This plan has been prepared as the basis for AAA Corp’s Reliability/Components Program to be followed during the development phase for the Radio Systems on the Million Hour MTBF RSUAV. This program plan establishes the requirements of the reliability/ components program, and describes how the required program elements will be accomplished. This program plan will assure Reliability/Components Engineering’s involvement throughout all relevant aspects of the development phase of the program. It will serve as a guideline and checklist for both Designers and Reliability/Components Engineers in their work and as a basis for program progress reviews and gate design reviews.
2.0 REFERENCED DOCUMENTS
The following documents of the issue shown are to be used for reference in the performance of the Reliability/Components Program, and as defined in this plan. MIL-STD-1629 Procedures for Performing a Failure Mode, Effects and Criticality Analysis MIL-HDBK-217 Reliability Prediction of Electronic Equipment TR-NWT-000332 Reliability Prediction Procedure for Electronic Equipment/Bellcore SP900200—OOl Generic+ Radio, ERN 1600 System specification.
3.0 GENERAL REQUIREMENTS
The Generic Radio System being developed under the System Specification consists of two replaceable units:
REPLACEABLE UNITS AAA CORP: 1) Radio Unit (RU) SD—SSSSSSOO1 2) Digital Signal Processing Unit (DSPU) SD—SSSSSSOO2
The requirements for the reliability/components program are stated in the Generic System Specification. Implementation of this plan is the responsibility of the Reliability/Components Engineering of System Verification and Development Department of AAA Corp.
4.0 MANAGEMENT OF RELIABILITY PROGRAM
The primary aim of this program is to consider all factors that could contribute to the attainment of the specified reliability of the product and components of the Generic Radio System. This Reliability program is established to comply with the Generic+ System Specification. The program will ensure the maximization of reliability within the cost and schedule constraints.
Reliability Program Schedule; The Reliability/Components Program plan requirements will be applied to the Generic+ Radio System throughout the development phases of the program as applicable. The significant events and milestones of the Reliability Program will form a part of the Program Milestones.
Reliability Program Organization; The program organization for the Generic Radio System shall be set up utilizing team effort, and the reporting lines shall be established as to optimize channels of communication. The Program Manager of Generic+ Radio System is responsible for managing the overall the Reliability/Components Program.
Management and Control of Reliability; During the design and development phases of the Generic Radio System, the Reliability and Component Engineers responsibilities are assuring that the required reliability and components standards are incorporated as part of the equipment design. The Reliability and Component engineer is a specialist fully familiar with the latest techniques for the management and control of reliability and components standard. This knowledge will be applied by working closely with the designers on the Generic Radio System. During the design and development phases he performs detailed Reliability Prediction Analysis, and Failure Mode Effect Analysis (FMEA). He also prepares Reliability Test Demonstration Procedures, monitors Failure Analyses, verifies and approves New Part Number requests, controls and maintains the components database by using the Part Number Request (PNR), Purchased Components Change Request (PCCR) and Non Conforming Material Authorization (NCMA) processes. During the qualification, reliability and operational evaluation test phases, the Reliability/Components Engineer monitors the failures and failure analyses in order to establish the reliability trends, and initiates investigations and corrective actions when deemed necessary.
5.0 RELIABILITY / COMPONENTS PROGRAM ELEMENTS (REL-COMP)
The following paragraphs outline the Rel-Comp effort to be implemented on the Generic Radio System during the design and development.
5.1 Program reviews
In order to summarize the Rel-Comp program activities and to keep both the Generic Program Manager and Group Leaders fully aware of the progress of the Rel-Comp Program, the Reliability and Components Engineers will be a part of Program Progress Reviews. The Program Progress Reviews will address the progress of the Reliability/Components Program and will address solutions to more difficult problems as they arise.
