ENTINEL RODUCT SSURANCE AND AFETY EQUIREMENTSemits.sso.esa.int/emits-doc/5111-B-S1-PA-Rqmts.pdf · European Space Agency document title/ titre du document ENTINEL RODUCT SSURANCE

European Space Agency

document title/ titre du document

ENTINEL

RODUCT SSURANCE AND AFETY EQUIREMENTS

prepared by/préparé par GMES Sentinel-1 Team reference/réference S1-RS-ESA-SY-0002 issue/édition 2 revision/révision 0 date of issue/date d’édition 4 April 2006 status/état Issued Document type/type de document Requirement Specification Distribution/distribution (See page 3)

Agence spatiale européenne

ESTEC Keplerlaan 1 - 2201 AZ Noordwijk - The Netherlands Tel. (31) 71 5656565 - Fax (31) 71 5656040

APPROVAL

ProductAssuranceand SafetyRequirements

issue2 revision0

ES-RS-ESA.SY.OOO2

page2of36

Titletitre

GMES Sentinel-l Product Assurance and Safety Requirements

author

auteur

GMES Sentinel-l Team

checkedby

verifiepar

GMES Sentinel-l Team

approvedby

approuvepar

J. Bosma, Head ofESA Product Assurance and Safety Department

approvedbyapprouvepar

~~en;Q;~~~er

CHANGE LOG

0issue2issue

revision

revision

date 04/04/2006date

date 04/04/2006

date

date 04/04/2006date

date 04104/2006

date

reasonfor change/raisonduchangement date/date

First Issue - for phases A/B1 ITTSecond Issue - for phases B2/C/D/El ITT

CHANGE

issue/issue revision/revision

12

00

RECORD

Issue:2 Revision:0

26/1 0/200404/04/2006

reasonfor change/raisonduchangement paragraph(s)!paragraph(s)page(s)!page(s)

Product Assurance and Safety Requirements issue 2 revision 0

S1-RS-ESA-SY-0002 page 3 of 36

D I S T R I B U T I O N

ESTEC/EOP ESTEC /RES ESTEC /TEC



T A B L E O F C O N T E N T S

1 SCOPE ...............................................................................................................................7

2 APPLICABILITY.................................................................................................................7

3 DOCUMENTS.....................................................................................................................7 3.1 Applicable Documents (Standards) ...................................................................................................7 3.2 Reference Documents ........................................................................................................................9

4 ABBREVIATIONS............................................................................................................10

5 PA&S PROGRAMME.......................................................................................................11 5.1 PA&S Plan .......................................................................................................................................11 5.2 Right of Access ................................................................................................................................11 5.3 Participation .....................................................................................................................................12 5.4 PA&S Progress Reporting ...............................................................................................................12 5.5 PA&S Databases ..............................................................................................................................12

6 QUALITY ASSURANCE ..................................................................................................13 6.1 PA&S Audit Programme .................................................................................................................13 6.2 Critical Items Control.......................................................................................................................13 6.3 Non-conformance Control System...................................................................................................14 6.4 Alert System.....................................................................................................................................14 6.5 Handling, Storage, Preservation.......................................................................................................14 6.6 Cleanliness and Contamination Control ..........................................................................................14 6.7 Test Facilities ...................................................................................................................................15 6.8 Test Reports .....................................................................................................................................15 6.9 Packaging, Marking and Labelling, Transportation.........................................................................15

7 DEPENDABILITY ASSURANCE .....................................................................................16 7.1 Consequence Category and Severity................................................................................................16 7.2 Failure Tolerance .............................................................................................................................17 7.3 Dependability Analyses ...................................................................................................................17

7.3.1 Failure Modes and Effects Analysis (FMEA)..........................................................................17 7.3.2 Hardware/Software Interaction Analysis (HSIA) ....................................................................17 7.3.3 Contingency Analysis ..............................................................................................................17 7.3.4 Fault Tree Analysis ..................................................................................................................17 7.3.5 Common-mode and Common-cause Analysis.........................................................................17 7.3.6 Reliability Prediction and apportionment ................................................................................18 7.3.7 Worst Case circuit performance Analysis................................................................................18



7.3.8 part derating analysis ...............................................................................................................18 7.3.9 Zonal Analysis .........................................................................................................................18 7.3.10 Maintainability Analysis ..........................................................................................................18 7.3.11 Availability analysis.................................................................................................................18

7.4 Dependability Testing and Demonstration.......................................................................................19

8 SAFETY ...........................................................................................................................19 8.1 General .............................................................................................................................................19 8.2 Safety Programme............................................................................................................................19 8.3 Hazard Analysis (HA)......................................................................................................................20

8.3.1 Additional Specific Safety Analyses........................................................................................20

9 EEE COMPONENTS........................................................................................................21 9.1 General .............................................................................................................................................21 9.2 Component Advisory Board ............................................................................................................21 9.3 Declared Components List...............................................................................................................22 9.4 Component Selection .......................................................................................................................22

9.4.1 Component Derating ................................................................................................................22 9.4.2 Component selection criteria ...................................................................................................22

9.5 EEE Components Approval .............................................................................................................23 9.6 Procurement Requirements ..............................................................................................................24

9.6.1 EEE Components Screening ....................................................................................................24 9.6.2 Lot Validation Testing (LVT) or Quality Conformance Inspection (QCI)..............................25 9.6.3 Radiation-Sensitive EEE Components.....................................................................................26 9.6.4 Components from stock ...........................................................................................................27

9.7 Components in Off-The-Shelf equipment (OTS) ............................................................................27 9.8 Specific component requirements ....................................................................................................28

9.8.1 Application Specific Integrated Components (ASIC) and FIeld programmable gate arrays (FPGA) 28 9.8.2 Hybrids.....................................................................................................................................28 9.8.3 User-programmable Devices....................................................................................................28 9.8.4 Electro-optical devices .............................................................................................................29 9.8.5 Electro-magnetic Devices ........................................................................................................29

9.9 Non-Conformances and Failures .....................................................................................................29 9.10 Documentation .................................................................................................................................30

10 MATERIALS, MECHANICAL PARTS & PROCESSES...................................................31 10.1 Technical Requirements for Selection of Materials.........................................................................31

10.1.1 Vacuum ....................................................................................................................................31 10.1.2 Forbidden Materials .................................................................................................................31 10.1.3 Thermal Cycling ......................................................................................................................31 10.1.4 Atomic Oxygen ........................................................................................................................32 10.1.5 Meteoritic/Debris Environment ...............................................................................................32 10.1.6 Electrochemical Compatibility ................................................................................................32



10.1.7 Corrosion..................................................................................................................................32 10.1.8 Stress Corrosion .......................................................................................................................32 10.1.9 Fluid Compatibility ..................................................................................................................32 10.1.10 UV and particle Radiation....................................................................................................32 10.1.11 Allowable Stress ..................................................................................................................32 10.1.12 Limited Life Time................................................................................................................33

10.2 Processes ..........................................................................................................................................33 10.3 Materials, Parts and Processes Lists ................................................................................................33

11 SOFTWARE PRODUCT ASSURANCE...........................................................................35

12 OFF-THE-SHELF SPACE EQUIPMENT AND SOFTWARE............................................36



1 SCOPE This document defines the Product Assurance requirements applicable to the Sentinel-1 project. The satellite shall be designed, manufactured and tested in compliance with these requirements, which are applicable to the prime contractor, sub-contractors and suppliers. It is the responsibility of the prime contractor to tailor these requirements to sub-contractors and suppliers and to ensure their implementation.

