IEC TR 62396-7:2017
(Main)Process management for avionics - Atmospheric radiation effects - Part 7: Management of single event effects (SEE) analysis process in avionics design
Process management for avionics - Atmospheric radiation effects - Part 7: Management of single event effects (SEE) analysis process in avionics design
IEC TR 62396-7:2017 is a technical report which describes a process to account for the effects of atmospheric radiation on electronic equipment. Single event effects (SEE) due to atmospheric radiation are one class of possible failure mechanisms that are addressed in the safety and reliability analyses of electronic equipment and associated functions. This document focuses on electronic components, electronic equipment and associated electronic functions. System level analysis is not addressed in this document. This document is intended to describe an approach to accounting for SEE in electronic equipment design, design review, and it can provide aid in the aerospace certification process.
General Information
Standards Content (sample)
IEC TR 62396-7
Edition 1.0 2017-07
TECHNICAL
REPORT
Process management for avionics – Atmospheric radiation effects –
Part 7: Management of single event effects (SEE) analysis process in avionics
design
IEC TR 62396-7:2017-07(en)
---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2017 IEC, Geneva, Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.---------------------- Page: 2 ----------------------
IEC TR 62396-7
Edition 1.0 2017-07
TECHNICAL
REPORT
Process management for avionics – Atmospheric radiation effects –
Part 7: Management of single event effects (SEE) analysis process in avionics
design
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 03.100.50; 31.020; 49.060 ISBN 978-2-8322-4456-2
Warning! Make sure that you obtained this publication from an authorized distributor.
® Registered trademark of the International Electrotechnical Commission---------------------- Page: 3 ----------------------
– 2 – IEC TR 62396-7:2017 © IEC 2017
CONTENTS
FOREWORD ........................................................................................................................... 3
1 Scope .............................................................................................................................. 5
2 Normative references ...................................................................................................... 5
3 Terms, definitions and abbreviated terms ........................................................................ 6
3.1 Terms and definitions .............................................................................................. 6
3.2 Abbreviated terms ................................................................................................... 6
4 Radiation analysis process .............................................................................................. 7
4.1 General ................................................................................................................... 7
4.2 Determine inputs to SEE analysis ........................................................................... 8
4.3 Assess electronic component SEE sensitivity .......................................................... 9
4.4 Identify and account for mitigations and electronic equipment effects ................... 10
4.5 Calculate SEE rates and analyse risk .................................................................... 11
4.6 Perform radiation tests .......................................................................................... 12
4.7 Design change ...................................................................................................... 12
4.8 Radiation report .................................................................................................... 13
4.9 SEE impact analysis ............................................................................................. 13
4.10 On-going component management ........................................................................ 14
Annex A (informative) Detailed radiation analysis process ................................................... 15
Annex B (informative) Radiation effects evaluation table of electronic component ................ 16
Bibliography .......................................................................................................................... 18
Figure 1 – Radiation analysis process overview ...................................................................... 8
Figure A.1 – Detailed radiation analysis process flowchart .................................................... 15
Table B.1 – Template for radiation effects evaluation table of electronic component ............. 17
---------------------- Page: 4 ----------------------IEC TR 62396-7:2017 © IEC 2017 – 3 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
PROCESS MANAGEMENT FOR AVIONICS –
ATMOSPHERIC RADIATION EFFECTS –
Part 7: Management of single event effects (SEE)
analysis process in avionics design
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".IEC TR 62396-7, which is a technical report, has been prepared by IEC technical committee
107: Process management for avionics.---------------------- Page: 5 ----------------------
– 4 – IEC TR 62396-7:2017 © IEC 2017
The text of this technical report is based on the following documents:
Enquiry draft Report on voting
107/300/DTR 107/304/RVDTR
Full information on the voting for the approval of this technical report can be found in the
report on voting indicated in the above table.This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
A list of all the parts in the IEC 62396 series, published under the general title Process
management for avionics – Atmospheric radiation effects, can be found on the IEC website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correctunderstanding of its contents. Users should therefore print this document using a
colour printer.---------------------- Page: 6 ----------------------
IEC TR 62396-7:2017 © IEC 2017 – 5 –
PROCESS MANAGEMENT FOR AVIONICS –
ATMOSPHERIC RADIATION EFFECTS –
Part 7: Management of single event effects (SEE)
analysis process in avionics design
1 Scope
This part of IEC 62396, which is a technical report, describes a process to account for the
effects of atmospheric radiation on electronic equipment. Single event effects (SEE) due to
atmospheric radiation are one class of possible failure mechanisms that are addressed in the
safety and reliability analyses of electronic equipment and associated functions.