5.2 Gate Design Reviews
In order to help the designers identify the difficulties which are related to the reliability of the components in their designs during the design stages, the Reliability and Components Engineers will be members of Gate Design Reviews (Intermediate and Critical). Prior to Gate Design Reviews, he will verify with the designer the status of all components (custom, FOU, single source etc.) by using the related Bill of Material and results of the Reliability Analysis (MTBF, FMEA, and stressed components).
6.0 Parts Reliability
6.1 Screening of Bill of Material
Reliability and Components Engineering will screen the Bill of Material in order to ensure that the requirements of development and purchasing selection policies are complied with. The Bill of Material will be screened to ensure that as far as possible parts with known history are specified, and they can be procured from multiple sources, and company approved vendors. Equivalent lower failure rate parts, if possible, will replace parts that have demonstrated high failure rates on other program, if not, the part will be identified and brought to the attention of the Reliability and Components Engineers. Any new components not previously used will be evaluated for suitability for the application and environment. Any new vendors or manufacturers will be investigated, and if deemed necessary a design of experiments (DOE) test will be conducted to insure the component does not introduce detrimental variance in the design’s ability to meet specified performance. Refer to the Design of Experiments Section of this website for further info on DOE methodology.
6.2 Standardization of Components
In order to standardize the use of components Reliability and Components Engineering will prepare a Preferred Parts List (PPL) that could help designers select the right components for common use.
6.3 Sole Source Components
The designer must justify to Component Engineering the reason for the utilization of components that are sole or single sourced and provide a convincing argument why this should be disallowed.
6.4 Part Number Request (PNR)
In order to use new components that are not on the Approved Vendor List (AVL) designers must fill out a Part Number Request form.
Components and Reliability Engineering will verify through acceptable Program of Record Manufacturing tests performed on at least 100 pcba’s, with the components installed, to a P=0.05 with 80% confidence.
6.5 Purchased Component Change Request (PCCR)
In order to solve the problems that are related to the suppliers of components, the quality of the parts, and the performance of the devices, the requester (Designers, Buyers, or Manufacturing Engineer) must fill the Purchased Components Change Request forms. Components and Reliability Engineering will verify, evaluate, and search for a solution to the problem and update the components database accordingly.
6.6 Purchase Part Drawing (PPD)
In order to better control single sources and custom made components, the designer must prepare a Purchase Part Drawing (PPD). Components and Reliability Engineering will coordinate the review and approval of PPD’s with the responsible engineer and other reviewing organizations such as (Documentation Control, Purchasing, Quality Assurance, and Manufacturing) to insure a timely turn around in Development—manufacturing cycle.
6.7 Non Conforming Material Authorization (NCMA)
In order to solve a lead time problem which may affect the shipment of products, the Components/Reliability Engineer will use his judgment to verify, evaluate and if possible approve a part which does not conform to the existing specification by using the Non Conforming Material Authorization (NCMA). The change is temporary by limiting the quantity and/or assigning an expiration date and must not affect the components database. The NCMA must also have the signature approval of the responsible Engineering Manager, Quality Assurance Manager and the Manufacturing Manager
6.8 Electronic Parts De-rating
To ensure that low part failure rates will be achieved in operational use, and subsequently the specified equipment reliability will be realized, the electrical stresses of all passive components, semiconductor devices and the worst case thermal stress temperature of integrated circuits and other components must not exceed the limit of 50 % and 60 C respectively.
6.9 Monitoring the Use of De-rating Guidelines
It will be the responsibility of the Reliability/Components engineer to monitor compliance with the established parts de-rating requirements. This task is to be accomplished as part of the part stress analysis when the applied electrical and thermal stresses will be calculated. Any passive component, semiconductor device or integrated cirucit found to be operating at a higher stress level than 50% and 60°C respectively, will be brought to the attention of the responsible designer via a request for corrective action. Parts that are found to be marginally above de-rating limits, where corrective action is difficult to apply, will be raised as action items during the Design reviews to determine if they can be accepted as is.
