  • The issue of a certificate of conformance binding the supplier and testifying that the product complies with the specifications.



5.5.4 Incoming inspection

This paragraph describes the provisions in place for ensuring traceability and access to historical data enabling the supplier's services to be monitored.


A log will be initiated on receipt of the equipment.


5.6 Quality Assurance in manufacture, assembly and integration

5.6.1 Activity planning and control

This paragraph describes the provisions for activity planning and control:


Manufacturing will be carried out using the product Definition File.

For every product manufactured, a manufacturing and control flow chart will be drawn up.

Key points will be defined for the steps judged critical, and carried out in the presence of the customer.


5.6.2 Cleanliness Inspection

This paragraph provides the requirements concerning the checking of the molecular and particulate cleanliness of space equipment and associated resources.

N.B. : The cleanliness levels required are defined in the paragraph "Environmental Requirements" in the STB.

The appropriate provisions for the specified constraints will be expressly explained in the prime contractor's cleanliness plan. This plan will establish cleanliness levels at every stage in manufacturing, testing and integration.

These requirements group together the following topics:

  • Cleanliness levels


Components which are sensitive to contamination must be able to be cleaned, checked and maintained at the required levels.

The acceptable levels will be expressly indicated in the STB of the sub-systems and equipment, and referred to in the procedures relating to manufacture, assembly, integration and testing.


  • Cleaning methods
    Cleaning procedures will be mentioned here;
  • Contamination inspection
    This paragraph specifies inspection methods such as presence of witnesses, special protective measures (protective covers, etc.);
  • Facility cleanliness.



Manufacturing, testing and integration operations for optical subassemblies must be carried out in class 100 (according to FS209).


5.6.3 Subassembly Log Books

This paragraph describes how the product's subassembly Log Books (LB) will be updated, for all the operations and tests undergone after their delivery.

Generally, the LB is provided with the subassembly End Item Data Package (EIDP).

At the very least, it will contain:

  • the type of operations carried out (de-conditioning, connections, testing and test conditions, inspection, cleaning, etc.),
  • the date of the operations and the identification of the responsible operator.


For more details, refer to section PA-14 Log Book.

5.7 Quality Assurance in testing

5.7.1 Documentation

This paragraph indicates the documents to be drawn up to guarantee the quality of the tests on the product.

Type of Documents:

  • plans for the equipment qualification and acceptance tests,
  • plans for the instrument qualification and acceptance tests,
  • associated test procedures,
  • equipment qualification and acceptance test reports,
  • instrument qualification and acceptance test reports,


5.7.2 Monitoring of test proceedings

This paragraph details the monitoring in place while the tests connected to the product are being carried out.


An Integration Quality Assurance Manager will be present during the tests and will ensure that they are conducted in accordance with the procedures in force.


5.7.3 Test Reviews

This paragraph describes the process of formal meetings for monitoring testing, namely the "Test Readiness Reviews (TRR)" and the "Test Review Boards (TRB)".

The documents to be provided for each of these meetings and the desired participants will be specified.

For more details on the organisation of these meetings, please see "PA-15 Test Readiness Review (TRR)" and "PA-16 Test Review Boards (TRB)".


Tests at complete instrument level (qualification, acceptance) will be punctuated by a TRR and a TRB. The aim is to carry out an assessment of the equipment and test documentation, and to rule respectively on the authorisation of the start of testing and the compliance of test results.


5.8 Quality Assurance in acceptance and delivery

5.8.1 End Item Data Package (EIDP)

This paragraph describes the principle adopted for the supply of instruments and equipment EIDPs. The minimum content and principle of acceptance at "customer" level will be specified.


Every item of flight equipment and spare equipment will be delivered accompanied by an End Item Data Package (EIDP). It will contain:

  • acceptance test results,
  • certificates of conformance for the different components,
  • anomaly reports,
  • approved waiver and change requests,
  • the equipment Log Book.



To draw up an End Item Data Package, please refer to section "PA-13 End Item Data Package".