This document focuses on electronic components, electronic equipment and associated
electronic functions. System level analysis is not addressed in this document.This document is intended to describe an approach to accounting for SEE in electronic
equipment design, design review, and it can provide aid in the aerospace certification
process. This document establishes an example process for assessing electronic components
in the atmospheric radiation environment, evaluating for mitigations/protections/utilizations,
and addressing the electronic equipment impacts of the SEE. The process is intended to
support an SEE analysis for electronic equipment.It does not describe, in detail, methods used to mitigate the effects of SEE in the electronic
equipment design.NOTE 1 IEC 62396-3 provides further details for this process.
NOTE 2 IEC 62396-2 provides further details for SEE testing.
This document, by itself, is not a program requirements document, i.e. it does not contain the
word “shall.” However it describes a process that can be used, for example, at the discretion
and agreement of the users, to aid in the preparation and the maintenance of an electronic
components management plan (see [1] and [7]). The output of the process described in this
document provides data as an input into the product safety and reliability analyses.
Although developed for the avionics industry, this document can be used by other industrial
sectors at their discretion.2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.IEC 62396-1:2016, Process management for avionics – Atmospheric radiation effects –
Part 1: Accommodation of atmospheric radiation effects via single event effects within
avionics electronic equipment_____________
Numbers in square brackets refer to the Bibliography.
---------------------- Page: 7 ----------------------
– 6 – IEC TR 62396-7:2017 © IEC 2017
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 62396-1 apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
NOTE For the purposes of the document, the term “device” can be used in place of “electronic component”.
3.2 Abbreviated termsBIT built-in test
BoM bill of material
COTS commercial off the shelf
CRC cyclic redundancy check
E Energy
ECC error correction code
EDAC error detection and correction
FoM figure of merit
FPGA field-programmable gate array
IEEE Institute of Electrical and Electronics Engineers
I/O input/output
JEDEC JEDEC Solid State Technology Association
JESD JEDEC standard
L1/L2 level 1 / level 2 (related to microprocessor cache memories, "level 1" cache
memory being usually built onto the microprocessor chip itself, “level 2” cachememory being usually on a separate chip or expansion card)
MBU multiple bit upset (in the same word)
MCU multiple cell upset
MTBF mean time between failure
P/SSA preliminary/system safety assessment
RAM random access memory
SDRAM synchronous dynamic random access memory
SEB single event burnout
SEE single event effect
SEFI single event functional interrupt
SEL single event latch-up
SET single event transient
SEU single event upset
SSA system safety assessment
TLB translation lookaside buffer
µP microprocessor
---------------------- Page: 8 ----------------------
IEC TR 62396-7:2017 © IEC 2017 – 7 –
4 Radiation analysis process
4.1 General
Electronic components and integrated circuits have become increasingly susceptible to
atmospheric radiation causing SEE. These phenomena are the result of interaction of high
energy cosmic rays with silicon-based components. The resulting single event effects may
cause various conditions; such as data corruption. Additional types of undesirable effects may
include:• damage to hardware;
• corrupted software residing in volatile memory;
• corrupted data in memory;
• microprocessor halts and interrupts;
• writing over critical data tables;
• unplanned events.
The industry trend is for continued decreases in electronic component feature size and
operating voltages, while the number of gates on a given device continues to increase, which
entails focusing attention on the radiation effects. As this trend continues to deep sub-micron
feature sizes, electronic component designs are achieving higher densities and lower
voltages, resulting in smaller active charge regions. In general, for decreasing feature size of
silicon based cells, the expected critical charge decreases and the sensitivity to radiation may
increase.The radiation effects analysis example process described in this document assesses the
radiation effects susceptibility of the electronic components and the effects at the electronic
equipment level. This includes radiation effects assessment of the electronic components,
mitigation analysis, and test of electronic components and electronic equipment if needed.
This information may be utilized as input to a safety and reliability assessment of the
electronic equipment.An overview of the radiation analysis process is provided as example. The remainder of the
document provides one way to perform a radiation analysis with 4.2 to 4.10 providing further
details based on the radiation process shown in Figure 1.---------------------- Page: 9 ----------------------
– 8 – IEC TR 62396-7:2017 © IEC 2017
START
Determine inputs to SEE
analysis
• Operational mission
• Neutron flux
• Bill of material
• Equipment architecture and
design (4.2)
Assess electronic Identify and account for
component SEE mitigations and
sensitivity equipment effects
(4.3) (4.4)
Perform radiation
Calculate SEE rates
tests
(4.5)
(4.6)
Test
Radiation report
(4.8)
Testing
Design change
No Yes
Change design
or design
Acceptable risk?