6.10 Measurement of Applied Stresses
Upon availability of the development hardware, all modules of the Generic Radio System, to include; software, thermal and the electrical measurements of the critical areas, will be done. The measured values will be compared to the requirements of the parts de-rating criteria, and will be used in the part stress analysis as well as compared with the calculated electrical and thermal stresses. All relevant data concerning the measured stresses will be adequately recorded and kept on file for reference.
7.5 Reliability Analysis
7.5.1 Reliability Modeling
A Reliability Block Diagram (RBD) based on the modules/units functions will be developed and maintained in accordance with the Generic Radio System’s Specifications. The model developed will represent the Mean-Time-Between-Critical Failures (MTBCF) reliability model for the Generic Radio system.
7.5.2 Hardware Reliability Predictions
The reliability predictions for the Generic Radio System will be performed in accordance with the requirements of the Bellcore TR-NWT-000332 document and as detailed in the following sub paragraphs. The results of the prediction will be distributed to the designers and development management for comparison with the target and to perform any corrective action necessary.
184.108.40.206 Parts Failure rates
The part failure rates to be used for reliability analysis and the MTBF predictions will be based on the failure rates published in Bellcore TR—NWT—000332 Document, for Ground Benign environment and the factors for the calculate are the calculated and/or measured stresses of components and specified ambient temperature
220.127.116.11 Calculation of electrical and thermal stresses
The maximum wattage dissipation of all components in the Generic Radio System will be calculated, and from that the worst case thermal conditions for the parts will be established. The electrical stresses of all passive components and semiconductor devices must calculated in order to perform the MTBF and MTBCF prediction.
18.104.22.168 Part Stress Analysis
A part stress analysis in accordance with the Bellcore TR-NWT-000332 document will be performed on the product modules. From the results of the part stress analysis a reliability prediction will be made for each module, each unit of the Generic Radio System. Design changes will be evaluated to determine their effect on previous analysis results, and if applicable the prediction will be updated
7.5.3 Software Reliability Prediction
Starting from the first, and prior to Beta software release , there will be a software prediction analysis. The method to predict the Reliability for the Generic+ Software is an AT&T method. The factor of 75% and 2 failures per year has been chosen as the confidence limit and as the target of failure intensity respectively. The results of the prediction will be distributed to the Software Group and Management on regularly basis in order to take early corrective action as necessary.
8.6 Failure Mode Effect and Analysis (FMEA)
8.6.1 Hardware FMEA
A hardware FMEA on the Generic Radio System will be conducted to the functional level. The analysis will be performed in accordance with MIL—STD-1629. The results of the hardware FMEA will be documented and used as reference for hardware troubleshooting for the company. The hardware FMEA will be updated if there is any major change in design.
8.6.2 Software FMEA
A software FMEA on the Generic Radio System will be conducted to the functional level. The analysis will be performed in accordance with MIL-STD-l629. The results of software FMEA will be documented and used as reference of software troubleshooting in any department of the company. The software FMEA will be updated if there is any major change in design.
9.7 Reliability Development/Growth Test A Reliability
Development/Growth Test (hardware and Software) shall be performed in accordance with the Duane Model during the design qualification test phase of the Generic Radio System.
The objective of the Reliability Development/Growth Test is to provide engineering information on the failure model and mechanisms under induced environmental conditions in order to provide assessment of the reliability of the equipment.
In addition Weibull analysis shall be performed on components or equipment identified to be a major contributor to process variation via the Reverse Arrangement Test, Six Sigma (SPC) analysis, or the Analysis of Variance (ANOVA) test. The information obtained during the test program will be applied in an iterative process of test, analyze, and then fix. This is for the purpose of enhancing the equipment reliability and achieving the reliability growth sufficient to meet or exceed that profiled by the Duane Model in affect. That is, the problems will be identified, analyzed, the failures corrected, and the effectiveness of corrective action verified by subsequent tests. This test program will provide the means of resolving the majority of the reliability problems in the development phase prior to start of production.
