1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS ISO 23460:2011Space projects Programmemanagement Dependabilityassurance requirementsBS ISO 23460:2011 BRITISH STANDARDNational forewordThis British Standard is the UK implemen
2、tation of ISO 23460:2011. The UK participation in its preparation was entrusted to T e c h n i c a l Committee ACE/68/-/5, Space systems and operations - Programme management.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not p
3、urport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011 ISBN 978 0 580 57010 0 ICS 49.140 Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the
4、Standards Policy and Strategy Committee on 31 May 2011.Amendments issued since publicationDate T e x t a f f e c t e dBS ISO 23460:2011Reference numberISO 23460:2011(E)ISO 2011INTERNATIONAL STANDARD ISO23460First edition2011-03-01Space projects Programme management Dependability assurance requiremen
5、ts Projets spatiaux Management de programme Exigences dassurance de scurit de fonctionnement BS ISO 23460:2011ISO 23460:2011(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless t
6、he typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of
7、Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the
8、 unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, elec
9、tronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.
10、org Web www.iso.org Published in Switzerland ii ISO 2011 All rights reservedBS ISO 23460:2011ISO 23460:2011(E) ISO 2011 All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Normative references1 3 Terms and definitions .1 4 Policy and principles.2 4.1 Basic approach2 4.2 Tailor
11、ing .2 5 Dependability programme management.2 5.1 Organization.2 5.2 Dependability programme planning2 5.3 Dependability critical items3 5.4 Design reviews 3 5.5 Audits3 5.6 Use of previously designed, fabricated, qualified or flown items3 5.7 Subcontractor control.3 5.8 Progress reporting 4 5.9 Doc
12、umentation 4 6 Dependability risk reduction and control .4 6.1 General .4 6.2 Identification and classification of undesirable events.4 6.3 Assessment of failure scenarios .5 6.4 Criticality classification of functions and products.5 6.5 Actions and recommendations for risk reduction .5 6.6 Risk dec
13、isions .6 6.7 Verification of risk reduction6 6.8 Documentation 6 7 Dependability engineering .7 7.1 Integration of dependability in the project7 7.2 Dependability requirements in technical specification.7 7.3 Dependability design criteria .7 7.4 Involvement in test definition.9 8 Dependability anal
14、ysis9 8.1 Dependability analysis and the project life cycle 9 8.2 Dependability analytical methods .10 8.3 Classification of design characteristics in production documents .12 8.4 Critical items list13 9 Dependability testing, demonstration and data collection .13 9.1 Dependability testing and demon
15、stration.13 9.2 Dependability data collection and dependability growth14 10 Lessons learned activity.14 Annex A (informative) Relationship between dependability activities and programme phases15 Annex B (informative) Document requirement list (DRL) .17 Bibliography18 BS ISO 23460:2011ISO 23460:2011(
16、E) iv ISO 2011 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body int
17、erested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnic
18、al Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the
19、technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.
20、ISO shall not be held responsible for identifying any or all such patent rights. ISO 23460 was prepared by Technical Committee ISO/TC 20, Aircraft and space vehicles, Subcommittee SC 14, Space systems and operations. BS ISO 23460:2011ISO 23460:2011(E) ISO 2011 All rights reserved vIntroduction The o
21、bjective of dependability assurance is to ensure a successful mission by optimizing the system dependability within all competing technical, scheduling and financial constraints. Dependability assurance is a continuous and iterative process throughout the project life cycle, using quantitative and q
22、ualitative approaches, with the aim of ensuring conformance to reliability, availability and maintainability requirements. BS ISO 23460:2011BS ISO 23460:2011INTERNATIONAL STANDARD ISO 23460:2011(E) ISO 2011 All rights reserved 1Space projects Programme management Dependability assurance requirements
23、 1 Scope This International Standard presents the requirements for a dependability (reliability, availability and maintainability) assurance programme for space projects. It defines the dependability requirements for space products as well as for system functions implemented in software, and the int
24、eraction between hardware and software. The provisions of this International Standard apply to all programme phases. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated ref
25、erences, the latest edition of the referenced document (including any amendments) applies. ISO 17666, Space systems Risk management ISO 16192, Space systems Experience gained in space projects (Lessons learned) Principles and guidelines ISO 15865, Space systems Qualification assessment 3 Terms and d
26、efinitions For the purposes of this document, the following terms and definitions apply. 3.1 failure scenario conditions and sequence of events leading from the initial root cause to an end failure 3.2 risk quantitative measure of the magnitude of a potential loss and the probability of incurring th
27、at loss NOTE 1 In Clause 6, the term “risk” is as defined in ISO 17666. NOTE 2 In the context of this International Standard, “risk” is related to the potential loss or degradation of the required technical performance that affects the attainment of dependability objectives. 3.3 undesirable event ev
28、ent whose consequences are detrimental to the success of the mission ISO 10795:2011, definition 1.211 BS ISO 23460:2011ISO 23460:2011(E) 2 ISO 2011 All rights reserved3.4 tailoring process by which individual requirements of specifications, standards and related documents are evaluated and made appl
29、icable to a specific project by selection, and in some exceptional cases, modification of existing or addition of new requirements ISO 10795:2011, definition 1.206 4 Policy and principles 4.1 Basic approach To achieve the objectives of dependability, dependability assurance is implemented according
30、to a logical process. This process starts in the conceptual design phase at the highest level of the functional tree with a top-down definition of tasks and requirements to be implemented. Results achieved at all levels of the functional tree are controlled and used in a bottom-up approach so as to
31、consolidate dependability assurance of the product. This process includes the following types of activities: a) definition, organization and implementation of the dependability programme, as defined in Clause 5; b) dependability risk identification, reduction and control, as defined in Clause 6; c)
32、dependability engineering, as defined in Clause 7; d) dependability analyses, as defined in Clause 8; e) dependability testing, demonstration and data collection, as defined in Clause 9. 4.2 Tailoring When viewed from the perspective of a specific project context, the requirements defined in this In
33、ternational Standard should be tailored to match the genuine requirements of a particular profile and circumstances of a project. 5 Dependability programme management 5.1 Organization The contractor shall implement the dependability (reliability, availability and maintainability) assurance as an int
34、egral part of his product assurance discipline. 5.2 Dependability programme planning The contractor shall develop, maintain and implement a dependability plan for all programme phases that describes how compliance with the dependability programme requirements is demonstrated. The plan shall address
35、the applicable requirements of this International Standard. For each product, the extent to which dependability assurance is applied shall be adapted to the severity (as defined in 7.3.1) of the consequences of failures at system level. For this purpose, products shall be classified into appropriate
36、 categories that are defined in accordance with the risk policy of the project. BS ISO 23460:2011ISO 23460:2011(E) ISO 2011 All rights reserved 35.3 Dependability critical items Dependability critical items are identified by dependability analyses performed to support the risk reduction and control
37、process performed on the project. The criteria for identifying dependability critical items are given in 6.4. Dependability critical items shall be subject to risk assessment and critical items control. The control measures shall include: a) a review of all design, manufacturing and test documentati
38、on related to critical functions, critical items and procedures, to ensure that appropriate measures are taken to control the item having a bearing on its criticality; b) dependability participation on nonconformance review boards (NRB), failure review boards, configuration control boards and test r
39、eview boards (TRB), and the approval process for waivers and deviations, to ensure that dependability critical items are disposed with due regard to their criticality. The dependability aspects shall be considered within the entire verification process for dependability critical items until close ou
40、t. 5.4 Design reviews The contractor should establish and conduct a formal programme of scheduled and documented design reviews using ISO 21349 as a guide. The contractor shall ensure that all dependability data for a design review is complete to a level of detail consistent with the objectives of t
41、he review and are presented to the customer in accordance with the project review schedule. The contractor shall ensure that dependability aspects are duly considered in all design reviews. All dependability data submitted shall clearly indicate the design baseline upon which it is based and shall b
42、e coherent with all other supporting technical documentation. All design changes shall be assessed for their impact on dependability and a reassessment of the dependability shall be performed on the modified design where necessary. 5.5 Audits The audits shall include the dependability activities to
43、verify conformance to the project dependability plan and requirements. 5.6 Use of previously designed, fabricated, qualified or flown items Where the contractor proposes to take advantage of previously designed, manufactured, qualified or flown elements in his system, he shall demonstrate that the p
44、roposed elements do conform to the dependability assurance requirements of the design specification. Nonconformance to dependability assurance requirements shall be identified and the rationale for retention of unresolved nonconformance shall be provided by a waiver request. 5.7 Subcontractor contro
45、l The contractor shall be responsible for ensuring that products obtained from subcontractors meet the dependability requirements specified for the overall system. BS ISO 23460:2011ISO 23460:2011(E) 4 ISO 2011 All rights reserved5.8 Progress reporting The contractor shall report dependability progre
46、ss to the customer as part of product assurance. 5.9 Documentation The contractor shall maintain all data used for the dependability programme. The file shall contain the following as a minimum: a) dependability analyses, lists, reports and input data; b) dependability recommendation status log. In
47、accordance with the business agreement, the customer shall have access to project dependability data upon request. 6 Dependability risk reduction and control 6.1 General As part of the risk management process implemented on the project (in accordance with ISO 17666), the contractor shall analyse, re
48、duce and control all dependability risks that lead to the nonconformance of dependability requirements, i.e. all risks of degradation or loss of technical performance required for the product. Dependability risk analysis reduction and control shall include the following steps: a) identification and
49、classification of undesirable events according to the severity of their consequences; b) analysis of failure scenarios, determination of related failure modes, failure origins or causes; c) classification of functions and associated products into criticality categories, allowing definition of appropriate tailoring of risk reduction efforts in relation to their criticality; d) definition of actions and recommendations for detailed risk assessment, risk elimination, or risk reduction and control to an acceptable level; e)