EN 16602-30-09:2014

SLOVENSKI STANDARD
01-november-2014
Zagotavljanje varnih proizvodov v vesoljski tehniki - Analiza razpoložljivosti
Space product assurance - Availability analysis
Raumfahrtproduktsicherung - Verfügbarkeitsanalyse
Assurance produit des projets spatiaux - analyse de disponibilité
Ta slovenski standard je istoveten z: EN 16602-30-09:2014
ICS:
49.140 Vesoljski sistemi in operacije Space systems and
operations
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN 16602-30-09
NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2014
ICS 49.140
English version
Space product assurance - Availability analysis
Assurance produit des projets spatiaux - Analyse de Raumfahrtproduktsicherung - Verfügbarkeitsanalyse
disponibilité
This European Standard was approved by CEN on 6 March 2014.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving
this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning
such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre
has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia,
Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.

CEN-CENELEC Management Centre:
Avenue Marnix 17, B-1000 Brussels
© 2014 CEN/CENELEC All rights of exploitation in any form and by any means reserved Ref. No. EN 16602-30-09:2014 E
worldwide for CEN national Members and for CENELEC
Members.
Table of contents
Foreword . 4
1 Scope . 5
2 Normative references . 6
3 Terms, definitions and abbreviated terms . 7
3.1 Terms from other standards . 7
3.2 Terms specific to the present standard . 7
3.3 Abbreviated terms. 10
4 Objectives of availability analysis . 11
5 Specifying availability and the use of metrics . 12
5.1 General . 12
5.1.1 Introduction . 12
5.1.2 Availability requirements . 12
5.2 Different ways of specifying availability . 13
5.2.1 Probability figure convention . 13
5.2.2 Availability during mission lifetime for a specified service . 13
5.2.3 Availability at a specific time (or time interval) for a specified service . 14
5.2.4 Percentage or number of successfully delivered products . 15
5.2.5 Outage probability distribution . 15
5.3 Metrics commonly used . 16
5.4 Metrics mapping . 16
5.4.1 General . 16
5.4.2 Metrics mapping at system or subsystem level . 16
5.4.3 Metrics mapping at equipment level . 17
6 Availability assessment process . 18
6.1 Overview of the assessment process. 18
6.2 Availability allocation . 19
6.3 Iterative availability assessment . 20
6.4 Availability report content . 22
7 Implementation of availability analysis . 23
7.1 Overview . 23
)
7.2 Availability activities and programme phases . 23
7.2.1 Feasibility phase (Phase A) . 23
7.2.2 Preliminary definition phase (Phase B) . 24
7.2.3 Detailed definition and production phases (Phase C/D) . 24
7.2.4 Utilization phase (Phase E) . 25
Annex A (informative) Suitable methods for availability assessment . 26
A.1 Overview . 26
A.2 Analytical method . 26
A.3 Markov process . 27
A.4 Monte-Carlo simulation . 28
Annex B (informative) Typical work package description for availability
activities . 29
Bibliography . 30

Figures
Figure 3-1: Relations between the various values that characterize the reliability,
maintainability and availability of equipment . 8
Figure 6-1: Availability assessment process . 19
Figure 6-2: Example of a dynamic behaviour model . 21
Figure A-1 : Basic availability formulae . 27
Figure A-2 : Example of Markov graph . 28
Figure A-3 : Example of Petri net modelling . 28

Tables
Table 5-1 Availability and supporting metrics applicable at system and subsystem level . 17

Foreword
This document (EN 16602-30-09:2014) has been prepared by Technical
Committee CEN/CLC/TC 5 “Space”, the secretariat of which is held by DIN.
This standard (EN 16602-30-09:2014) originates from ECSS-Q-ST-30-09C.
This European Standard shall be given the status of a national standard, either
by publication of an identical text or by endorsement, at the latest by March
2015, and conflicting national standards shall be withdrawn at the latest by
March 2015.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. CEN [and/or CENELEC] shall not be held
responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CEN by the
European Commission and the European Free Trade Association.
This document has been developed to cover specifically space systems and has
therefore precedence over any EN covering the same scope but with a wider
domain of applicability (e.g. : aerospace).
According to the CEN-CENELEC Internal Regulations, the national standards
organizations of the following countries are bound to implement this European
Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France,
Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United
Kingdom.
Scope
This Standard is part of a series of ECSS Standards belonging to ECSS-Q-ST-30,
Space product assurance – Dependability. The present standard defines the
requirements on availability activities and provides where necessary guidelines
to support, plan and implement the activities.
It defines the requirement typology that is followed, with regard to the
availability of space systems or subsystems in order to meet the mission
performance and needs according to the dependability and safety principles
and objectives.
This Standard also describes the process that is followed and the most
significant methodologies for the availability analysis to cover such aspects as
• evaluation of the space element or system availability figure,
• allocation of the requirement at lower level, and
• outputs to be provided.
This Standard applies to all elements of a space project (flight and ground
segments), where Availability analyses are part of the dependability
programme, providing inputs for the system concept definition and design
development.
The on-ground activities and the operational phases are considered, for
availability purposes, in order to
• acquire additional information essential for a better system model
finalization and evaluation, and
• monitor the system behaviour to optimize its operational performance
and improve the availability model for future applications.
This standard may be tailored for the specific characteristic and constraints of a
space project in conformance with ECSS-S-ST-00.