2 APPLICABILITY The PA&S requirements specified in this document are applicable to the following:

Flight hardware and flight spare models Hardware subjected to or participating in design verification or qualification testing Deliverable Ground Support Equipment (GSE) and for GSE items with direct interface to

flight hardware Flight (software), all other deliverable software Components selection and procurement for the Spacecraft Materials selection and procurement for the Spacecraft

Other hardware and software shall be safe for ground operations and shall be representative of flight hardware with respect to form, fit, and function, and shall not lead to the failure or degradation of flight hardware/software. The PA&S requirements specified in this document are applicable to the project phases B2/C/D/E1.

3 DOCUMENTS This document is based on the ECSS standards on space product assurance and project management. The requirements specified here are established by tailoring the ECSS requirements to the needs and constraints of the GMES Sentinel-1 project. Where ECSS documents are not available, the relevant ESA PSS documents are used. Tailoring of the ECSS-Q requirements is achieved by specifying:

• the clauses not applicable • clause modifications.

Clauses not mentioned in this document are applicable without modifications. Note that the current ECSS standard issue (A or B) is only specified in section 3.1, while in the rest of the document only the standard number (without issue reference) is called up.

3.1 Applicable Documents (Standards) The following documents (latest issue at contract signature) shall be applicable to the extent and with the modifications specified in this document.



ECSS-P-001B Glossary of Terms ECSS-M-00B Space project management - policy and principles ECSS-Q-00A Space Product Assurance - policy and principles ECSS-Q-20B Quality Assurance ECSS-Q-20-04A Critical Item Control ECSS-Q-20-07A Quality Assurance for Test Centres ECSS-Q-20-09B Non-conformance Control System PSS-01-202 Iss 1 Preservation, storage, handling and transportation of ESA spacecraft

hardware ECSS-Q-30B Dependability ECSS- Q-30-01A Worst case circuit performance analysis ECSS-Q-30-02A Failure Modes, Effects and Criticality Analysis ECSS-Q-40B Safety ECSS-Q-40-02A Hazard Analysis ECSS-Q-40-12A Fault Tree Analysis – Adoption Notice ECSS/IEC61025 ECSS-Q-60A EEE Components ECSS-Q-60-01A European Preferred Parts List ECSS-Q-60-02 Draft ASIC and FPGA Development ECSS-Q-60-05 Draft Generic procurement requirements for hybrid microcircuits ECCS-Q-60-11A Derating Requirements and end of life parameter drifts – EEE components TEC-Q/04-6649/QCT EEE Component Derating (ESA Tailoring of ECSS-Q-60-11A) ESCC No. 9000Generic Specification for Integrated Circuits Monolithic MIL-STD-981 Design, Manufacturing And Quality Standards For Custom Electromagnetic

Devices For Space Applications ECSS-Q-70B Materials, Mechanical Parts and Processes ECSS-Q-70-01A Cleanliness and contamination control ECSS-Q-70-02A Thermal vacuum outgassing test for the screening of space materials ECSS-Q-70-03A Black Anodising of Aluminium using inorganic dyes ECSS-Q-70-04A Thermal cycling test for the screening of space materials and processes ECSS-Q-70-05A The Detection of Organic contamination of Surfaces by Infrared

Spectroscopy PSS-01-706 Iss1 The Particle and UV Radiation Testing of Space Materials ECSS-Q-70-07A Verification and approval of automatic machine wave soldering ECSS-Q-70-08A The Manual soldering of high-reliability electrical connections ECSS-Q-70-09A Measurement of thermo-optical properties of thermal control materials ECSS-Q-70-10A Qualification of printed circuit boards ECSS-Q-70-11A Procurement of printed circuit boards



ECSS-Q-70-13A Measurement of the peel and pull-off strength of coatings and finishes using

pressures-sensitive tapes ECSS-Q-70-18A Preparation, assembly and mounting of RF coaxial cables ECSS-Q-70-20A Determination of the susceptibility of silver plated copper wire and cable to

“red-plague” corrosion ECSS-Q-70-21A Flammability testing for the screening of space materials ECSS-Q-70-22A The control of limited shelf-life materials ECSS-Q-70-25A The application of the black coating Aeroglaze Z 306 ECSS-Q-70-26A The Crimping of high-reliability electrical connections ECSS-Q-70-28A The repair and modification of printed circuit board assemblies for space use ECSS-Q-70-30A The wire wrapping of high reliability electrical connections ECSS-Q-70-33A The application of the thermal control coating PSG 120 FD ECSS-Q-70-34A The application of the black electrically conductive coating Aeroglaze H322 ECSS-Q-70-35A The application of the black electrically conductive coating Aeroglaze L300. ECSS-Q-70-36A Material selection for controlling stress corrosion cracking ECSS-Q-70-37A Determination of susceptibility of metals to stress corrosion cracking PSS-01-738 High reliability soldering for surface mount and mixed technology printed

circuit boards ECSS-Q-70-45A Standard methods for mechanical testing of metallic materials ECSS-Q-70-46A Requirements for manufacturing and procurement of threaded fasteners ECSS-Q-70-71A rev1 Data for Selection of Space Materials and Processes PSS-01-738 High-reliability soldering for surface-mount & mixed technology PCB ESA/SCC No. 3901 Generic specification for wires and cables, electrical, 600V, low frequency ESA/SCC No. 3901 Generic specification for cables, coaxial, radio frequency, flexible NASA-STD-6001 Flammability, Odor, Offgassing, and Compatibility Requirements and Test

Procedures for Materials in Environments that Support Combustion MIL-HDBK-5 Metallic Materials and Elements for Aerospace Vehicle Structures MSFC-Spec 250 General Specification for Protective Finishes for Space Vehicle Structures

and Associated Flight Equipment ECSS-Q-80B Software Product Assurance ECSS-E-30-01A Fracture Control

3.2 Reference Documents ECSS-Q-30-08A Components reliability data sources and their use ECSS-Q-30-09A Availability Analysis ISO 19011:2002 Guidelines for quality and/or environmental management systems auditing.



