SIST EN 9227-2:2025

SLOVENSKI STANDARD
01-julij-2025
Aeronavtika - Vodenje programov - Vodilo za nadzor zanesljivosti
Aerospace series - Programme management - Guide for reliability control
Luft- und Raumfahrt - Programm-Management - Richtlinien für das management der
Zuvenlässigkeit
Série aérospatiale - Management de programme - Guide pour la maîtrise de la fiabilité
Ta slovenski standard je istoveten z: EN 9227-2:2025
ICS:
03.100.40 Raziskave in razvoj Research and development
49.020 Letala in vesoljska vozila na Aircraft and space vehicles in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN 9227-2
EUROPEAN STANDARD
NORME EUROPÉENNE
May 2025
EUROPÄISCHE NORM
ICS 49.140
English Version
Aerospace series - Programme management - Guide for
reliability control
Série aérospatiale - Management de programme - Luft- und Raumfahrt - Programm-Management -
Guide pour la maîtrise de la fiabilité Richtlinien für das management der Zuvenlässigkeit
This European Standard was approved by CEN on 7 April 2025.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 9227-2:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 List of acronyms . 7
5 Principles of reliability control . 8
5.1 Purpose of reliability control . 8
5.2 Construction of reliability . 8
6 Construction of reliability tasks . 8
6.1 Purpose of the clause . 8
6.2 Calculation tasks . 9
6.2.1 Reliability goals and allocation . 9
6.2.2 Reliability prediction . 10
6.3 Analysis tasks . 10
6.3.1 Risk analysis . 10
6.3.2 Experience feedback . 10
6.3.3 Functional analysis . 10
6.3.4 Failure mode, effects and criticality analysis (FMECA) . 11
6.3.5 Reliability and availability modelling . 12
6.3.6 Design guides. 14
6.3.7 Other analyses. 15
6.4 Testing tasks . 16
6.4.1 General. 16
6.4.2 Reliability/durability characterization tests in the development phase . 16
6.4.3 Use of integrated reliability growth tests (non-specific tests) . 17
6.4.4 Reliability dedicated growth tests . 17
6.4.5 Reliability demonstration tests . 17
6.4.6 Measurement of reliability in series production . 18
7 Management tasks . 19
7.1 Reliability programme plan . 19
7.2 Activity management . 19
7.3 Programme reviews . 19
7.4 Risk management . 19
7.5 Failure reporting analysis and corrective action system (FRACAS). 20
7.6 Reliability assurance . 20
8 Guidance for reliability control . 21
8.1 General. 21
8.2 Preparation phase . 22
8.2.1 Objectives . 22
8.2.2 Management tasks . 22
8.2.3 Calculation tasks . 22
8.2.4 Analysis tasks . 23
8.3 Realization phase . 24
8.3.1 Objectives . 24
8.3.2 Management tasks . 24
8.3.3 Calculation tasks . 25
8.3.4 Analysis tasks . 25
8.3.5 Testing tasks . 26
8.4 Use phase . 26
8.4.1 Objectives . 26
8.4.2 Management tasks . 26
8.4.3 Calculation tasks . 26
8.4.4 Analysis tasks . 27
8.4.5 Expected results . 27
Annex A (informative) Task summary table . 28
Bibliography . 30

European foreword
This document (EN 9227-2:2025) has been prepared by ASD-STAN.
After enquiries and votes carried out in accordance with the rules of this Association, this document has
received the approval of the National Associations and the Official Services of the member countries of
ASD-STAN, prior to its presentation to CEN.
This document shall be given the status of a national standard, either by publication of an identical text
or by endorsement, at the latest by November 2025, and conflicting national standards shall be
withdrawn at the latest by November 2025.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this document: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North
Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
1 Scope
The purpose of this document is to provide customers and their suppliers with a document specifying
the notions of product reliability “construction” and “management”.
It offers programme directors and project managers information likely to help them:
— determine the tasks to be performed and the application procedures, according to the specific
nature of the programme and its goals;
— define and implement the provisions necessary for performing these tasks;
— within programme execution, situate the various tasks involved in constructing and managing the
reliability of a product.
This document applies to all programmes (in particular aeronautical, space and armament
programmes).
These reliability construction procedures concern not only all the products and its constituents covered
by these programmes, but also the means and manufacturing processes to be implemented for
their realization.
The provisions of this document can be negotiated at all levels between the parties directly concerned
by a given programme. This implies, on the part of the customer, that each lower level is provided with
the information necessary to perform tasks and meet the specified targets.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp/
— IEC Electropedia: available at https://www.electropedia.org/
3.1
product
result of activities or processes
Note 1 to entry: Product categories can be services, hardware, software, processed materials, systems,
intermediate work products from elementary activities, such as documents or models.
Note 2 to entry: In the frame of a product developed to satisfy a customer’s need, the processes involved are the
expression of the need, the establishment of the definition, the industrialization and the production.
