BS EN 16602-10-04:2014 BSI Standards Publication Space product assurance — Critical-item control BS EN 16602-10-04:2014 BRITISH STANDARD National foreword This British Standard is the UK implementation of EN 16602-10-04:2014 The UK participation in its preparation was entrusted to Technical Committee ACE/68, Space systems and operations A list of organizations represented on this committee can be obtained on request to its secretary This publication does not purport to include all the necessary provisions of a contract Users are responsible for its correct application © The British Standards Institution 2014 Published by BSI Standards Limited 2014 ISBN 978 580 84097 ICS 49.140 Compliance with a British Standard cannot confer immunity from legal obligations This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 September 2014 Amendments issued since publication Date Text affected BS EN 16602-10-04:2014 EN 16602-10-04 EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM September 2014 ICS 49.140 English version Space product assurance - Critical-item control Assurance produit des projets spatiaux - Contrôle des éléments critiques Raumfahrtproduktsicherung - Kontrolle von kritischen Teilen This European Standard was approved by CEN on March 2014 CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member This European Standard exists in three official versions (English, French, German) A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels © 2014 CEN/CENELEC All rights of exploitation in any form and by any means reserved worldwide for CEN national Members and for CENELEC Members Ref No EN 16602-10-04:2014 E BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Table of contents Foreword Introduction Scope Normative references Terms, definitions and abbreviated terms 3.1 Terms defined in other standards .8 3.2 Abbreviated terms Overview of the critical-item control process 4.1 General 4.2 Critical-item control process 4.2.1 Critical items and critical-item control 4.2.2 Interfaces between critical-item control and risk management 4.2.3 Interfaces between critical-item control and product assurance 10 4.2.4 Interfaces between critical-item control and product engineering 10 4.2.5 Integration of CI control activities 11 Requirements 12 5.1 Critical-item control process 12 5.1.1 5.2 5.3 Implementation requirements 13 5.2.1 General .13 5.2.2 Step 1: Define CI control requirement 13 5.2.3 Step 2: Identify and classify the critical items 14 5.2.4 Step 3: Decide and act 15 5.2.5 Step 4: Communicate and close­out 16 Integration of CI control activities 16 5.3.1 General requirements .12 Consolidation and gathering method 16 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) 5.3.2 Preliminary design review (PDR) 17 5.3.3 Critical design review (CDR) 17 5.3.4 Acceptance review (AR) 17 Annex A (normative) Critical-item list - DRD 19 Annex B (informative) Critical-item control form 22 Annex C (informative) Check­list for potential critical items 25 Annex D (informative) Examples of critical-item control measures 27 Bibliography 28 Figures Figure 4-1: Critical­item control process, and its relation to the risk management process 10 Figure 5-1: Tasks associated with the 4­step approach of the CI control process 13 Figure B- Example of a critical–item identification list (CIL form) 23 Figure B- Example of a critical–item control sheet 24 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Foreword This document (EN 16602-10-04:2014) has been prepared by Technical Committee CEN/CLC/TC “Space”, the secretariat of which is held by DIN This standard (EN 16602-10-04:2014) originates from ECSS-Q-ST-10-04C This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by March 2015, and conflicting national standards shall be withdrawn at the latest by March 2015 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association This document has been developed to cover specifically space systems and has therefore precedence over any EN covering the same scope but with a wider domain of applicability (e.g : aerospace) According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Introduction Early identification of potential critical items provides valuable inputs to design engineering for their avoidance or elimination Critical-item control provides management with acceptance rationale for those critical items that cannot be eliminated from the critical-item list, and identifies the means by which emanating risks can be controlled This Standard provides the requirements for the implementation of the criticalitem control process as described in ECSS-Q-ST-10 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Scope This Standard defines the principles, process, implementation and requirements for critical­items control Clause is the informative part of this Standard whereas clause and Annex A form the normative part This standard may be tailored for the specific characteristics and constraints of a space project, in accordance with ECSS-S-ST-00 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Normative references The following normative documents contain provisions which, through reference in this text, constitute provisions of this ECSS Standard For dated references, subsequent amendments to, or revisions of any of these publications not apply However, parties to agreements based on this ECSS Standard are encouraged to investigate the possibility of applying the most recent editions of the normative documents indicated below For undated references the latest edition of the publication referred to applies EN reference Reference in text Title EN 16601-00-01 ECSS-S-ST-00-01 ECSS system – Glossary of terms BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Terms, definitions and abbreviated terms 3.1 Terms defined in other standards For the purpose of this Standard, the terms and definitions from ECSS-S-ST-00-01 apply, in particular for the following terms: critical item 3.2 Abbreviated terms For the purpose of this Standard, the abbreviated terms from ECSS-S-ST-00-01 and the following apply: Abbreviation Meaning CI critical item CIL critical-item list