4 ABBREVIATIONS This list of abbreviations is not extensive. Abbreviations used in this document and not included in the list are defined in the applicable ECSS standards. ECSS European Co-operation for Space Standardisation EEE Electronic, Electrical, Electromechanical EPPL European Preferred Parts List ESCC European Space Component Co-ordination HA Hazard Analysis HSIA Hardware/Software Interaction Analysis MPP Materials, Parts and Processes NCR Non Conformance Report NCTS Non-Conformance Tracking System NPSL NASA Parts Selection List OTS Off the Shelf PA&S Product Assurance and Safety QA Quality Assurance QPL Qualified Parts List SPF Single Point Failure SPR Software Problem Report SRD Sentinel-1 System Requirements Document, ES-RS-ESA-SY-0001 SW Software SW-PA Software Product Assurance RFW Request For Waiver RFD Request For Deviation



5 PA&S PROGRAMME The PA&S programme shall ensure that the Sentinel-1 mission successfully achieve the intended objectives. This shall be achieved in the most cost-effective way by managing the available resources and personnel within the allocated budget, and by coordinating in an integrated effort the PA&S activities with the functions of project management and engineering. The PA&S programme shall be established according to the requirements of this document. This document takes into account ECSS-Q-00, chapter 3, Product Assurance Management and ECSS-M-00 chapter 5.2, Overall Policy and Principles.

5.1 PA&S Plan The Contractor shall prepare a PA&S Plan to describe the resources, tasks, responsibilities, methods and procedures adopted by the Contractor for the implementation of the PA&S requirements and for the achievement of the PA&S objectives. The PA&S Plan shall define the PA&S programme to be implemented in compliance with the requirements of this document. The Contractor shall deliver with the proposal a compliance matrix, complemented with the relevant supporting documentation. The compliance matrix shall address compliance with the requirements of this document (and the applicable ECSS standards) and shall identify any discrepancy. The PA&S Plan shall include details as to how the Contractor intends to verify the implementation of the programme and how he intends to perform supervisory and monitoring actions on Subcontractors and Suppliers. Contractor internal company procedures may be referenced in the PA&S Plan, in this case they shall be provided to ESA on request. Contractors should be aware that referencing internal company procedures in the PA&S Plan will limit the company's ability to unilaterally change the procedures. All modifications to these procedures shall be considered as modifications to the PA&S Plan. The PA&S Plan shall serve as a master planning and control document for the product assurance programme.

5.2 Right of Access ESA reserves the right of access to: • all documentation relevant to the programme;



• all areas and operations within the contractor’s or supplier’s facilities in which work is

performed or items are stored relevant to the project, even if the information is considered proprietary.

ESA will undertake not to disclose such information to a third party, in accordance with the General Clauses and Conditions for ESA Contracts.

5.3 Participation ESA reserves the right to perform or participate in any or all audits, surveys, inspections, reviews, etc. relevant to the project. ESA’s participation shall not in any way replace or relieve the Contractor of his responsibilities

5.4 PA&S Progress Reporting PA&S progress reporting shall be part of the overall project progress reporting and shall include as a minimum: • Status of the PA&S activities since the last progress report, separated for the different

disciplines (QA, Dependability, Safety, EEE-Components, MPP, SW-PA, Others) • Non-conformance and SPR status • Waiver/Deviation status • Critical items status • Alert status • Audit programme status • Accomplishments • Planned accomplishments in the next reporting period • Identified problems & risk factors • Activities planned to control identified problems & risk factors

5.5 PA&S Databases All PA&S-related data and analyses (such as NCR’s, RFW’s/RFD’s, EEE components list, materials and processes lists, reliability/safety analysis) shall be stored in electronic databases. This shall allow to import and export data from and to sub-contractors and ESA. The database format and content shall be agreed with ESA. ESA shall have access to the database. ESA recommends the use of ESA corporate NCTS (Non-Conformance Tracking System) as a web-based non-conformance registration and monitoring database tool.



6 QUALITY ASSURANCE The contractor shall prepare, maintain, and implement a plan of the QA activities. The plan describing the QA programme for GMES Sentinel-1 shall be part of the PA&S plan. The requirements for the GMES Sentinel-1 QA programme are defined in ECSS-Q-20 with the modifications identified hereinafter.

6.1 PA&S Audit Programme This chapter supplements clause 4.6.2 of ECSS-Q-20. The Contractor shall identify (either in the PA&S plan or in a separate Audit Programme document) the external and in-house audits to be performed. Audits shall be planned: • to verify the implementation and effectiveness of the PA&S programme, • to assess the capability of the Contractor and sub-contractors to perform the required tasks,

such as manufacturing processes, according to the level of risk to the project. For example, higher priority shall be given to new sub-contractors or suppliers, or when new technologies are used. At least ten working days notice shall be given of the intention to conduct an audit. ESA reserves the right to be represented in all audits. The Contractor shall perform audits following the guidelines of ISO 19011:2002. For each audit to be performed the Contractor shall prepare an audit plan and a checklist. These documents shall be subject to ESA acceptance before they are used. A copy of the audit report generated by the Contractor shall be sent to ESA within two weeks after the audit has taken place. The report shall include:

• identification of areas of non-compliance or weakness, if any • corrective actions with due dates, • conclusions with statement on the acceptability to proceed with the activities, • the completed audit checklist.

At any time, the Agency has the right to conduct PA&S audits of the Contractor and/or any of his Subcontractors at their premises. The Agency will provide at least two weeks (ten working days) notice prior to the conduct of any such audit.

6.2 Critical Items Control The Contractor shall perform the Critical Item Control process in accordance with the requirements of ECSS-Q-20, clause 4.8, and ECSS-Q-20-04.



6.3 Non-conformance Control System The contractor shall establish and maintain a non-conformance control system in accordance with the requirements of ECSS-Q-20, clause 5.6 and ECSS-Q-20-09. Accidents/ incidents shall be processed according to the non-conformance control system, and treated as major non-conformances. The Prime Contractor shall give visibility upon ESA request of all NCRs generated in the project. The Contractor is required to implement an electronic NCR database throughout the industrial organisation. This database shall be accessible to ESA and shall contain all NCR reports and related documentation. ESA recommends the use of ESA corporate NCTS (Non-Conformance Tracking System) as a web-based non-conformance registration and monitoring database tool.

6.4 Alert System This chapter is a supplement to clause 5.7 of ECSS-Q-20. A preliminary assessment of the possible impact of an Alert on the project at all contractual levels shall be performed and submitted to ESA within 5 working days. The contractor shall maintain a status list of all internal and external Alerts (including ESA Alerts). This list shall identify the applicability of each alert to the project and, when applicable, the corrective measures taken by the project. The Contractor shall ensure that all subordinate suppliers also participate into the ESA Alert System. This includes, as a minimum, that the prime Contractor distributes all ESA Alerts to the lower tier suppliers and that there is an established procedure for collecting and assessing inputs from lower tier suppliers to provide inputs to the ESA Alert System where warranted.