Normative references
The following normative documents contain provisions which, through
reference in this text, constitute provisions of this ECSS Standard. For dated
references, subsequent amendments to, or revisions of any of these publications
do not apply. However, parties to agreements based on this ECSS Standard are
encouraged to investigate the possibility of applying the most recent editions of
the normative documents indicated below. For undated references the latest
edition of the publication referred to applies.

EN reference Reference in text Title
EN 16601-00-01 ECSS-S-ST-00-01 ECSS system — Glossary of terms

Terms, definitions and abbreviated terms
3.1 Terms from other standards
For the purpose of this Standard, the terms and definitions from
ECSS-S-ST-00-01- apply.
3.2 Terms specific to the present standard
3.2.1 achieved availability
probability that a system, subsystem or equipment, when used under stated
conditions in an ideal support environment operates satisfactorily at a given time
NOTE The downtime is associated only to the active
preventive and corrective maintenance.
3.2.2 active redundancy
every entity is operating and the system can continue to operate without
downtime or defects despite the loss of one or more entities
3.2.3 corrective maintenance
maintenance performed to restore system hardware integrity following
anomalies or equipment problems encountered during system operations
3.2.4 flight segment
product or a set of products intended to be operated in space
3.2.5 ground segment
all ground infrastructure elements that are used to support the preparation
activities leading up to mission operations, the conduct of mission operations
and all post-operational activities
3.2.6 hot redundancy
redundancy entity is “ON”, but not necessarily in the right configuration to
accomplish the function
3.2.7 instantaneous availability
probability that an item is in a state to perform a
required function under given conditions at a given instant in time, assuming
that the required external resources are provided
NOTE Preventive maintenance is generally not taken into
account for intrinsic availability.
3.2.8 instantaneous availability
probability that an item is in a state to perform a required
function under given conditions at a given instant of time, taking into account
the maintenance strategy (spares policy and related in logistic delays and
constraints)
3.2.9 lead time (supplier delay)
mean time for supplier to provide spares (including shipping time)
3.2.10 logistic delay
mean time for human and material maintenance means to be available (call-out
time)
3.2.11 mean availability
percentage of time that a system, subsystem or
equipment, used under stated conditions, without any scheduled or preventive
action and with ideal logistical support, operates satisfactorily for a defined
time period
3.2.12 mean availability
percentage of defined time period in which a system, subsystem
or equipment, operates satisfactorily used under stated conditions in an actual
support environment
NOTE The down time is relevant to the corrective
maintenance, preventive maintenance, logistic and
administrative delays.
3.2.13 mean down time
mean time between service interruption and service resumption
NOTE See Figure 3-1.
initial start restart second
failure of work failure
time
correct operation waiting repair correct operation
MTTR
MTTF MDT MUT
MTBF
Figure 3-1: Relations between the various values that characterize the reliability,
maintainability and availability of equipment
3.2.14 mean time between failures
mean time between two consecutive failures
3.2.15 mean time between outages
mean time of operation of an entity between two consecutive non-operational
phases caused by corrective or preventive maintenance activities
3.2.16 mean time to failure
mean time of working of an entity before its first failure
NOTE Also known as “mean time to first failure”
(MTTFF).
3.2.17 mean time to outage
mean time of working of an entity before its first outage
3.2.18 mean time to repair
mean duration to repair equipment with human and material maintenance
means being available
3.2.19 mean up time
mean time of working of an entity after corrective maintenance (covering repair
and replacement)
3.2.20 outage
state of an item of being unable to perform its required function
[IEC Multilingual Dictionary:2001 edition]
NOTE 1 Causes of outages can be failures, upsets or
planned and unplanned events.
NOTE 2 The failures can be due to cataleptic intrinsic
events or external events.
3.2.21 passive redundancy
redundancy not activated before necessary
NOTE Also knows as “standby redundancy” or “cold
redundancy”.
3.2.22 preventive maintenance
scheduled or on-condition maintenance actions performed on equipment to
reduce its probability of failure or degradation
NOTE Preventive maintenance is performed to keep the
system at designed reliability and safety levels
before failure occurrence.
3.2.23 steady-state availability (asymptotic availability)
limit, if any, on the instantaneous availability as time approaches infinite
3.3 Abbreviated terms
For the purpose of this Standard, the abbreviated terms from ECSS-S-ST-00-01
