1、BSI Standards PublicationProcess management for avionics - Atmospheric radiation effectsPart 3: System design optimization to accommodate the single event effects (SEE) of atmospheric radiationBS IEC 62396-3:2013National forewordThis British Standard is the UK implementation of IEC 62396-3:2013. Its
2、upersedes DD IEC/TS 62396-3:2008 which is withdrawn.The UK participation in its preparation was entrusted to TechnicalCommittee GEL/107, Process management for avionics.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport
3、to include all the necessary provisions ofa contract. Users are responsible for its correct application. The British Standards Institution 2013.Published by BSI Standards Limited 2013ISBN 978 0 580 81623 9ICS 31.020; 49.060Compliance with a British Standard cannot confer immunity fromlegal obligatio
4、ns.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 31 October 2013.Amendments/corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS IEC 62396-3:2013IEC 62396-3 Edition 1.0 2013-09 INTERNATIONAL STANDARD Process management for
5、 avionics Atmospheric radiation effects Part 3: System design optimization to accommodate the single event effects (SEE) of atmospheric radiation INTERNATIONAL ELECTROTECHNICAL COMMISSION U ICS 03.100.50; 31.020; 49.060 PRICE CODE ISBN 978-2-8322-1095-6 Registered trademark of the International Elec
6、trotechnical Commission Warning! Make sure that you obtained this publication from an authorized distributor. BS IEC 62396-3:2013 2 62396-3 IEC:2013(E) CONTENTS FOREWORD . 3 INTRODUCTION . 5 1 Scope . 6 2 Normative references . 6 3 Terms and definitions . 6 4 Process guidance . 10 5 Atmospheric radi
7、ation and electronic system faults . 11 5.1 Atmospheric radiation effects on avionics 11 5.2 Hard faults 12 5.3 Soft faults 13 6 Aircraft safety assessment 13 6.1 Methodology 13 6.2 Mitigation 14 6.3 Specific electronic systems . 14 6.3.1 Level A systems 14 6.3.2 Level B systems 17 6.3.3 Level C sys
8、tems 18 6.3.4 Levels D and E systems 18 Annex A (informative) Design process flow diagram for SEE rates . 19 Annex B (informative) Some mitigation method considerations for SEEs 20 Annex C (informative) Example systems 24 Bibliography 28 Figure C.1 Electronic equipment (flight control computers). 24
9、 Figure C.2 Electronic equipment (flight director computers) . 25 Figure C.3 Electronic equipment (engine control) . 26 Figure C.4 Electronically powered surface . 26 Figure C.5 Hydro mechanical drive of surface Electronic valve control 27 Table 1 Failure effect and occurrence probability . 14 BS IE
10、C 62396-3:201362396-3 IEC:2013(E) 3 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ PROCESS MANAGEMENT FOR AVIONICS ATMOSPHERIC RADIATION EFFECTS Part 3: System design optimization to accommodate the single event effects (SEE) of atmospheric radiation FOREWORD 1) The International Electrotechnical Commi
11、ssion (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and i
12、n addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee i
13、nterested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordanc
14、e with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interes
15、ted IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsibl
16、e for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence bet
17、ween any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of c
18、onformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and m
19、embers of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publicatio
20、n or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publicatio
21、n may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. International Standard IEC 62396-3 has been prepared by IEC technical committee 107: Process management for avionics. This first edition cancels and replaces IEC/TS 62396-3 publish
22、ed in 2008. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) Reference to IEC 62396-1:2012 included. b) Some definitions in Clause 3 updated in line with IEC 62396-1:2012. c) Reference to system
23、level A types I and II removed from 6.3 and Annex C. d) Replacement in key locations of “may” by a more positive statement. BS IEC 62396-3:2013 4 62396-3 IEC:2013(E) The text of this international standard is based on the following documents: FDIS Report on voting 107/210/FDIS 107/220/RVD Full infor
24、mation on the voting for the approval of this standard can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. A list of all parts of the IEC 62396 series, under the general title Process management for a
25、vionics Atmospheric radiation effects, can be found on the IEC website. The committee has decided that the contents of this publication will remain unchanged until the stability date indicated on the IEC web site under “http:/webstore.iec.ch“ in the data related to the specific publication. At this
26、date, the publication will be reconfirmed, withdrawn, replaced by a revised edition, or amended. A bilingual version of this publication may be issued at a later date. BS IEC 62396-3:201362396-3 IEC:2013(E) 5 INTRODUCTION This industry-wide International Standard provides additional guidance to avio
27、nics systems designers, electronic equipment, component manufacturers and their customers to adopt a standard approach to optimise system design to accommodate atmospheric radiation single event effects (SEE). It builds on the information and guidance on the system level approach to single event eff
28、ects in IEC 62396-1:2012, considers some avionic systems and provides basic methods to accommodate SEE so that system hardware assurance levels are met. Atmospheric radiation effects are one factor that could contribute to equipment hard and soft fault rates. From a system safety perspective, using
29、derived fault rate values, the existing methodology described in ARP4754 11(accommodation of hard and soft fault rates in general) will also accommodate atmospheric radiation effect rates. _ 1Numbers in square brackets refer to the Bibliography. BS IEC 62396-3:2013 6 62396-3 IEC:2013(E) PROCESS MANA