6.5 Handling, Storage, Preservation This chapter is a supplement to clause 5.8 of ECSS-Q-20. The applicable detailed requirements for handling, storage and preservation are defined in ESA PSS-01-202.

6.6 Cleanliness and Contamination Control This chapter is a supplement to clause 8.8.1 of ECSS-Q-20.



The Contractor shall identify the hardware and facilities that require specific controls for molecular or particulate contamination. The whole process shall be defined in the Cleanliness and Contamination Control Plan. To this extent the requirements of ECSS-70-01 are applicable.

6.7 Test Facilities This chapter supersedes clause 9.1 of ECSS-Q-20. The Contractor shall ensure that the selected test facilities are suitably qualified to perform the tests to be conducted, and do not cause any degradation to the test article or its interface. The contractor shall demonstrate that the selected test facilities, either internal or external, comply with the requirements of ECSS-Q-20-07A.

6.8 Test Reports This chapter is a supplement to clause 9.3.2 of ECSS-Q-20. Test Reports shall include reference to NCR’s and SPR’s relevant for the test subject of the test report. The test report shall provide a conclusion stating whether the test objectives have been achieved.

6.9 Packaging, Marking and Labelling, Transportation This chapter is a supplement to clause 10.4.1, 10.4.2 and 10.5.2 of ECSS-Q-20. The applicable detailed requirements for packing, marking and labelling and transportation are defined in ESA PSS-01-202.



7 DEPENDABILITY ASSURANCE The objective of Dependability Assurance (Reliability, Availability and Maintainability) is to ensure a successful mission (achieving its objectives) by optimising the system dependability within all competing technical and financial constraints. The contractor shall follow the requirements of ECSS-Q-30 (and the related lower level ECSS standards listed in section 3.1 of this document), with the modifications defined in the rest of this chapter 7.

7.1 Consequence Category and Severity This chapter supersedes clause 7.3.1 of ECSS-Q-30. Failure events shall be classified on the basis of the severity of their consequences, according to the following categories. The classification of categories includes consequences related to safety. Severity Category Failure Effect Catastrophic 1S • Loss of life or life-threatening injury.

• Permanent disabling injury to personnel or permanent occupational illness.

• Propagation of failure to launcher. • Loss of Launch site facilities. • Severe detrimental environmental effects.

Catastrophic 1 • Loss of satellite. Critical 2S • Loss or major damage to private or public property, or

ground facilities. • Temporary disabling but not life-threatening injury, or

temporary occupational illness. • Major detrimental environmental effects.

Critical 2 • Loss of mission or unacceptable degradation of mission performance.

Major 3S • Minor injury, minor disability, minor occupational illness • Minor detrimental environmental effects

Major 3 • Degradation of mission performance. Negligible 4 • Any other effect. Examples of major degradation of mission performance could be: a partially failed deployment, a severe reduction of the on-board storage & downlink capability. An example of degradation of mission performance could be: a partial failure of the antenna.



7.2 Failure Tolerance This chapter supersedes clause 7.3.2 of ECSS-Q-30. Failure Tolerance requirements defined in the SRD apply. The failure tolerance approach needs not to be applied to: primary structures, load-carrying structures, structural fasteners, load-carrying elements of mechanisms, pressure vessels. In these cases, the requirements of design for minimum risk shall apply

7.3 Dependability Analyses The following dependability analyses are required for the GMES Sentinel-1 project:

Failure Modes and Effects Analysis (FMEA) Hardware/Software Interaction Analysis (HSIA) Fault Tree Analysis Reliability Prediction and Apportionment Worst Case Circuit Performance Analysis Part Derating Analysis Maintainability Analysis Availability Analysis

The requirements of ECSS-Q-30 (and the related lower level ECSS standards listed in section 3.1 of this document) apply, with the modifications defined in the rest of this chapter 7.3.

7.3.1 FAILURE MODES AND EFFECTS ANALYSIS (FMEA) The FMEA shall be performed according to ECSS-Q-30-02.

7.3.2 HARDWARE/SOFTWARE INTERACTION ANALYSIS (HSIA) The Hardware/Software Interaction Analysis (HSIA) shall be performed according to ECSS-Q-30-02.

7.3.3 CONTINGENCY ANALYSIS A Contingency Analysis is not required for the GMES Sentinel-1 project.

7.3.4 FAULT TREE ANALYSIS The Fault Tree Analysis shall be performed according to ECSS-Q-40-12.

7.3.5 COMMON-MODE AND COMMON-CAUSE ANALYSIS Common-mode and common cause failures shall be considered.



Multiple failures resulting from common cause or common mode failures shall be considered as single failures when determining failure tolerance, and shall be analysed into the FMEA. A separate Common-Mode and Common-Cause Analysis is not required.

7.3.6 RELIABILITY PREDICTION AND APPORTIONMENT For the performance of this analysis the contractor shall propose the most effective approach (between part count and part stress) for each project phase, to be agreed with ESA. The reliability requirements for the Sentinel-1 nominal mission lifetime are defined in the SRD. (

7.3.7 WORST CASE CIRCUIT PERFORMANCE ANALYSIS The Worst Case Circuit Performance Analysis shall be performed according to ECSS-Q-30-01.

7.3.8 PART DERATING ANALYSIS The Part Derating Analysis shall be performed according to ECSS-Q-60-11 and the ESA tailoring document TEC-Q/04-6649/QCT.

7.3.9 ZONAL ANALYSIS A Zonal Analysis is not required for the Sentinel-1 project.

7.3.10 MAINTAINABILITY ANALYSIS This section supplements clause 8.2.3 of ECSS-Q-30. The Contractor shall identify the preventive and corrective maintenance actions for ground operations. Emergency restoration or repair activities necessary to sustain system capabilities crucial to mission success shall be also identified, including the time needed to perform these activities. The Contractor shall identify in the Critical Items Lists maintainability critical items that cannot be checked after integration, that require late servicing, access or replacement, and limited-life items or consumables. The maintainability requirements for the GMES Sentinel-1 nominal mission lifetime are defined in the SRD (.

7.3.11 AVAILABILITY ANALYSIS This section supplements clause 8.2.4 of ECSS-Q-30.



The availability requirements for the GMES Sentinel-1 nominal mission lifetime are defined in the SRD.

7.4 Dependability Testing and Demonstration Clause 9 of ECSS-Q-30 is not applicable.

8 SAFETY

8.1 General The Contractor shall establish and implement a safety programme in compliance with the requirements of ECSS-Q-40. This chapter supplements the requirements of ECSS-Q-40. The Contractor shall comply with international and national safety regulations and with the launch authority safety regulations.

