| 4.5.7-21-1 Ensure reliability and failure mode analyses are performed to prove that failure modes of the interface and their probabilities are well understood |
Phase B |
Phase C |
Phase D1 |
|
Ensure evaluation of potential propagating failures. Permanent effects from Single Event Effects (SEE) analysis such as latchup should also be included in the failure mode analysis. Ensure assessment of all credible failure modes that could create a thermally hazardous condition. Scenarios include (but are not limited to) heaters failed on, heaters failed off, thermal runaway (e.g., of batteries), etc. Such failures may cause design and/or material temperature limits to be exceeded, resulting in material decomposition or outgassing at hot temperatures, thermal runaway of batteries, over-pressure conditions of pressurized vessels, material embrittlement at cold temperatures, etc.
|
NA
|
NA
|
TOR-2014-02199, Guidelines for Hosted Payload Integration
|
| 4.5.7-21-2 Ensure that interfaces are protected from potential propagating failures that could result in over-stress |
Phase B |
Phase C |
Phase D1 |
|
Ensure fault protection is in place for Host and Hosted Payload interfaces.
|
NA
|
NA
|
TOR-2014-02199, Guidelines for Hosted Payload Integration
|
| 4.5.7-21-3 Ensure Hosted Payload DC/DC converters that convert the Host bus voltage to the secondary voltages needed for its electronics have output over-voltage and current-limiting protection for mitigating potential fault propagating failures back to the Host Vehicle |
Phase B |
Phase C |
Phase D1 |
|
Ensure adequate test planning for all cases/conditions of potential over-voltage and current-limiting conditions. Ensure test planning and test plans account for all payloads.
|
NA
|
NA
|
TOR-2014-02199, Guidelines for Hosted Payload Integration
|
| 4.5.7-21-4 Ensure analysis of subtle failure mechanisms such as breakdown of body diodes in MOSFETs on Host Vehicle |
Phase B |
Phase C |
Phase D1 |
|
These have resulted in unexpected "sneak paths".
|
NA
|
NA
|
TOR-2014-02199, Guidelines for Hosted Payload Integration
|
| 4.5.7-21-5 Ensure that fail-safe/redundant configurations are used for critical functions on the Host Vehicle and Hosted Payload |
Phase B |
Phase C |
Phase D1 |
|
Ensure all critical functions are considered, examples are premature ordnance initiation and failed-on heaters.
|
NA
|
NA
|
TOR-2014-02199, Guidelines for Hosted Payload Integration
|
| 4.5.7-21-6 Ensure that prime and redundant cross-straps (e.g., telemetry and command, mission data, etc.) are isolated and buffered to prevent an interface failure |
Phase B |
Phase C |
Phase D1 |
|
Hardwire cross-straps of prime and redundancy signals are always potential SPFs.
|
NA
|
NA
|
TOR-2014-02199, Guidelines for Hosted Payload Integration
|
| 4.5.7-21-7 Ensure that unintended commands from the Host Vehicle are addressed |
Phase B |
Phase C |
Phase D1 |
|
If timely re-designs cannot be completed, unintended commands can be disabled with series relays to prevent uncontrolled commanding.
|
NA
|
NA
|
TOR-2014-02199, Guidelines for Hosted Payload Integration
|