5.8.2 Product Log Book (LB)

This paragraph describes how the product Log Book will be set up, for all operations and tests undergone. It will begin with the first qualification test undergone after its integration.

To draw up a Log Book, please see "PA-14 Log Book".

5.8.3 Product Acceptance

This paragraph describes how the final product will be accepted (see PAF-12). The supplier instigates an acceptance meeting for the equipment. The customer gives its consent for the transfer of property and the delivery of the equipment.

This meeting deals with the following points:

  • Configuration
  • EIDP
  • LB
  • Open actions
  • Status of electrical configuration on delivery
  • Packing procedures; handling and transportation
  • Operating manual
  • Equipment inspection results
  • Special precautions and recommendations


6. Dependability

6.1 Objectives

The construction of Dependability is a continuous and repetitive process which begins right at the start of a project's life and uses both quantitative and qualitative approaches, in order to:

  • identify, depending on needs, all the technical risks which could lead to non-compliance with requirements;
  • perform an assessment of the associated risks;
  • define risk reduction actions and integrate them into the risk management process applied to the project;
  • guarantee that reliability, availability and maintainability objectives are observed.


The Dependability activities planned in the different development phases and at different levels (system, sub-system, equipment) are:

  • functional analysis (Phase A),
  • Preliminary Risk Analysis (Phases A/B),
  • reliability and availability parameters,
  • Failure Mode, Effects and Criticality Analysis (FMECA),
  • Reliability Block Diagram (RBD),
  • estimation of reliability and availability,
  • fault tree (analysis),
  • constraint analysis (margins or "derating"),
  • worst case analysis.


6.2 Technical risk control

This paragraph describes the methodology followed in the process of identifying and controlling technical risks.

Dependability will be taken into account at every phase of the project, from the design phase.

The experience gained will be taken into account in the project in order to avoid design errors linked to problems already known about or systems which have presented malfunctions.

A methodology of technical risk analysis is described in the document "PA-4 Technical Risk Analysis".

6.3 Dependability critical items list

This paragraph describes the criteria that enable the identification of dependability critical points that will be integrated in the general Product Assurance list (please refer to paragraph 5.4).

6.4 Risk reduction actions

This paragraph describes the methods used for the reduction of technical risks.

The following Dependability tools are described in this Guide:

  • Failure Mode, Effects and Criticality Analysis (FMECA) (PA-8),
  • Dearting analyses (PA-9),
  • Worst case analyses (PA-10).


7. EEE component Quality Assurance

This section explains the approach to be applied to all EEE components (Electrical, Electronic, Electro-mechanical including ASICs micro component and hybrids) which will be used on flight equipment to be developed. The provisions specified hereafter will have to meet the requirements of the higher level.

Commercial components will be considered. These are all the components that are not so-called "Hirel", not generally covered by a standardised quality level (MIL, ESA/SCC, etc.), not specifically radiation hardened and that usually come from mass production in a temperature range of 0°/70° (commercial), -40°/85° (industrial) or -55°/125° (military). They may be in a plastic casing.

Anomalies will be processed in accordance with paragraph 5.2 of the PA plan.

Traceability will be handled in accordance with paragraph 5.1.1 of the PA plan while taking into account the specific points described below.

7.1 General points



7.1.1 Two categories of standard components

Two categories:


1 - "Hirel" Components (High Reliability):

  • Standard systems: ESCC for Europe and MIL for the US
  • Hermetically sealed
  • Their manufacture, qualification and screening flows are monitored and, in principle, are compatible with the reliability requirements of space missions.




2 - "RadHard" components (Radiation hardened):

Process and/or design of the product hardened by the manufacturer which makes the product inherently robust to the effects of radiation.


  • Europe -> ATMEL: ASIC, FPGA, µP, memory
  • US -> ACTEL for the FPGAs and International Rectifier for the power MOSFETs


Do not confuse HiRel and Radhard components: a HiRel component is not necessarily specifically radiation hardened (Dose, single events)

7.1.2 Component Policy

At European level, the top level requirement specification is the document "RNC-ECSS-Q-ST-60 EEE components". This document is generally applicable to all European space projects. It is "pre-tailored" according to 3 classes:

  • Class 1: minimised risk
  • Class 2: compromised risk/cost
  • Class 3: minimised cost


This part determines the methods for selection, control, procurement and use of EEE components for space projects.