PMP parts, materials and processes SPF single­point failure BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) 5.2.5 Step 4: Communicate and close­out 5.2.5.1 Task 10: Monitor and communicate the results of the CI control process a The supplier shall assess and review all critical items periodically for status b The supplier shall assess critical items and associated control measures when affected by nonconformances, anomalies (test and operation), problems and incidents c The supplier shall identify new critical items or changes to conditions under which critical items were previously evaluated d The supplier shall identify and communicate the evolution of CI status over the project evolution 5.2.5.2 5.3 Task 11: Close­out the CI control process for the project a The supplier shall submit the completed CIL for formal acceptance by the next higher level project management b The supplier shall assess periodically the performance of the CI control processes and implement improvement of the effectiveness based on experience with project progress Integration of CI control activities 5.3.1 a b Consolidation and gathering method The top down approach from the system to lower level shall be used to identify the required lower level inputs NOTE CI control activities are performed at different levels of the customer supplier chain The lower level activities are integrated into the system level activities The proper and effective integration of these tasks is of major importance NOTE Those inputs are linked to knowledge of the domain The bottom-up approach from lower level to system level tasks shall be used for the integration of lower results NOTE This bottom-up approach integrates logically and effectively the lower level inputs into the system level activities NOTE Top down and bottom-up approaches assists in achieving the following results: • proper allocation of the ranking scheme at the system level where applicable; • proper development and implementation of CI control; 16 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) • identification of the not yet dispositioned items in a timely manner; • assurance that all aspects relevant to the CI control are systematically considered NOTE 5.3.2 a Preliminary design review (PDR) At PDR, the CIL shall cover all the critical items identified by RAMS, PMP, EEE, QA and engineering disciplines that are already known in the early phases of the project (refer to Annex C) 5.3.3 a Further recommendations for the integration of CI control into the project life cycle are given in the subsequent clauses NOTE In addition, the preliminary CIL includes a list of recommendations for the elimination of de-sign deficiencies by redesign in the detailed design phase NOTE In this phase, the preliminary CIL is used as a mean to present the nonconforming designs to the programme management for initial evaluation and determination of the subsequent course of action Critical design review (CDR) During the CDR the CIL shall be subject to evaluation NOTE The results of the evaluation constitutes a preliminary indication of which items are candidates for programme acceptance, based on accepted criticality definitions, and which items are candidates for redesign NOTE As per the PDR, during this phase the CIL continues to include and document all the critical items identified in the different system analyses NOTE At this point in the programme, the CIL is used to address all the nonconforming designs to the programme management for formal evaluation and decision (i.e acceptance or redesign) b The integrated CIL shall be retained as the interim programme CIL until each of the items on the CIL is either baselined via programme approval or removed from the CIL based upon a design change c At the conclusion of the CDR, actions shall be taken to prepare the CIL programme acceptance documentation for the identified critical items 5.3.4 a Acceptance review (AR) Prior to AR, the supplier shall develop the closeout documentation for all critical items 17 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) 18 b When the customer has agreed that no design change is implemented for a critical item, the closeout documentation shall contain the retention rationale c After implementation of design change, the supplier shall update the CIL to reflect the new configuration status and the affected critical item shall be closed within the CIL d From the end of the CDR up to the conclusion of the AR, the supplier shall include the status of the CIL open items in the PA progress report e At the end of the AR, the supplier shall verify the action closure for open critical items and shall provide it for customer approval BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Annex A (normative) Critical-item list - DRD A.1 DRD identification A.1.1 Requirement identification and source document This DRD is called from ECSS-Q-ST-10-04, requirements 5.1.1c and 5.2.3.1c A.1.2 Purpose and objective The purpose of this list is to summarise all critical items A.2 Expected response A.2.1 a a Contents Number This list shall uniquely identify the critical item Critical item This list shall identify the critical item NOTE a A critical item can be a unit, subsystem, equipment, component, material, process, and function Risks associated This list shall contain the technical risk(s) associated with the critical item NOTE This can be a reference to the associated entry in the Risk Register 19 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) a This list shall contain a reference to the document in which the item is identified as critical b This list shall further contain a reference to the design, manufacturing and test documentation related to the critical item a a Criticality level This list shall include the criticality level of the critical item in accordance with the critical item classification as defined in clause 5.2.3 Cause This list shall contain the description of the cause which makes this item critical Control activities a This list shall contain planned activities to reduce or control the risk as defined in 5.2.4.2 b This list shall