9.8 Failure Reporting Analyses and Corrective Action System (FRACAS)
During the Reliability Development/Growth Test, if a failure occurs, a FRACAS report will be filled out. Each failure will be analyzed to identify the failure mechanism and the cause of failure. The corrective action taken to prevent or to significantly reduce the frequency of occurrence will be documented. Based on the analysis of the failure reports, any failure trends will be determined and appropriate corrective action initiated. An appropriate failure reporting system, such as one based on the Closed Loop FRACAS method, will be used to assure that effective corrective actions are accomplished on a timely basis to reduce or prevent the repetition of failures such as can-not-duplicates and other avoidable failures. To facilitate this a software based Reliability tool such as Relex Enterprise or the like will be used.
RELIABILITY DEVELOPMENT/GROWTH TEST PLAN FOR THE GENERIC DIGITAL RADIO SYSTEM
AAA ENGINEERING SERVICES SPECIFICATION NO.:
SPX00X00—OO1, ERN XXXX
Prepared by: ___________ ____________
Approved by: ___________________________
System Verification Manager
Approved by: __________________________
Research & Development V.P.
APPENDIX B MONITORING PROCEDURE
This document has been prepared by the company to define the Reliability Development/Growth Test Plan to be followed during the reliability test program for the Generic Radio System. This plan describes the required testing to be conducted during the qualification phase of the program, and delineates the requirements for facilities, data, and personnel.
The objective of the Reliability Development/Growth test Plan is to provide engineering information on the failure model and mechanisms under induced environmental conditions in order to provide assessment of the reliability of the equipment. The information obtained during the test program will be applied in an iterative process of test, analyze, and then fix for the purpose of enhancing the equipment’s reliability. The problems will be identified, analyzed, and the failures corrected. The effectiveness of corrective action will be verified by subsequent testing. This test program will provide the means of resolving the majority of the reliability problems in the development phase prior to the start of production.
15.0 APPLICABLE DOCUMENTS
The following documents of the issue shown are to the used for reference in the performance of the RDGT program, and as defined in this plan.
MIL-STD-78lD Reliability Testing for Engineering Development, Qualification, and Product ion
MIL-HDBK-78l Reliability Test Methods, Plans, and Environments for Engineering Development, Qualification, and Production.
ETS 300 019-l-3&4 Equipment Engineering; Environmental Conditions and Environmental Tests for Telecommunication Equipment /ETSI
SPX00X00—OO1 Generic Radio,
ERN XXXX System specification.
16.0 RELIABILITY DEVELOPMENT/GROWTH TEST PROGRAM REQUIREMENTS
The requirements for the RDGT Program are stated in MIL-STD7810, paragraph 4.0, and provide a basis for resolving the majority of the reliability problems in the development phase, and include corrective action to preclude the recurrence prior to start of production of most of the causes of red star variance such as seen in the epic Samsung Galaxy 7 exploding battery product failure. The details of the test program are to be conducted in accordance with MIL-HDBK-781, paragraph 5.3 and as specified herein. In accordance with the requirements of MIL—STD-781D the main purpose of the RDGT is to design out failure causes. This process involves time to detect and analyze failures, as well as redesign to eliminate failure causes. The RDGT program has to be planned as a fixed length test of sufficient duration to permit the detection of weaknesses in the equipment’s design. In the case of the Generic Radio, a total accumulated operating (power-on) time of 4000 hours is the minimum requirement. In order to complete the RDGT program in a reasonable time, three Generic Radio Systems will be subjected to test simultaneously. Thus the elapsed test time will be approximately 1333 hours of on time for each unit under test. The equipment under test will be subjected to sinusoidal vibration with power OFF before starting the thermal cycling. The thermal and vibration conditions are detailed in section 6 of this plan.