It is from this document that the component part of the product assurance plan will be drawn up. Applicable documents and those for reference will be decided upon according to the requirements of the project in question.

7.2 Component selection

This paragraph describes the regulations for selecting and approving all components going into the manufacture of the deliverable items. Prohibited components will also be mentioned. Whenever possible, components will be chosen among the ESCC standards (components compatible with space requirements) and MIL (an American system initially designed for military needs) standards.

1/ In the preferential parts lists and qualified components lists


2/ With the quality levels set out in the document "RNC-ECSS-Q-ST-60"

Depending on the class of the project, a choice will be made from among these 3 levels. These levels are given for information only and it is possible to combine these 3 columns in order to create a table of specific levels which is adapted to a project

7.2.1 Commercial components

Only active and discreet components can be authorised in the commercial category. In addition, the use of commercial components is possible only for performance requirements (electric function, mass, space) for which there is not an equivalent HiRel component.

Do not choose them only for reasons of cost. In fact, the cost of ownership, including the initial cost as well as the cost of the batch validation tests, can be 10 to 100 times higher than the unit cost of the component. In the end, an assessed commercial component can therefore be dearer than a standard component.

The use of commercial components is strictly forbidden for the following groups:

  • Connectors
  • Wires and cables
  • Relays
  • Fuses
  • Quartz
  • Resistors
  • Capacitors


The requirements which apply to commercial components are identified in the document "RNC-CNES-Q-ST-60-100 General requirements for the use of commercial EEE parts in space applications" and also fall into 3 classes.

The components must not be used beyond the values mentioned in the manufacturer data sheet.

It is essential to select components suggested within the temperature ranges of -40°C; + 85° C (industrial) or -55°C; + 125° C (military).

As commercial components are often in plastic casings, it is necessary to ensure that the mounting process has been evaluated and validated.

In particular, the requirements of "RNC-CNES-Q-ST-70-38 High-reliability soldering for surface-mount and mixed technology" and the document "RNC-CNES-Q-HB-70-506 Recommendations on dry chain management when components encapsulated in plastic are used."

Traceability is an important notion. It is imperative that the date code of the components mounted on the equipment is known.

In relation to the risk of imitations, as indicated, in the document "RNC-CNES-Q-ST-60-100 General requirements for the use of commercial EEE parts in space applications". It is imperative to know and to guarantee (traceability) the whole supply chain.

To do so, it is necessary to procure directly from the manufacturer or its official distributor. The components will be accompanied by standard documentation (technical or data sheet of the component). The batch acceptance tests (coming from flight batch in the case of strategic procurement) must be conducted according to the decision taken during the selection of the component.

7.3 List of Components

A Declared Components List (DCL) (see PA-5) should be provided at the Preliminary Design Review (PDR).

This DCL must be in electronic spreadsheet format in order to facilitate possible data processing. It must be managed in configuration in order to trace all the modifications.

This paragraph describes how to compile a list of the EEE components specific to the product.

The information given must enable a judgement to be made on whether the components are suitable for the envisaged application.

Different levels of list approval will be specified.

A method of drawing up this list is provided in this guide (see PA-5).

7.4 Obsolescence

Components with uncertain lifetimes or uncertain availability must be identified to overcome these problems in order to guarantee maintainability over service life, for example through strategic storage or monitoring obsolescence risk (Last buy Order notification from the manufacturer).

7.5 Component loading rates

This paragraph specifies the choice criteria and the assessments to be made with respect to component loading rates. Loading rates regulations are mentioned in the document "RNC-ECSS-Q-ST-30-11 Derating - EEE components".

7.6 Electrical Static Discharge (ESD)

The existence and observance of ESD inspection procedures are essential. Likewise, staff who handle flight models should receive periodic training on risks of ESD.

Certain components are more susceptible than others to ESD, notably optical components which do not have any ESD protection.