8.2 Safety Programme The Contractor shall establish a safety program to protect:

• ground personnel, • the launch vehicle (including other launcher payloads), • ground support equipment, • public and private properties • the environment

from hazards associated with the Sentinel-1 hardware/software and operations The contractor shall:

• Identify from the launcher selection process the applicable safety review process, information inputs required for the safety review process and additional system requirements and constraints related to the launcher;

• Identify and plan the implementation of all activities required to obtain approval from the launch authority.

Following selection of the launcher, the contractor shall implement all activities required to:

• Incorporate and comply with additional system constraints and requirements derived from the selected launcher;

• Provide information required in the safety review process; • Obtain approval from the launch authority to launch the satellite.



8.3 Hazard Analysis (HA) A hazard analysis shall be performed in a systematic manner, beginning in the concept phase and continuing through all phases under the responsibility of the contractor in order to demonstrate compliance with international and national regulations and the applicable launch authority safety regulations. Hazard analysis shall identify and evaluate:

• Potential hazards associated with system design, its operation and the operation environment. This shall address debris, fallout and impact prevention.

• The hazardous effects resulting from the physical and functional propagation of initiator events

• The hazardous events resulting from the failure of system functions, and functional components

• Time critical situations • Hazard controls

The status of the close-out verification shall be part of PA&S progress reporting. The final HA analysis shall be provided when all close-out verifications have been fulfilled. The Hazard Analysis shall be performed according to ECSS-Q-40-02.

8.3.1 ADDITIONAL SPECIFIC SAFETY ANALYSES The Contractor shall perform additional safety analyses as required by the launcher authority or ESA, to support the safety review process. The outcome of these analyses shall be documented in the Safety File.



9 EEE COMPONENTS

9.1 General The contractor shall implement an EEE Components Control Programme in accordance with all the requirements of ECSS-Q-60A, taking into account the additions and exceptions as defined below in this section. In the event of conflict with ECSS-Q-60A, this document shall have precedence in GMES Sentinel 1 project. These requirements apply to EEE components used in Flight standard hardware and to components which come in direct contact with Flight standard hardware, such as connectors for GSE tests. For Engineering model standard hardware, the EEE components shall be selected to be fit, form and function representative of the Flight components. Additionally, if thermal vacuum tests are envisaged for the Engineering model, the EEE parts used in it shall be made of the same materials as the Flight equivalent parts. For qualification models (if any, depending on the chosen Model Philosophy), the same quality level of components shall be selected as for flight equipment. For Proto-Flight Equipment, the requirements for flight hardware apply. The following items shall not be considered EEE components and will be controlled at unit or higher level by the relevant disciplines:

– intermediate products containing discrete components on substrates, PCBs etc. – solar cells, – cells in batteries, – HF sub-assemblies such as coaxial cable assemblies or waveguide elements, – TWTs, – RF switches, coaxial or waveguide

9.2 Component Advisory Board ECSS-Q-60A clause 2.3.3 shall apply with the following modifications: The tasks and objectives of the Component Advisory Board shall include:

– Management and control of the part procurement programmes at all levels

– Implementation of the Parts Approval cycle through PAD approval, including review of part/manufacturer evaluation/qualification plans and test reports , status of qualification,



approval of procurement specifications, quality and lot acceptance levels and procurement inspections, DPA, radiation sensitivity assessment.

– To review the procurement status and to identify risks, e.g U.S. parts under Export license

restrictions (ITAR)

– To assess parts technical issues such as Nonconformances, Waivers, Deviations and alerts.

9.3 Declared Components List In addition to the requirements of ESCC Q-60A, clause 2.4, the Contractor shall be in charge of establishing and updating a consolidated DCL at system level. All DCL’s produced in GMES Sentinel 1 project shall be compatible with electronic transmission and be kept under configuration control. They shall be provided in a format enabling them to be searched electronically (e.g. EXCEL spreadsheet). In addition to the information requested in ESCC Q-60A, clause 2.4.3, see also section 9.5 herein.

9.4 Component Selection Clause 3.2 of ECSS-Q-60 applies with the exceptions as specified in the following sub-paragraphs.

9.4.1 COMPONENT DERATING This chapter supersedes clause 3.2.6 of ECSS-Q-60. All EEE components shall be derated in the manner specified in ECSS-Q-60-11 amended by ESA Tailoring Document TEC-Q/04-6649/QCT.

9.4.2 COMPONENT SELECTION CRITERIA This chapter supersedes clause 3.2.8 of ECSS-Q-60. The primary source of components shall be the European Manufacturers in the European Preferred Parts List (ECSS-Q-60-01). A justification for the use of non-European components shall be submitted to ESA for approval. These components shall be selected such that they are not affected by trading barriers. Where this requirement cannot be met, the justification for use of such components shall be supplemented with a risk assessment detailing potential impacts for the project, and identifying back-up solutions.



Components shall be chosen that satisfy the requirements for inclusion in EPPL (European Preferred Parts list) Part 1 as detailed in ECSS-Q-60-01; i.e. a. Components included in recognized QPL’s issued by:

• ESCC • US Defense Supply Centre, Columbus (DSCC)- MIL Class S , ER Level R (exponential),

Level C (Weibull) • NASDA

b. Components belonging to QML, class V c. Components included in NASA NPSL, Level 1 d. Components that have been evaluated successfully according ESCC, ECSS-Q-60 or equivalent requirements and for which a recognised procurement specification is available. The selection of components not meeting the above requirements shall be based on knowledge regarding technical performance, qualification status and history of previous use in similar applications. In such cases, the contractor shall provide a justification for the selection of a specific component type or manufacturer in association with the Parts Approval Document.

9.5 EEE Components Approval This paragraph supersedes the requirements of clause 3.3 of ECSS-Q-60A. EEE components used in flight hardware require approval by the Contractor and ESA prior to usage. Parts that meet the selection criteria given in paragraph 9.4.2 are considered as standard components and can be approved via the Declared Components List (DCL). For such components a Part Approval Document (PAD) is only required where the proposed procurement conditions differ from those specified in the lists mentioned in paragraph 9.4.2 or special evaluations are envisaged. For standard parts the DCL shall identify the approval status and list the remark “standard EPPL/QPL”, together with the following procurements details:

• Procurement inspections by customer (pre-cap inspection, etc) if any • Single Event Effects Linear Energy Transfer (SEE LET) threshold and/or total dose

sensitivity level (when applicable) • Date code. In case of procurement from stock, date of relife activities if applicable.

Specific components (Hybrid Circuits, ASICs, etc…) for which the technology is qualified by Capability Approval (or similarity), but which are newly developed and for which a Specific Detail Specification is not listed in the EPPL and QPL, shall be covered by an individual PAD.



All components not meeting the selection criteria of paragraph 9.4.2 are considered as non-standard components, for which the approval requires submittal of a PAD and supporting justification documentation to the first-level supplier/sub-contractors/Prime-contractor and ESA.