(4.7)
change?
(4.5)
(4.5)
SEE impact
analysis
(4.9)
END
IEC
Figure 1 – Radiation analysis process overview
The process starts with the operational mission and data definition (e.g. atmospheric radiation
environment, BoM…), and ends with a summary of the SEE effects data to be utilized as input
for safety and reliability assessments. An atmospheric radiation analysis plan may be included
in the planning for a new program. This analysis may be appropriate for new electronic
equipment development, electronic equipment upgrades, and electronic componentreplacement programs.
Annex A provides, for information, a detailed radiation analysis process flowchart. This
diagram expands on the steps defined in Figure 1. Additional detailed descriptions of the
electronic component assessment, evaluation, electronic equipment impact analysis, and on-
going electronic component management steps are provided,4.2 Determine inputs to SEE analysis
Inputs to the SEE analysis may include various electronic equipment and operational mission
definition, and detailed electronic equipment design information.The atmospheric radiation definition may include the environment in which the electronic
equipment operates and the flux densities under consideration based on operational missions.
In the absence of such definition, the default levels of IEC 62396-1 are recommended.
The equipment design information may include the electronic equipment bill of materials
(BoM), schematics and electronic equipment design material. In addition, existing and
available SEE rates for known susceptible electronic components may be included.---------------------- Page: 10 ----------------------
IEC TR 62396-7:2017 © IEC 2017 – 9 –
4.3 Assess electronic component SEE sensitivity
Each electronic component on the electronic equipment BoM is assessed for its susceptibility
to SEE, and classified according to its susceptibility to the various relevant SEE types (for
example SEB, SEL, MCU, MBU, SEU, SEFI…; for more details see IEC 62396-1).For all sensitive electronic components, cross-section data is obtained if possible. If no data
is available, conservative estimates may be utilized for this initial step. Table B.1 provides a
template for recording the components typically considered sensitive and which may result in
a SEE analysis. Notes may be added to the table to indicate the source of the cross-section
rates. This table may be used throughout the SEE analysis process, starting with the
electronic component assessment, evaluation of mitigations/protections and SEE impact
analysis.Electronic components assessment process steps may include:
a) Classification of each electronic component as being either SEE-sensitive (identifying all
applicable SEE types) or not SEE-sensitive.b) For the sensitive electronic components, the column “Component SEE sensitivities” of
Table B.1 is populated. Sources of data may include:1) test data (from a source such as high energy neutron beam; see list of facilities
provided in IEC 62396-1 for example);2) industry data;
3) in-service flight data;
4) figure of merit (FoM) calculations based on test data from other sources (proton and
heavy ion);5) conservative estimates.
For more details related to these sources of data, one can refer to IEC 62396-1:2016,
Annex G, and IEC 62396-2.c) For each sensitive electronic component, describe the SEE sensitivity and provide all the
SEE cross-section data for each applicable SEE type for the electronic component. Details
on calculating the SEE rates in avionics are provided in IEC 62396-1.The cross-section data, such as test data, vendor data or in-service data may be recorded
into the template proposed in Table B.1, column “SEE cross-section data (cm /bit)” or column
“SEE cross-section data (cm /device)”.The SEE response of an electronic component is characterized as the SEE cross-section of
2 2that component. The SEE cross-section unit is cm /device or cm /bit. This cross-section,
which is obtained through test, is the number of radiation events divided by the fluence of
particles (particle/cm , particle flux integrated over the exposure time) to which the electronic
component was exposed.The SEE rate is calculated by multiplying the SEE cross-section and the integrated neutron
2 2flux rate. Generally, 6 000 neutron/cm h (E > 10 MeV) and 9 300 neutron/cm h (E > 1 MeV)
are used for these calculations. The 1 MeV rate and greater is utilized for electronic
components with feature sizes less than 150 nm.This flux value represents the nominal high energy neutrons at 40 000 ft and 45° latitude, and
is a recognized industry standard value. Details on calculating SEE rates in avionics are
provided in IEC 62396-1. Thermal energy neutron background information is provided in
IEC 62396-5.The cross-sectional area is a figure of merit that establishes how sensitive the electronic
component is to the effects of atmospheric radiation. The different types of effects, such as
SEU, SEL or SEFI, have independent cross-sections. SEFI rates are often defined on a per-
---------------------- Page: 11 ----------------------– 10 – IEC TR 62396-7:2017 © IEC 2017
device basis as the total number of registers in the electronic component; usually they are not
shared by the original electronic component manufacturer.To establish a normalized standardized flux for avionics calculations, refer to IEC 62396-1 for
guidance about when different flux rates should be used (consideration of different altitudes
and latitudes, etc.). This is the standard number for quantitative calculations. Actual flux
varies according to altitude, latitude, and solar activity. For example, one electronic
component SEE rate can be approximated as follows (if its feature size is more than 150nm):
SEE rate per electronic component = Bit upset per electronic component hour =6 000 neutron/cm /h x electronic component cross-section for E > 10 MeV.