30、GEMENT FOR AVIONICS ATMOSPHERIC RADIATION EFFECTS Part 3: System design optimization to accommodate the single event effects (SEE) of atmospheric radiation 1 Scope This part of IEC 62396 provides guidance and furthermore it provides necessary requirements for those involved in the design of avionic
31、systems and equipment and the resultant effects of atmospheric radiation-induced single event effects (SEE) on those avionic systems. The outputs of the activities and objectives described in this part of IEC 62396 will become inputs to higher level certification activities and required evidences. I
32、t builds on the initial guidance on the system level approach to single event effects in IEC 62396-1:2012, considers some avionic systems and provides basic methods to accommodate SEE so that system development assurance levels are met. 2 Normative references The following documents, in whole or in
33、part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. IEC 62396-1:2012, Process management for avioni
34、cs Atmospheric radiation effects Part 1: Accommodation of atmospheric radiation effects via single event effects within avionics electronic equipment IEC/TS 62239-1, Process management for avionics Management plan Part 1: Preparation and maintenance of an electronic components management plan 3 Term
35、s and definitions For the purposes of this document, the terms and definitions of IEC 62396-1:2012, IEC/TS 62239-1 as well as the following apply. 3.1 analogue single event transient ASET spurious signal or voltage produced at the output of an analogue device by the deposition of charge by a single
36、particle SOURCE: IEC 62396-1:2012, 3.2 3.2 could not duplicate CND reported outcome of diagnostic testing on a piece of equipment Note 1 to entry: Following receipt of an error or fault message during operation, the error or fault condition could not be replicated during subsequent equipment testing
37、. BS IEC 62396-3:201362396-3 IEC:2013(E) 7 3.3 double error correction triple error detection DECTED system or equipment methodology to test a digital word of information to determine if it has been corrupted, and if corrupted, to conditionally apply correction Note 1 to entry: This methodology can
38、correct two bit corruptions and can detect and report three bit corruptions. 3.4 firm error circuit cell failure within a device that cannot be reset other than by rebooting the system or by cycling the power Note 1 to entry: Such a failure could be manifest as a soft fault in that it could provide
39、no fault found during subsequent test and impact the value for the MTBUR of the LRU. Note 2 to entry: See also soft error. 3.5 hard error permanent or semi-permanent damage of a cell by atmospheric radiation that is not recoverable even by cycling the power off and on Note 1 to entry: Hard errors co
40、uld include SEB, SEGR and SEL. Such a fault would be manifest as a hard fault and could impact the value for the MTBF of the LRU. SOURCE: IEC 62396-1:2012, 3.24, modified a note to entry has been added 3.6 hard fault term used at the aircraft function level safety analysis referring to the permanent
41、 failure of a component within an LRU Note 1 to entry: A hard fault results in the removal of the LRU affected and the replacement of the permanently damaged component before a system/system architecture can be restored to full functionality. Such a fault could impact the value for the MTBF of the L
42、RU repaired. SOURCE: IEC 62396-1:2012, 3.25 3.7 latch-up condition where triggering of a parasitic p-n-p-n circuit in semiconductor materials (including bulk CMOS) occurs, resulting in a state where the parasitic latched current exceeds the holding current. This state is maintained while power is ap
43、plied Note 1 to entry: Latch-up could be a particular case of a soft fault (firm/soft error) or in the case where it causes device damage, a hard fault. SOURCE: IEC 62396-1:2012, 3.29, modified a note to entry has been added 3.8 line replaceable unit LRU piece of avionics electronic equipment that m
44、ay be replaced during the maintenance cycle of the system SOURCE: IEC 62396-1:2012, 3.32 BS IEC 62396-3:2013 8 62396-3 IEC:2013(E) 3.9 mean time between failure MTBF measure of reliability requirements and is the mean time between failure of equipment or a system in service Note 1 to entry: Term fro
45、m the world airlines technical glossary referring to the mean time between failure of equipment or a system in service such that it would require the replacement of a damaged component before a system/system architecture can be restored to full functionality and thus it is a measure of reliability r
46、equirements for equipment or systems. SOURCE: IEC 62396-1:2012, 3.34, modified a note to entry has been added 3.10 mean time between unscheduled removals MTBUR measure of reliability requirements and is the mean time between unscheduled removal of equipment or a system in service Note 1 to entry: Te
47、rm from the world airlines technical glossary referring to the mean time between unscheduled removal of equipment or a system in service that could be the result of soft faults and thus is a measure of reliability for equipment or systems. MTBUR values can have a major impact on airline operational
48、costs. SOURCE: IEC 62396-1:2012, 3.35, modified a note to entry has been added 3.11 multiple bit upset MBU the energy deposited in the silicon of an electronic component by a single ionising particle causes upset to more than one bit in the same word Note 1 to entry: The definition of MBU has been u
49、pdated due to the introduction of the definition of MCU. SOURCE: IEC 62396-1:2012, 3.36 3.12 multiple cell upset MCU the energy deposited in the silicon of an electronic component by a single ionising particle induces several bits in an integrated circuit (IC) to upset at one time SOURCE: IEC 62396-1:2012, 3.37 3.13 no fault found NFF reported outcome of diagnostic testing on a piece of equipment Note 1 to entry: Following receipt of an error or f