9.6 Procurement Requirements Clause 3.4 of ECSS-Q-60 applies with the exceptions as specified in the following sub-paragraphs.

9.6.1 EEE COMPONENTS SCREENING This chapter supersedes clause 3.4.2 of ECSS-Q-60A. All components to be incorporated into flight standard hardware shall be subjected to screening testing. The screening test requirements shall be so designed that accumulated stress will not jeopardise components reliability. All screening tests shall be performed at the component manufacturer’s premises or at a source approved by the approval authority for the performance of screening. The screening levels shall be those commensurate with the component quality levels specified in paragraph 9.4.2; Integrated circuits ESCC, or MIL-PRF-38535 class V Hybrids ECSS-Q-60-05 (Draft), or MIL-PRF-38534 class K (U.S. manufacturers only) Diodes, transistors, opto’s ESCC level B, or MIL-PRF-19500-JANS Crystals ESCC level B Relays ESCC level B Filters ESCC level B CDD ESCC level B Passives, other components ESCC C, or MIL Spec, as a minimum ER level R (allowed if listed in NPSL)



Any additional and/or alternative screening proposals may be applied for procurement ONLY upon approval of the relevant PAD as required in ECSS-Q-60A. The following additional points should also be considered: – The selection of parts from NPSL grade1 listing shall be supplemented by any additional test

required by the NPSL for that part for Grade 1. – All EEE parts with internal cavities shall be subjected to PIND test on a 100% basis. – All solid Tantalum capacitors shall be subjected to surge current testing as per the relevant

specifications. – Destructive Physical Analysis shall be implemented, as required by ECSS-Q-60A, on all non-

standard parts as agreed in the relevant PAD. Destructive Physical Analysis shall be performed for relays regardless their Qualification status.

– User programmable devices, using an anti-fuse technology, may require a post-programming

conditioning sequence to ensure the reliability of the programmed device. Such requirement shall be made explicit case by case in the relevant PAD.

9.6.2 LOT VALIDATION TESTING (LVT) OR QUALITY CONFORMANCE INSPECTION (QCI)

This chapter supersedes clause 3.4.3 of ECSS-Q-60A. All components to be incorporated into flight standard hardware shall be subjected to LVT or QCI testing to the level commensurate with the quality levels specified in paragraph 9.4.2. In the case of integrated circuits, LVT requirements shall be interpreted per ESCC9000 iss2 as follows: ECSS-Q-60A LAT1 means ESCC9000 full chart F4 ECSS-Q-60A LAT2 means ESCC9000 chart F4 subgroups 2 and 3 ECSS-Q-60A LAT3 means incoming inspection QCI for MIL qualified parts shall be implemented as required by the relevant MIL generic specification. QCI for non-qualified components manufactured within the application of a MIL generic specification shall be subjected to QCI as agreed in the relevant PAD. The procurement of hybrid microcircuits will include LAT in accordance with ECSS-Q-60-05 (Draft) or QCI as per MIL-PRF-38534 Class K. New designs of ASICs from non-qualified sources shall be subject to chart F4 in accordance with ESCC9000 (unless the decision on the relevant PAD, signed before procurement, indicates otherwise, on the basis of acceptable justifications).



LAT2 on non ESCC-qualified components may be waived if 1) and 2) below are verified: 1) In cases where design, construction or process changes have not taken place compared to previous procurements 2) And only if LAT2 successful results have been obtained during the 24 months prior to the expected date code. However, LAT2 shall be implemented for certain families, as follows, regardless the history of the manufacturing line or previous LATs:

• LAT2 per assembly date code is required on non-qualified chip solid Tantalum capacitors, crystals, fuses, relays

• LAT2 per wafer lot is required on non qualified microwave diodes, integrated circuits (F4 subgroups 2 and 3 per ESCC9000), MMICs and microwave transistors

9.6.3 RADIATION-SENSITIVE EEE COMPONENTS This chapter complements clause 3.2.4 and supersedes clause 3.4.4 of ECSS-Q-60. All components used in flight hardware shall be evaluated for the effects of the radiation environment specified for the project.. This evaluation shall include effects in terms of:

• Total Ionising Dose (TID) – including Enhanced Low Dose Rate Sensitivity (ELDRS) • Single Event Effects (SEU, SEL, SET, SEB, SEGR) • Displacement damage

and result in a classification of the EEE parts as insensitive or sensitive parts for the project environment. For Total Ionising Dose (TID), a component is considered insensitive when the components radiation sensitivity is demonstrated by data to be at least a factor of 2 better than the expected dose in the application. Where such demonstration is lacking; where data does not exist or where the data is considered not representative, a sample from the Flight lot shall be subjected to Radiation Verification Testing (RVT). The RVT shall be done to a level of a factor 2 higher than the expected dose in the application. The effects of ELDRS (Enhanced Low Dose Rate Sensitivity) shall be taken into account. RVT testing shall be defined in a Radiation Test Plan to be submitted to ESA for approval. Regarding SEE, technologies shall be selected, wherever possible, which are inherently insensitive to single event effects and latch-up. For Single Event latch-up (SEL) and Single Event Upset (SEU) sensitivity, components with an assured LETth> 70 MeV/mg cm ² shall be considered as SEL and SEU insensitive. Components exhibiting a sensitivity between 15 MeV/mg cm² < LETth < 70 MeV/mg cm² shall be subject to the appropriate Heavy Ion SEE rate prediction.



Components with a sensitivity of LETth < 15 MeV/mg cm² shall be subject to the appropriate Heavy Ion and Proton SEE rate prediction. Parts showing an LETth < 3.7 MeV.mg / cm2 shall in principle not be used. Depending on the rate prediction results, for sensitive components, SEE countermeasures shall be implemented as required on the application level. In the case that SEE testing is required for any component, this should be described in the Radiation Test Plan. Note that Proton test results are not considered conclusive for SEL sensitivity demonstration and must be supported by Heavy Ion test results. For MOSFET devices, the requirements concerning SEB and SEGR are contained in the derating requirements. Optocouplers and other optical semiconductors shall be selected on the basis of their hardness against proton radiation, and displacement damage. The classification of parts as sensitive or insensitive shall be justified by means of submission of a Radiation Analysis report, which shall contain details of the predicted radiation environment and the radiation sensitivity data (including reference to source) for each component. Radiation sensitive parts shall be classified as non-standard parts regardless of their qualification status and their approval for the project shall be subject to PAD submission. The approval of such PADs will then be dependant on the results from RVT testing or the acceptance of the SEE rate prediction or the proposed countermeasures. Such details are required to be included in the Radiation Analysis report. The PAD’s for such sensitive parts will not be approved until proper justification is demonstrated.