Certain integrated circuits can also be sensitive to ESD, such as the FPGA RT54SX-S family.

7.7 Component warnings

This section will indicate what is planned in the case of component warnings.

The supplier will have to cross-list the components with the Component Warnings. The component warnings come from the ESA warning system and the CNES warning system to which it is advisable to subscribe.

To be in the warning alert system:


If a component is affected by a warning, it will have to be dealt with by taking preventive and/or corrective action.

A warning is characterised by a boundary (e.g. technology, date code, version, casing, field of use, etc.) and recommendations (selection, procurement and already mounted component).

7.8 Failure analysis

In the context of an anomaly, a failure analysis may be carried out. The methods used will be specified in this section.

A failure analysis will have to be carried out/contracted out on the component after a fault due to the component during:

  • any screening or assessment/qualification test of the batch in question.
  • tests at equipment level (during integration for example).


The failure analysis will determine the root cause and the preventive and corrective action to be implemented.

The success of a failure analysis will depend largely on:

  • the drafting of a precise historical summary of the component: stress seen from procurement to equipment testing, to mounting,
  • the quality of the electrical diagnosis, that is to say, of the description of the breakdown: tension, temperature, electrical parameters out of range, etc.


The failure analysis must determine whether:

  • the failure is due to the component or external stress (ESD, overshoot, use outside the maximum ratings, etc.)
  • the failure is due to a specific or generic defect which can determine if the remainder of the batch is acceptable
  • if need be, if other components around the component involved are likely to have undergone stress which can generate latent defects.


A failure analysis always begins by non-destructive tests which identify and locate the defect. Everything must be implemented during these non-destructive tests (electrical tests at temperature, at different frequencies, in different operating methods, X-ray images, visual inspection, emission microscopy, etc.).

Then a destructive analysis can provide a deeper analysis.

7.9 Radiation sensitivity

This paragraph specifies the choice criteria and the assessments of radiation effects. A radiation analysis will be carried out before selecting and using components which have to be exposed to an environment.

Tolerance to the necessary radiation must be defined on a case by case basis, according to the mission profile.

In critical missions, RadHard components must be used. For other systems, RadTolerant or commercial components can be used.

In all cases, it is essential to design "around" the radiation issue.

The reference document regarding radiation is:

  • RNC-ECSS-E-ST-10-12 Methods for calculation of radiation received and its effects, and a policy for design margins


We can also recommend the book:

  • SREC04, Space Radiation Environment and Its effects on spacecraft components and systems (available from the publisher http://www.cepadues.com)


7.9.1 Radiation Assurance

When it is unknown, the robustness to radiation must be characterised:

  • it may be complex and non-representative. Electronic functional tests can also be very difficult to implement mainly for complex digital products (microprocessors for example):
    • emulation of the complex product
    • developed casing (a lot of pins) requires costly sockets and test cards, etc.


All the radiation effects described in the document "RNC-ECSS-E-ST-10-12" will have to be processed.

7.9.2 Possible hardening techniques

As regards the cumulative dose, only localised shielding is possible.

To guard against single events like upsets and single Event Transient, work will be carried out at system level to detect upsets and correct them while trying not to make the design extremely complex.

Note: the more sensitive the component, the greater the impact on the system, so it will be significantly complex.

It is absolutely essential to determine the effect of single event at system level, both with respect to breakdown propagation and system availability.

To guard against single events like latch-up, burn-out and Single Event Gate Rupture and knowing that this phenomenon is destructive (non-reversible), the consumption of the sensitive components will have to be monitored in order to detect a sudden increase of the latter, a sign of a possible latch-up. The mechanism then will have to drain the latch-up for a certain period of time. Be warned that this directly affects the availability of the equipment.

Here are the typical single events for each family:


Table from document "RNC-ECSS-E-ST-10-12"

7.10 Assessments

This paragraph describes the planned assessments for non "qualified" components and the planned tasks for critical components.

The components subjected to this assessment will be indicated in the Component List.