A more accurate calculation integrates the flux and the cross-section curves.
4.4 Identify and account for mitigations and electronic equipment effects
Using the results for 4.3, the impact of SEE on the electronic equipment functionality may be
determined, taking into account the electronic component cross-sections, electronic
equipment design and implemented mitigations, protections and utilizationsThis evaluation includes information related to the SEE rates of the electronic components
which have been deemed both susceptible and critical. The radiation evaluation provides an
assessment of the impacts of mitigations/protections/utilizations on SEE rates. Early in the
development program, electronic components selection and architectural decision are not
final. Therefore, the evaluation process may be started during this timeframe and may provide
aid in the assessment of proposed electronic components. In the later phases of the
development program, this process may further quantify SEE rates.SEE rates can be adjusted for the conditions used within the design. Examples may include
accounting for the number of bits/registers utilized, on-chip error mitigation and electronic
equipment level error mitigation. Mitigation options and techniques may include electronic
component-level technology solutions, hardened circuit designs, and fault-tolerant electronic
equipment architectures.Examples of mitigations/protections, which can be accounted, include:
a) Device / bit utilizations:
– include only the bits utilized in the design;
– account for the total number of control registers in components such as FPGAs.
b) Timing aspects:
– active monitors;
– watchdog timer, bit-stream CRC check; periodic CRC check of an FPGA may not be
considered fully mitigation unless the CRC is fast enough to catch the SEE before a
failure condition can be realized.c) Electronic component level mitigations:
– SEU tolerant finite state machine;
– triple modular redundancy;
– on-chip EDAC or ECC;
– scrubbing (error correction technique which uses a background task that periodically
inspects memory for errors).d) Electronic equipment level mitigations:
– data scrubbing;
– voting;
– triple modular redundancy (made by hardware or software);
---------------------- Page: 12 ----------------------
IEC TR 62396-7:2017 © IEC 2017 – 11 –
– reasonableness testing;
– CRC;
– watchdog timers;
– controlled power cycling.
e) Protections:
– filters, exposure window, data range-checking, continuous monitoring and exception
handling;– redundancy, watchdog supervisory logic, error correction, and partitioning.
Software techniques may be utilized to mitigate the effects of SEE induced errors. Examples
include replication of program execution, results checking, refreshing and monitoring
configuration, data range checking, input data filtering, program and constant refreshing, and
process partitioning.If the mitigated electronic components, utilizing conservative cross-section estimates, meet
the electronic equipment safety and reliability objectives then the evaluation may be
considered complete. If the initial SEE rate does not meet objectives, and has included
conservative cross-section estimates for untested electronic components, testing of the high
risk electronic components, or a re-design, may be an option.If a statistically significant amount of existing flight data is available for the electronic
components under analysis, then in-flight results may be another input into the radiation
evaluation. This method may need customer’s agreement in advance.4.5 Calculate SEE rates and analyse risk
The final SEE rate calculations are completed for each susceptible electronic component. This
may take into account all applicable cross-sections rates and the adjusted rates taking into
account mitigations/protections/utilizations. The “Evaluation” columns in Table B.1 may be
used to complete these SEE rate assessments. All mitigations/protections/utilizations factors
may be noted, with associated justifications and the updated SEE rates.Each electronic component is reviewed to determine if the SEE rate is acceptable. This is an
estimate and review of the electronic components rates in terms of overall safety and
reliability objectives for the electronic equipment is considered. The review may be made on a
single electronic component basis or cumulative electronic component basis. After the SEE
rates have been calculated using the available component cross-sections, device utilizations,
protections, and mitigations, it can be determined if the resulting SEE rate is acceptable. For
example, if the SEE rate is an order of magnitude less than the overall hardware failure rate
then it may be able to be considered negligible.During this evaluation phase of the process it may not be possible to complete a final analysis
to verify that all objectives have been met, however there may be enough information to
determine if it is reasonable to proceed with the SEE analysis or...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.