9.6.4 COMPONENTS FROM STOCK This chapter is a supplement to clause 3.4.5.b of ECSS-Q-60 as follows:

• Solderability test on a sample shall be performed • Re-lifeing should be performed on parts with lot date code which indicates more than 6 yrs

will have elapsed from date of manufacture to date of intended installation.

9.7 Components in Off-The-Shelf equipment (OTS) The supplier shall review the components used in Off-The-Shelf equipment to verify compliance with the requirements of this document and all related applicable documents.



The review shall consider the used components list, the de-rating rules, the environmental conditions incl. radiation, and the equipment design.

9.8 Specific component requirements The requirements of this paragraph supersede and replace those of clause 3.5 of ECSS-Q-60A.

9.8.1 APPLICATION SPECIFIC INTEGRATED COMPONENTS (ASIC) AND FIELD PROGRAMMABLE GATE ARRAYS (FPGA)

The specific requirements detailed in ECSS-Q-60-02 (Draft) shall apply, covering development, prototype manufacturing, testing, validation and quality assurance. All ASICs and FPGAs shall be considered as non-standard parts and therefore controlled via PAD agreement. ESA reserves the right to request complete visibility and to attend to any stage of design and development of custom ASICs and FPGAs for the project. As long as technically feasible, ASICs shall be preferred over FPGAs to implement all functions considered by ESA as critical for the success of the mission, or wherever the FPGA selection and application can not be conducted in accordance with the requirements of this paragraph.

9.8.2 HYBRIDS The specific requirements detailed in ECSS-Q-60-05 (Draft) shall apply, covering the evaluation, qualification and procurement of add-on components. All custom hybrids are considered non-standard and shall be approved via PAD submission procedure.

9.8.3 USER-PROGRAMMABLE DEVICES For “one-time” programmable devices, e.g. PROM or anti-fuse type FPGA, where the programming physically alters the device configuration, a technical specification describing the programming procedure and post-programming screening and testing to be applied to the device shall be prepared. This detail specification should be supplied with the associated PAD for approval. This specification should consider the following elements;

Method of calibration, i.e. verify that the programmer equipment passes all the diagnostic checks

Verification of status of the program of the programming equipment Method of configuration, i.e. by using data from computer mass memory and use of

reference devices Method of identification of each program configuration, i.e. the part number to be assigned

to each device



Use of Manufacturer’s 100% serialization to maintain traceability Programming procedure, i.e. current / voltage waveform to be applied. Only 1

programming cycle is allowed Method of verification of the contents of the programmed device Corrective actions in case of a programming failure. An analysis shall be carried out if the

number of failures for each lot/date code that are programmed relying on the same programmer calibration exceeds 15%

Electrical measurements, in accordance with the part specification (read and record optional)

Burn-in test, according chart III of ESCC Generic Specification No. 9000 Electrical verification of correct programming and electrical measurements pre- and post-

burn-in. The maximum PDA shall be 5% for each lot/date code. If the PDA is higher than 5% the

lot shall be rejected and submitted to Material Review Board disposition.. It is recommended to subject the components to a post-programming burn-in at component level. However if adequate facilities, resources or expertise do not exist, consideration may need to be given to performing extended operation at board level to ensure reliable operation of the device. The duration of such testing will be a function of the maximum operating conditions permitted for the equipment.

9.8.4 ELECTRO-OPTICAL DEVICES These devices are considered non-standard and shall be approved via PAD submission procedure. For components not covered by a generic specification the supplier shall propose specifications and procedures which shall be coherent with the general quality / reliability and control requirements of the project. They shall be made available for review and approval by the Agency with the associated PAD.

9.8.5 ELECTRO-MAGNETIC DEVICES The specific requirements detailed in MIL-STD-981 shall apply, covering design, manufacturing and quality control of custom-made electromagnetic devices such as coils and transformers. These devices are considered non-standard and shall be approved via PAD submission procedure.

9.9 Non-Conformances and Failures This paragraph replaces clause 5 of ECSS-Q-60A. ECSS-Q-20-09B shall apply for NCR related to EEE parts, except that. 4.2.b.9 shall be replaced by the following requirements:



NCR’s related to EEE components shall be classified as major or minor, based on their consequences on the program: MAJOR NCR Major NCR’s are those which may have an impact in the following areas: a) Lot or batch rejection during manufacturing, screening or testing at the manufacturer's

facilities, if the contractor proposes: To use as is the rejected lot or batch, or To continue processing, rework or testing, although the lot or batch does not conform to the

specified requirements; b) Non-conformances detected after delivery from the EEE parts manufacturer (if the lot / batch is

used); c) Fit, Form and Function; d) Any failure during lot validation at procurement responsible level (LAT, QCI, DPA, PDA,

RVT …); e) EEE part failures in use at equipment level (manufacturing or testing). MINOR NCR Minor NCR’s are those which cannot be classified as major. Minor inconsistencies in the accompanying documentation may be classified as minor.

9.10 Documentation This chapter is a supplement to ECSS-Q-60A clause 7. All documentation as required by the clause 7 of ECSS-Q-60A will be retained and made available for ESA. Individual manufacturer’s documentation requirements shall be as per the agreed procurement specifications. The delivery of documentation to ESA will be conducted as specified in the DRD. Other documents related to EEE parts, like component manufacturer’s data relevant to procurement, or lot-specific results, will remain available for review by ESA for the duration specified in the contract. ESA reserves the right to request at any time a Data Package Review to verify that all activities and specifications, as agreed in the relevant PADs, have been effectively put in place in the procurement of components intended for Flight application prior to the actual integration of the components into Flight hardware. The Contractor shall ensure that initiated PADs be provided to ESA prior to actually commencing the evaluation and/or procurement of the relevant EEE component. ESA may decline responsibility if the contractor fails to complain with this requirement.



10 MATERIALS, MECHANICAL PARTS & PROCESSES Each supplier shall define in his Product Assurance and Safety Plan the Materials, Parts and Processes related organisation and tasks. ECSS-Q-70B shall be applicable with the following modifications.

10.1 Technical Requirements for Selection of Materials This section 10.1 supplements clause 5.1 of ECSS-Q-70B. . The data of ECSS-Q-70-71 shall be used preferentially for the selection of materials with a previous history of space use.

10.1.1 VACUUM The acceptance criteria for materials used in space application (vacuum compatibility is also applicable to GSE to be installed in the chamber) shall be as follows: · Recovered Mass Loss (RML) < 1.00 % · Total Mass Loss (TML) (in case that water is a problem) < 1.00 % · Collected Volatile Condensable Material (CVCM) < 0.10 % Materials, for which no relevant outgassing data are available, or that have shown batch variability, shall be subjected to an outgassing test as per ECSS-Q-70-02. Note: It could be that more stringent requirements or more detailed material information, such as dynamic outgassing data is required in general or for specific applications (e.g. amount of material used, location).