contain the statement of verification of the control implementation as defined in 5.2.4.2 a 20 Document reference Due date The list shall show the expected completion date of the control activities Status a The list shall provide the status of action as “Open” or “Closed” b In case of closed action, the list shall provide the reference to the closeout document BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) A.2.2 Special remarks The supplier can use the following template: No Critical item Risks Reference Criticality associated doc level Cause Control activities Due date Status No Unique item identifier Critical item Identified critical item (e.g unit, subsystem, equipment, component, material, process, and function) Risks associated Technical risk(s) associated with the critical item (refer to the associated entry in the Risk Register) Reference doc Reference document in which the item is identified as critical Criticality level In accordance with the critical item classification as defined in clause 5.2.3 Cause Description of the cause which makes this item critical Control activities (Refer to clause 5.2.4.2 Task 7) Planned activities to reduce or control the risk and statement of verification of the control implementation (e.g design and operational requirements, test, inspection and failure history) Due date Expected completion date of activities Status Status of action: Open / Closed (with ref to close­out docs.) 21 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Annex B (informative) Critical-item control form Figure B- and Figure B- are examples of critical-item control forms 22 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Critical­item identification CI no Subsystem: Equipment: Item: Function: Title: Mission phase: Description of event (related to the critical item): Effects/risks at: - Product level: - Subsystem level: - System level: Possible causes: Problem identification reference: Severity category: Likelihood category: Single­point failure (Yes/No): Detectability (Yes/No): Propagation time: Applicable requirements: Item is confirmed critical by Discipline PA Engineering Project manager Name: Date: Signature: Figure B- Example of a critical–item identification list (CIL form) 23 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Sheet No Critical­item control sheet Measures proposed: Measures adopted: a) Specification b) Design/definition d) Inspection procedures e) Operational procedures Potential risk reduction: Risk to be reduced c) Tests f) In­flight detection Open Confirmed - Severity category: Accepted risk - Likelihood category: Attenuated Closed Effectiveness/rationale for retention/close­out documents: Figure B- Example of a critical–item control sheet 24 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Annex C (informative) Check­list for potential critical items C.1 C.2 C.3 Examples of critical items • An item is critical if it is not qualified or validated for the application in question (or has caused problems previously which remained unresolved) • An item is critical if it is difficult to demonstrate design performance • An item is critical if it is highly sensitive to the conditions under which it is produced or used (e.g contamination, radiation) • An item is critical if it has the potential to degrade the quality of the product significantly, and hence the ability of the end­product to accomplish defined mission objectives • An item is critical if major difficulties or uncertainties are expected in the procurement, manufacturing, assembly, inspection, test, handling, storage and transportation, that have the potential to lead to a major degradation in the quality of the product Potential RAMS critical items • Item not meeting the applicable failure tolerance requirement • Item constituting a residual single­point failure (SPF) • Fracture critical item (pressure vessel, structural item whose failure can result in catastrophic or critical consequences) • Limited­life and limited­cycle item (item with useful life duration or operating cycles limitation; item prone to wear out, drift or degradation below minimum required performance in less than the storage and mission time) • Item not meeting applicable derating requirements • Item considered critical at the conclusion of the worst case analyses Potential critical components, materials and processes • Long­lead items (adverse impact of item procurement on project schedule) 25 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) C.4 C.5 C.6 26 • EEE components subject to export licence constraints • EEE components containing dangerous elements • EEE components sensitive to radiation environment in space • EE components sensitive to ON/OFF switching • components, material and processes new or not qualified or not validated for intended application • Item with a known history of flight failures • Item highly sensitive to manufacturing processes Software critical items • List of critical software components • Software items whose performances could be difficult to obtain • Software items not observable after integration in equipment • Software items not modifiable in the operational environment • Software items with strong intrinsic complexity • Software development tools with limited maintenance with respect to mission lifetime Items critical for integration • Material with long manufacturing or procurement duration • Items that cannot be checked and tested after integration • Item presenting risks to the personnel (including in the event of inopportune controls) • Item requiring special handling procedures Miscellaneous critical items • Item difficult to control or implement • Material with particular constraints for storage • Item having posed as yet unsolved problems, at the time of a preceding utilisation • Material sensitive to transport conditions • Item issued from lessons­learned internal database, if applicable BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Annex D (informative) Examples of critical-item control measures D.1 Design and operation Identify specific design features that minimise the probability of