and the following apply:
Abbreviations Meaning
FMECA failure modes, effects and criticality analysis
GPS global positioning system
LD logistic delay
MDT mean down time
MTBF mean time between failures
MTBO mean time between outages
MTTF mean time to failure
MTTFF mean time to first failure
MTTO mean time to outage
MTTR mean time to repair
MUT mean up time
NRB nonconformance review board
PDF probability density function
RAM reliability availability and maintainability
SOW statement of work
TWT travelling wave tube
w.r.t. with respect to
Objectives of availability analysis
The availability analysis is developed in order to
• verify the conformance of the selected system design with the applicable
availability requirements, and
• provide inputs to estimate the life cycle cost of the system.
The above design activity leads to the optimization of the system concept
definition with respect to design baseline, operations and logistics provisions.
The availability analysis identifies the unavailability contributors in order to
quantify their impact in supporting the
• decision making process, and
• risk evaluation, reduction and control (see ECSS-M-ST-80).
The availability activity is fully integrated into the development programme to
ensure the correct support to the other disciplines (e.g. engineering, operations
and logistics).
Specifying availability and the use of
metrics
5.1 General
5.1.1 Introduction
The mission success criteria, from a probabilistic point of view, can be
established in different ways. As a consequence, the selection of the most
adequate dependability requirement depends on all of the operational
constraints and mission objectives.
5.1.2 Availability requirements
a. Availability requirements shall respect the mandatory characteristics
defined by the system engineering process.
NOTE E.g. traceable, identified, unique, or unambiguous.
b. For each availability requirement, a verification method shall exist.
c. Each availability requirement shall be a quantitative requirement.
d. The process leading to the definition of the availability requirement shall
be user oriented (availability of mission service) and not design focused.
e. The process leading to the definition of the availability requirement shall
include the following aspects necessary to characterize the project under
development:
1. Functional and performances objectives.
NOTE For example, what is the “threshold” between
nominal behaviour and failure mode? What are
the contributors to mission success under
system visibility and responsibility?
2. “Environmental” conditions.
NOTE For example, for which environment, interfaces,
provisions,… shall the above objectives be
met?.
3. Operational time frame.
NOTE For example, for which period, at what date.
4. Unavailability contributors to be taken into account in the analysis
on the basis of the supplier’s visibility and responsibility for the
logistic scenario or support.
NOTE For example, detection, logistics, and
administrative delays.
f. Availability requirements shall be specified according to one or several of
the following classes of availability specifications detailed in clause 5.2.
5.2 Different ways of specifying availability
5.2.1 Probability figure convention
a. For each type of availability requirement, specified figures shall be
defined as “mean” or “best estimate” probability figures (point
estimation). Unit failure rates are generally computed in this way (or
sometimes at 60 % confidence level).
5.2.2 Availability during mission lifetime for a
specified service
5.2.2.1 Overview
Availability during mission lifetime for a specified service is currently used for
missions where a “steady-state” nominal service is planned, and for which a
percentage of the mission time can be specified as an availability performance
measure.
The availability during mission lifetime applies to maintainable, on-ground or
in-orbit (e.g. Space Station), and non-maintainable systems (e.g. satellites).
Generic potential contributors for outage periods can be, for instance,
maintenance activities (preventive as far nominal service is impacted,
corrective), periodic manoeuvres, reconfiguration delays for redundant
payload, recoveries from safe mode, upsets, eclipses.
In some applications, the mission lifetime can be subdivided into several
periods for which the availability requirement applies.
NOTE For example, “The system shall be operational
during 11 months per year during the mission
lifetime”.
5.2.2.2 Requirements
a. If the operative scenario duration is longer than the system or equipment
mean down time (more than 5 MDT), so that the instantaneous or mean
availability can reach an asymptotic (or steady state) behaviour, then the
requirement shall be formulated in terms of steady-state availability,
assuring a simplifying (and generally conservative) approach.
b. The availability during mission lifetime shall be computed as the ratio of
time during which service is fulfilled over the total mission lifetime.
c. For non-maintainable systems, the availability during mission lifetime
requirements shall be established considering that the mission is still
operational at end of life.
NOTE
...