10.1.2 FORBIDDEN MATERIALS The use of pure tin, pure mercury, cadmium, zinc or polyvinyl chloride is prohibited. The use of these materials is also forbidden for GSE to be installed in the vacuum chambers and clean rooms.

10.1.3 THERMAL CYCLING Materials (incl. non-flight hardware) subject to thermal cycling shall be assessed to ensure their capability to withstand the induced thermal stresses. Materials used at cryogenic temperatures (40 K or lower) shall be qualified for the worst case conditions.



10.1.4 ATOMIC OXYGEN The effects of atomic oxygen in the outer surfaces shall be assessed on the basis of the orbit parameters and mission duration.

10.1.5 METEORITIC/DEBRIS ENVIRONMENT The influence of a Meteoritic/Debris Environment on the materials shall be examined on a case-by-case basis.

10.1.6 ELECTROCHEMICAL COMPATIBILITY When bimetallic contacts are used, the choice of the pair of metallic materials used shall take into account ECSS-Q-70-71 or MSFC-Spec 250 data. Maximum allowed couple is 0.5 V in controlled and 0.25 V in uncontrolled environments (no temperature or humidity controls).

10.1.7 CORROSION Aluminium surfaces shall be treated for corrosion protection with a chemical conversion coating if necessary. Mechanical parts made of stainless steel shall be passivated. Mechanical parts made of Titanium alloys shall be anodised.

10.1.8 STRESS CORROSION Metallic materials used in structural applications shall have a high resistance to Stress Corrosion Cracking (SCC) and shall be chosen from Table 1 of ECSS-Q-70-36. Metallic materials and welds that are not listed in ECSS-Q-70-36 or whose SCC resistance is unknown shall be tested and categorised according to the requirements of ECSS-Q-70-37.

10.1.9 FLUID COMPATIBILITY Materials that will be in contact with an identified fluid shall be compatible with that fluid. If compatibility data are not available, then testing shall be performed according to NASA-STD-6001.

10.1.10 UV AND PARTICLE RADIATION Materials exposed to the sun shall comply with ECSS-Q-70-06 for UV radiation and, if applicable, or particle radiation. Materials exposed to space but not to the sun shall comply with ECSS-Q-70-06 for particle radiation; this includes transmissive optics, coatings, etc.

10.1.11 ALLOWABLE STRESS Allowable stresses for materials shall be derived from MIL-HDBK-5. Other sources shall be subject to ESA approval. Composite structure allowable stresses shall conservatively allow for degradation due to moisture, temperature and process variables. The material justification shall prove hardware structural integrity during storage and on-orbit life time.



Fracture sensitive materials shall be subjected to fracture control as in ECSS-E-30-01, ECSS-Q-70-36 and ECSS-Q-70-37.

10.1.12 LIMITED LIFE TIME Materials with limited-life characteristics shall be subject to lot/ batch acceptance tests, according to ECSS-Q-70-22, when required by ESA, and shall have their date of manufacture and shelf-life expiration date marked on each lot/ batch.

10.2 Processes This section is a supplement to clause 7 of ECSS-Q-70B. The Contractor shall maximise the use of existing ESA specifications. The following specifications shall be applicable: ECSS-Q-70-08 for soldering ECSS-Q-70-18A for coaxial cable assembly ECSS-Q-70-09 for crimping ECSS-Q-70-28A for repair and modification of PCB’s PSS-01-738 for surface-mounting technology assembly Critical processes shall be identified by the Contractor and reported to ESA through a critical process list. Any process that involves critical or catastrophic hazards shall be identified as critical.

10.3 Materials, Parts and Processes Lists The contractor shall provide: · Declared Material List (DML) · Declared Mechanical Part List (DMPL) · Declared Process List (DPL) A breakdown of such lists and suitable examples are given in ECSS-Q-70B. The contractor shall establish a DML, DMPL and DPL in accordance with the requirements of ECSS-Q-70B, clauses 5.3, 6.3 and 7.4. The Contractor shall prepare and submit materials, parts and processes lists in the early development phase and identify those materials, parts and processes for which insufficient data and



experience is available to assure the required properties for the intended application and for which evaluation and qualification programmes need to be carried out. These lists shall be updated at least for every design review. The Contractor shall issue a system level material and processes list that will integrate lists generated at lower level. The lists shall be provided in a form that is exchangeable, searchable, sortable and suitable for storage and retrieval. An acceptable format is for instance provided by the ESA DML/DPL management software controlled by the ESA Materials & Processes Division. This software is available free of charge. For stress corrosion sensitive materials the form in ECSS-Q-70-36 shall be used (not for ceramics). Ceramics and lubricants shall be declared as non-conventional.



11 SOFTWARE PRODUCT ASSURANCE The Contractor shall develop software in accordance with the requirements of ECSS-Q-80 and ECSS-E-40. ECSS-Q-80B is applicable for Sentinel-1 with the following modifications: ECSS-Q-80B, subclause 5.2.4.1 One person shall be appointed as SW PA responsible. ECSS-Q-80B, subclause 5.6.4 Delete “if this classification forms part of the subcontract”. ECSS-Q-80B, subclause 6.2.1.1 Replace with:

6.2.1.1 The following activities shall be covered in project plans:

• development;

• documents to be produced;

• configuration and documentation management;

• verification and validation activities (including testing);

• maintenance.

NOTE In case software-specific plans are not produced, these activities may be addressed in project general plans.

EXPECTED OUTPUT: Software project plans [MGT, MF, DJF]

ECSS-Q-80B, subclause 6.2.6.3 Replace Expected Output with:

EXPECTED OUTPUT: SPA reports [PAF; PDR, CDR, QR, AR, ORR]. ECSS-Q-80B, subclause 6.2.6.13 Replace “highly critical software” by “mission and safety critical software”. ECSS-Q-80B, subclause 6.3.4.29 Replace “highly critical software” by “mission and safety critical software”.



ECSS-Q-80B, subclause 6.3.6 Not applicable. ECSS-Q-80B, Bibliography Delete the following references: ECSS-Q-80-2, ECSS-Q-80-3 and ECSS-Q-80-3.

12 OFF-THE-SHELF SPACE EQUIPMENT AND SOFTWARE Hardware and software designed and qualified for use on other space programmes shall be considered for use on the Sentinel-1 programme. To be accepted for use on the Sentinel-1 programme such items shall be demonstrated by the Contractor to be suitable for the Sentinel-1 mission in all respects, including applicable Product Assurance requirements. The request to use OTS equipment shall be submitted for ESA approval. A justification file containing the documented evidence that the proposed item is suitable to the intended use shall be provided as part of the Qualification Status Report. Modifications to OTS equipment necessary to meet the applicable requirements, including any supplementary qualification activity, shall be minimized and reported in the justification file. For software OTS the requirements of ECSS-Q-80B, clause 6.2.7 are applicable.