Depending on the case and according to the identified criticalities, the assessment programme will cover:

  • design and application assessment,
  • construction analysis,
  • manufacturer assessment,
  • assessment testing.



7.11 Component procurement

7.11.1 Procurement reference

When commercial components are used, the reference data sheet for procurement must be duly referenced (reference, edition version, dates).

7.11.2 Single batch

With sample testing, the sample must be representative of the whole batch (that is, all the date codes, even technological versions). It is therefore more practical that the procured parts come from a single lot and date code or the whole set of supplies.

7.12 Storage

This paragraph explains the handling procedures for storage/relifing while taking into account component specifics. These procedures must demonstrate the following aspects:

  • Control of the storage environment at a temperature of 22°C ± 5° C,
  • 65% humidity for hermetically sealed components,
  • For components encapsulated in plastic: storage in nitrogen or dry air/ionized air (RH 15-20%) or dry pack (please refer to JEDEC-STD-033),
  • Cleanliness rules,
  • Component separation and protection rules during incoming inspection, storage and manufacture,
  • Measure ensuring the protection of components sensitive to electrical static discharge (ESD)


Necessary protection must be put in place to protect ESD sensitive components.

7.13 Assembly

This paragraph will explain the expertise (extensive and limitations) for the mounting of used components.

In particular, component specifics with respect to the following points should be considered:

  • assembly design rules (thermal aspect, layout guidelines for printed circuit boards, etc.)
  • storage and handling rules,
  • preparation of the components before mounting (sterilisation if necessary, shaping of connections, tin plating, stage, etc.),
  • mounting procedure (fluxing, reflow type, temperature profile, cleaning, etc...)
  • visual inspection criteria,
  • possible assembly protection,
  • assembly storage conditions.


8. Quality Assurance of Materials, Mechanical Parts and Processes

  • Material:
    Any raw, semi-finished or finished element (gas, liquid or solid) subjected to transformation into a functional element of the product to be manufactured.
  • Mechanical Part:
    Assembly of several components fulfilling a mechanical, optical, thermal or electro-mechanical function which cannot be dismantled without irreversible destruction of the intended use.
  • Process:
    Operation or sequence of associated operations during which the product basic components are assembled or transformed.


8.1 Lists of Materials, Mechanical Parts and Processes

8.1.1 List compilation
  • Declared Materials List
    This paragraph describes how to compile a specific list of materials used for a product. The information given must enable a judgement to be made on whether the materials are suitable for the envisaged application.
    The person drawing up the list will specify the different levels of material validation and will submit the list for customer approval.
  • Declared Mechanical Parts List
    This paragraph describes how to compile a list of Mechanical Parts for a specific product. In order to reduce the documentation, this list can be integrated with the list of materials.
  • Declared Processes List
    This paragraph describes how to compile a list of Processes for a specific product.
    A compilation method for this list is provided in this guide, see PAF-6.


8.1.2 Criticality analysis

The Materials, Mechanical Parts and Processes must be indicated in their respective list and appear in the list of Product Assurance critical points.

The specific project criteria for accepting these elements will be defined.

8.2 Material control

8.2.1 Material selection
  • Technical criteria

The criteria to be taken into account depend on the mission's environmental and operation conditions.

When the use of a material justifies it, special attention is paid to certain constraints under which the resistance of the material may have to be demonstrated.


The materials whose conditions of use can bring about contamination are subjected to degassing tests in accordance with specifications PSS-01-702 or ASTM E 595-90. The acceptance criteria of the materials used for space applications are generally the following: Total mass loss < 1.00 %. Collected Volatile Condensable Materials < 0.10 %. Materials located near optical surfaces require supplementary tests on a case by case basis.

Electronic compatibility:
When bimetallic contacts are used, the two metallic materials used are selected in accordance with PSS-01-701 or MSFC-SPEC-250.

Thermal Cycles:
Materials subjected to thermal cycles will be assessed in order to guarantee their ability to withstand thermal constraints.

Resistance to corrosion will be shown in the case of susceptible materials during their life cycle (Guide MFSC-HDBK-527).

Resistance to electron/proton particle radiation will be shown by analysis and or tests.