17.0 TEST UNIT
The RDGT program detailed herein will be conducted on three Generic+ Radio Systems comprised of the following unit replaceable assemblies:
UNIT NAME -AAA CORP- Part Number:
Signal Processing Unit (SPU) SD-XXXXXX—001 Radio Unit SD—XXXXXX—002 The equipment used for the RDGT will consist of pre-qualification test units, build to production standards subject to the same quality assurance provisions as production equipment.
18.0 PRELIMINARY TEST
Prior to commencement of the RDGT, the Generic Radio units will have to have undergone the following preliminary tests.
Functional acceptance test per the Acceptance Test Procedure (ATP) of the Generic Radio’s Test Procedures
Thermal survey; The Generic Radio Systems will be subjected to a thermal survey to establish the components with greatest thermal inertia, and the time temperature relationship between the components and the chamber ambient. From this thermal survey, the final thermal cycle profile to be used during the RDGT will be established.
Temperature will be considered to be stabilized when the part with the longest thermal lag reaches a temperature within 3 degrees Celsius of that attained by that component when operating at the specified chamber temperature. The thermal survey is to be conducted in the chamber to be used for the RDGT with the equipment mounted on the actual fixtures used for the test.
19.0 TEST CONDITION
19.1 Vibration stress:
Following the preliminary tests, the three Generic Radio Systems will be subjected to a vibration stress, consisting of a single—frequency sine—wave vibration at 0.5 Gravitational acceleration units peak (g’s pk) at a non-resonant frequency between 9 Hz and 200 Hz for a period of 20 minutes with power OFF as per ETS 300 019-1-3 class 3.3. When the test is completed an ATP will be performed in order to verify any degradation in the equipment.
19.2 Thermal stress:
Following the vibration test, three Generic+ Radio Systems will be subjected to temperature cycling under the test conditions outlined below. The temperature cycling will continue until a total of 4000 hours of equipment on—time has been accumulated for three Generic+ Radio systems, with a minimum of 1100 operating hours per system.
19.3 Test Environment Low temperature:
-10 C +1- 3 C High temperature: +60 C +/- 3 C Temperature change: > 5C/minute Temperature cycling: as defined in Fig. 1 TBD Equipment On/Off cycling as defined in Fig. 1 TBD Minimum input voltage DC: +/-19.5 V Maximum input voltage DC: +/-60.0 V
19.4 Equipment Operation:
The units under test will be mounted on the test fixtures in a manner to simulate the real mounting means. The units will be operated for 20 hours out of 24, thus 1 cycle will be completed in 24 hours. During the power-on time all units in RDGT will be operated in the test mode. Twice every 24 hours the units will be tested to verify their operational status by performing tests in accordance with selected paragraphs out of Acceptance Test Procedure (ATP). (The selected paragraph numbers will be established prior to start the RDGT). The ATP paragraphs selected will verify the operation of the Signal Processing Units and Radio Units, as well as the operation of the software. The operational test will be conducted once at the beginning of the heating cycle, while the temperature is still cold, and the second time near the end of the hot cycle. Once every 7 days, a complete ATP will be performed on each unit and the data recorded as part of the test record. The results of the weekly ATP will be compared to the readings obtained during the ATP at the start of the RDGT, which will be used as the reference to determine any performance degradations. The details of test equipment set-up and parameters to be measured are specified in Appendix B.
20.0 TEST SCHEDULE The RDGT is scheduled to begin in March 2017, and is expected to go on for 3 months, i.e. to June 2017. The progress of the test will be monitored daily by the reliability technician assigned to the program. The mile stone dates of the schedule are outlined below:
21.0 TEST GROUND RULES
21.0 Failure occurrences;
In case of failure of any one of the units under test; the failed unit will be removed from the test chamber when the thermal cycle is near room ambient, the testing of the remaining units will continue. The failure cause will be identified, analyzed, the corrective action implemented, and the unit returned to the RDGT during the time the chamber is near room ambient temperature
21.1 Corrective action;
Corrective action will be taken to prevent the recurrence of the failures when the cause can be identified as being due to a design deficiency. When the cause is not so identified and no corrective action is taken, except for the repair in case of a hard failure, such a decision will be justified by Reliability and Components engineering. All corrective actions will be verified during subsequent testing.