occurrence of the failure mode and its causes Where applicable, relate the design features to the specific causes Typical controlling features include safety factors, use of special materials, unique physical or chemical characteristics or properties, critical dimensions, and other measurable parameters under design control Describe the redundancy configuration, if applicable, and list the remaining success paths after first failure Discuss performance degradation, if any, as failures occur or as life limits expire Assess the following: D.2 • design and operation features that prevent the occurrence of a cause through e.g safety features; • design and operation features that prevent or interrupt the physical propagation of a cause to an event through introduction of, for example, physical barriers; • design and operation features that prevent or interrupt the functional propagation of a cause to an event through introduction of, for example, functional redundancy; • design and operation features that prevent or interrupt the functional propagation of a cause to an event through introduction of an emergency, warning and caution function; • design and operation features that reduce the severity of a consequence through introduction of a saving, escape or rescue feature or function; • procedures or changes in operational steps and procedures Tests Identify specific tests accomplished to detect failure modes and causes during acceptance tests, certification tests, and pre­launch and on­orbit check­out tests D.3 Inspection Identify specific inspection criteria which are included to determine that specific failure mode causes are not inadvertently manufactured into the hardware or that hardware is not degraded 27 BS EN 16602-10-04:2014 EN 16602-10-04:2014 (E) Bibliography EN reference Reference in text Title EN 16601-00 ECSS-S-ST-00 ECSS system — Description, implementation and general requirements EN 16601-80 ECSS-M-ST-80 Space project management — Risk management EN 16602-10 ECSS-Q-ST-10 Space product assurance — Product assurance management 28 This page deliberately left blank NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW British Standards Institution (BSI) BSI is the national body responsible for preparing British Standards and other standards-related publications, information and services BSI is incorporated by Royal Charter British Standards and other standardization products are published by BSI Standards Limited About us Revisions We bring together business, industry, government, consumers, innovators and others to shape their combined experience and expertise into standards -based solutions Our British Standards and other publications are updated by amendment or revision The knowledge embodied in our standards has been carefully assembled in a dependable format and refined through our open consultation process Organizations of all sizes and across all sectors choose standards to help them achieve their goals Information on standards We can provide you with the knowledge that your organization needs to succeed Find out more about British Standards by visiting our website at bsigroup.com/standards or contacting our Customer Services team or Knowledge Centre Buying standards You can buy and download PDF versions of BSI publications, including British and adopted European and international standards, through our website at bsigroup.com/shop, where hard copies can also be purchased If you need international and foreign standards from other Standards Development Organizations, hard copies can be ordered from our Customer Services team Subscriptions Our range of subscription services are designed to make using standards easier for you For further information on our subscription products go to bsigroup.com/subscriptions With British Standards Online (BSOL) you’ll have instant access to over 55,000 British and adopted European and international standards from your desktop It’s available 24/7 and is refreshed daily so you’ll always be up to date You can keep in touch with standards developments and receive substantial discounts on the purchase price of standards, both in single copy and subscription format, by becoming a BSI Subscribing Member PLUS is an updating service exclusive to BSI Subscribing Members You will automatically receive the latest hard copy of your standards when they’re revised or replaced To find out more about becoming a BSI Subscribing Member and the benefits of membership, please visit bsigroup.com/shop With a Multi-User Network Licence (MUNL) you are able to host standards publications on your intranet Licences can cover as few or as many users as you wish With updates supplied as soon as they’re available, you can be sure your documentation is current For further information, email bsmusales@bsigroup.com BSI Group Headquarters 389 Chiswick High Road London W4 4AL UK We continually improve the quality of our products and services to benefit your business If you find an inaccuracy or ambiguity within a British Standard or other BSI publication please inform the Knowledge Centre Copyright All the data, software and documentation set out in all British Standards and other BSI publications are the property of and copyrighted by BSI, or some person or entity that owns copyright in the information used (such as the international standardization bodies) and has formally licensed such information to BSI for commercial publication and use Except as permitted under the Copyright, Designs and Patents Act 1988 no extract may be reproduced, stored in a retrieval system or transmitted in any form or by any means – electronic, photocopying, recording or otherwise – without prior written permission from BSI Details and advice can be obtained from the Copyright & Licensing Department Useful Contacts: Customer Services Tel: +44 845 086 9001 Email (orders): orders@bsigroup.com Email (enquiries): cservices@bsigroup.com Subscriptions Tel: +44 845 086 9001 Email: subscriptions@bsigroup.com Knowledge Centre Tel: +44 20 8996 7004 Email: knowledgecentre@bsigroup.com Copyright & Licensing Tel: +44 20 8996 7070 Email: copyright@bsigroup.com