Atomic oxygen:
Resistance to the effects of atomic oxygen in low orbits will be shown by analysis and/or tests.


  • Identification of needs

The criteria to take into account for material selection will be defined in this paragraph.


  • Materials which have been used successfully for identical applications, in the framework of other space programmes, similar from the point of view of environmental and lifetime constraints of the proposed application;
  • Materials for which satisfactory assessment results have been obtained on representative samples of the application, with a sufficient margin as to the operating conditions;
  • Materials mentioned in the ESA and NASA data banks providing satisfactory and non-obsolete information.



  • Validation Phase

An assessment strategy for non-validated materials and critical materials will be put forward, allowing verification or confirmation that the material satisfies the mission requirements with the necessary margin to obtain validation.

The validation status will be described in the Declared Materials List.


Materials whose compatibility with environmental constraints has not been demonstrated will be the subject of a validation or qualification programme.

Documents to be produced:

  • validation programme, made available to the PDR,
  • validation report.



8.2.2 Material procurement

This paragraph specifies the rules governing the procurement of materials. The statutory constraints on materials (ITAR, REACH, etc) are to be taken into account throughout the project.


Each material will be governed by a procurement specification or standard.


8.3 Mechanical Parts Control

8.3.1 Mechanical Parts Selection
  • Identification of needs

This paragraph will define the criteria to be considered in the selection of Mechanical Parts.


Mechanical Parts are preferably selected from among those which have been successfully used for identical applications, in the framework of other space programmes, similar from the point of view of environmental and lifetime constraints.

Their selection must take the following criteria into account:

  • durability,
  • characteristics which can be reproduced.



  • Qualification Phase

A qualification strategy for non-validated parts and critical parts will be put forward, allowing verification or confirmation that they satisfy the mission requirements with the necessary margin.

The qualification status will be described in the PAF-1 List.

8.3.2 Procurement of Mechanical Parts

This paragraph specifies the rules governing the procurement of Mechanical Parts.


Each Mechanical Part will be governed by a procurement Specification or a standard, made available, on request, to CNES for consultation.


8.4 Process control

8.4.1 Process selection
  • Identification of needs

This paragraph puts forward the process selection method.


Processes must be selected from among those already validated, while observing the following order of preference and priority:

  • processes which have been certified for identical conditions of use by space agencies and government organisations;
  • processes for which satisfactory assessment and validation results were obtained on representative samples of the application and with a sufficient margin regarding operating conditions;
  • processes already successfully used by the manufacturer in question in the framework of other space programmes presenting the same conditions of use.


Whether a process has already been validated or not, its selection must take the following criteria into account:

  • reliability,
  • ability to be checked,
  • repairability
  • ability to be reproduced
  • durability.



Validation/Qualification Phase

An evaluation/qualification strategy for non-validated critical processes will be put forward, allowing verification or confirmation that the Material satisfies the mission requirements with the necessary margin to obtain validation/qualification. (see EF-5).

The validation status will be described in the Declared Processes List.

8.4.2 Process use

This paragraph specifies the usage rules to observe.


Processes will be validated before being used for the manufacture of flight products.

Any prolonged stoppage in manufacturing, any major modification to the means and procedures used, or any transfer of production to another entity can partially or totally cancel the initial validation of a process.

The process may then have to be revalidated.


9. Software Quality Assurance

The reader will find detailed recommendations about drafting this paragraph in the document "PA-7 Software Quality".

10. Compliance with quality requirements

This paragraph describes how the supplier ensures that quality requirements are taken into account. Usually, a quality requirements compliance matrix (see MF-7) is provided. For each requirement, it is indicated: compliant, case partially compliant and non-compliant, as the case may be. For partially compliant and non-compliant cases, an explanation will be given.

11. End of project report

A report at the end of the work or project must contribute to the collection and supply of feedback. This report is to be prepared at the end of the project (please refer to plan "M-14 End of work or project report").


RisksInability to meet expressed needs
Uncertainty concerning quality level of product
Product Assurance Plan



Activities / documentation

Published in: