5.5.3                 Single event effects

5.5.3.1              General single event

a.              It shall be demonstrated that the equipment reliability requirements include the potential for large uncertainties in predicting SEE.

NOTE 1      For a rationale, see clause 5.1.3.

NOTE 2      It is common practice in SEE evaluation to use worst-case environmental assumptions and perform worst-case analysis of system impacts. As indicated in clause 5.2, when such worst-case analysis is performed, additional margins are not applied.

NOTE 3      Prediction errors of a factor 10 are possible in some circumstances.

b.              Where the SEE calculation is based on an environment prediction which includes the confidence level for the environment not being exceeded, the confidence level shall be reported along with the statement of the achieved RDM for SEEs.

NOTE              Some environmental models are statistical in nature, indicating the probability of conditions being exceeded. Such models are specified in ECSS-E-ST-10-04.

c.               Margin shall be guaranteed through application of the hardness assurance programme as specified in ECSS-Q-ST-60.

5.5.3.2              Destructive single event

a.              In the case of destructive single event effect, the acceptable probability of component failure by the SEE mechanism, and the calculated probability of failure used to determine the achieved RDM, shall relate to performance of the component for the environment over the specified period of operation, rather than simply the worst-case environment condition.

NOTE 1      Worst-case conditions can correspond or not to actual operating environment.

NOTE 2      In many cases it can be demonstrated that environment contributions from non-worst-case conditions are negligible compared with the worst-case environment.

b.              RDM analysis need not be performed for component destructive SEE if:

1.              the threshold energy (for protons or neutrons) or threshold LET (for ions) for destructive SEE is greater than that identified as the immunity threshold in the radiation hardness assurance programme, or

2.              the electrical operational conditions for a component have been derated to levels where the device is shown by testing not to suffer that particular SEE mechanism.