21.2 Failure classification;
All failures occurring during the RDGT will be classified and reported as either relevant or non—relevant. Only those failures classified as relevant will be used for the reliability growth assessment.
21.3 Relevant failure;
All failures will be considered relevant, unless determined to have been caused by a condition external to the equipment under test which is not part of the test requirement. In case of intermittent operation, the second and subsequent occurrences will be considered relevant
21.4 Non-relevant failure;
The non-relevant failures will not be used for the reliability growth assessment, but they will still be recorded and investigated.
The following will be considered a non-relevant failure:
A) Improper test installation causing a failure in the equipment under test.
B) Test instrumentation or monitoring equipment failures.
C) Test operator errors in setting up or testing the equipment.
D) Test procedure errors resulting in a failed observation.
E) Intermittent operation, the first occurrence only will be considered non—relevant.
F) Failures that result from troubleshooting or repair verification if the failure occurs during repair and verification.
22.0 RELIABILITY GROWTH ASSESSMENT
The reliability of the equipment under test will be monitored throughout the test by graphic plots of reliability on basis of cumulative test time and the Duane Reliability Test model. The reliability will be assessed in terms of the following three criteria.
22.1 Achieved reliability;
The achieved reliability will be expressed as a point estimate using cumulative reliability versus the cumulative test time. This presentation will not be adjusted by deletion of past failures because of corrective action taken.
22.2 Adjusted reliability;
The adjusted reliability will be presented as a second plot of reliability where those failures are discounted for which acceptable corrective action has resolved a deficiency.
22.3 Moving average;
The reliability growth will also be assessed in terms of moving average by using accumulated test times between failures in chronological order of occurrence. The moving average for any specific number of failures will be computed as the arithmetic mean of the failure times selected sequentially and in reserve order.
23.0 DATA REQUIREMENTS
23.1 Test Log;
The test log will be a complete record of all test activities for the equipment and chambers used in the test. An entry in the Test Log will be made each time a test is performed on the equipment under test when any failure is encountered, either in the equipment under test, or on test/monitoring equipment, also when the chamber becomes disabled or any interruption of testing occurs. For every log entry the date, time, chamber Elapsed Time Indicator (ETI) will be recorded, along with a brief statement of the event. The Test Log form to be used is as shown in Appendix
Any failures will be formally recorded on the Failure Report, as shown in Appendix A. The Failure Reporting, Analysis and Corrective Action System (FRACAS) will be monitored, and will be a closed loop system. Each failure will be analyzed to identify the failure mechanisms and the cause of failure. The corrective action taken to prevent or to significantly reduce the frequency of occurrence will be documented.
23.3 RDGT report;
The results of the completed RDGT will be documented in the RDGT report along with the final reliability growth assessment and an evaluation of the tests. Reliability/Components Engineering will prepare the report.
24.0 TEST FACILITY
The RDGT will be conducted at the XYZ Corp DDO Burn- in test facility using the temperature test chamber that is equipped with the necessary controls to enable the performance of the required tests. All test equipment employed will be calibrated in accordance with the valid procedures.
25.0 ORGANIZATION & RESPONSIBILITY
A test technician from System and Verification Group will perform the daily monitoring and testing during the RDGT. The responsibility for the test program lies with the Reliability Engineer. He or She will be supervising the testing, analyzing failure occurrences, initiating and following up on corrective action, and assessing the reliability growth.
26.0 APPENDIX A
27.0 TEST RECORD DATA SHEETS
APPENDIX B MONITORING PROCEDURE