Note 3 to entry: The product can be either a final product to be delivered to a customer (e.g. aircraft, equipment)
or one of its components. In both cases, it represents the supply due under the contract.
3.2
reliability
aptitude of a product to perform a required function, in given conditions, for a given period of time
Note 1 to entry: It is generally assumed that the product is in a state to perform this required function at the
beginning of the time interval.
Note 2 to entry: Generally, reliability performance is quantified using appropriate measures. In some
applications, these measures include an expression of reliability performance as a probability, which is also
called reliability.
[SOURCE: EN 16601-00-01:2015, 2.3.170 and ISO 10795:2019]
3.3
basic reliability
ability of a product not to fail for a specified period of time or for a specified life profile
Note 1 to entry: This amounts to put in a row all the elements constituting the product in question, in terms of
“reliability”.
Note 2 to entry: Any failure is detrimental; in particular, a single failure on a redundant system reduces
basic reliability.
Note 3 to entry: This notion is particularly important for the logistics associated with the product.
3.4
mission reliability
ability of a product to perform its assigned functions for a specified mission profile
Note 1 to entry: This aspect is observed by the user; in particular, a single failure on a redundant system will not
reduce mission reliability.
3.5
reliability control
set of provisions and activities allowing to obtain the required reliability characteristics from a product
3.6
durability
ability of an item to perform a required function, under given conditions of use and maintenance, until
the end of its useful life
Note 1 to entry: Useful life ends with the definitive cessation of use of the entity, and is determined by a limit
state, i.e. when the risk of failure becomes unacceptable or when the entity is considered non-repairable following
a failure. The limit state is linked most often to wear or degradation. An entity may be considered non-repairable
when a repair cost is deemed unacceptable.
Note 2 to entry: In the case of non-repairable equipment, durability and reliability are synonymous. In the case of
repairable equipment, the limit state is decided in relation to economic reasons, a benefit/risk balance, etc.
Note 3 to entry: Not to be confused with sustainable development performance.
Note 4 to entry: Lifetime is the necessary time between commissioning and reaching the limit state.
[SOURCE: adapted from EN 13306:2017 – notes added]
3.7
system
arrangement of parts or elements that together exhibit a stated behaviour or meaning that the
individual constituents do not
Note 1 to entry: A system is sometimes considered as a product or as the services it provides.
Note 2 to entry: In practice, the interpretation of its meaning is frequently clarified by the use of an associative
noun, e.g. aircraft system.
Note 3 to entry: A complete system includes all of the associated equipment, facilities, material, computer
programs, firmware, technical documentation, services, and personnel required for operations and support to the
degree necessary for self-sufficient use in its intended environment.
[SOURCE: adapted from ISO/IEC/IEEE 15288:2023 – note 2 incomplete]
4 List of acronyms
ADMP Allied dependability management publication
CIL Critical items list
CMMS Computerized maintenance management system
COTS Commercial-off-the-shelf
DJD Definition justification dossier
EFA External functional analysis
FMEA Failure mode and effects analysis
FMECA Failure modes, effects and criticality analysis
FPS Functional performance specification
FRACAS Failure reporting, analysis and corrective action system
IFA Internal functional analysis
MBSA Model-based safety analysis
MBSE Model-based system engineering
MTBF Mean operating time between failures
MTTR Mean time to restoration
(N)TS (Need) technical specification
RAMS Reliability, availability, maintainability, safety
SEEA Software error effects analysis
5 Principles of reliability control
5.1 Purpose of reliability control
Its aim is to act in such a way:
— that the product achieves the necessary reliability to operate in accordance with the user needs,
as expressed;
— that the product accomplishes the mission for which it is intended;
— that the economic constraints for setting up and operating the product are taken into account.
This implies making compromises between costs, lead-times and performance.
5.2 Construction of reliability
Construction of reliability is the set of actions to be carried out to control reliability.
It is important that all reliability activities are integrated into the product
design/development/realization process through reliability construction and management activities
(reliability control).
Construction of reliability can be efficient only if the results of reliability studies and analyses are taken
into account as early as possible in the programme.
At this step, the actions carried out are the responsibility of the customer and of the supplier, their
purpose being to express goals and requirements that are realistic both from a technical point of view
and from a financial or calendar point of view.
This work results in a (need) technical specification [(N)TS] (see EN 9208), which specifies reliability
characteristics consistent with the other performance criteria, namely maintainability, availability
and safety.
Construction of reliability then continues throughout the design activities of the product in question
(including during validation and qualification of the product), then during the realization and
commissioning of this product.
Construction of reliability activity is carried out in accordance with the reliability, availability,
maintainability and safety (RAMS) plan and with the requirements of the (N)TS and the management
specification. Reliability is then maintained in accordance with this plan through to the disposal phase.
6 Construction of reliability tasks
6.1 Purpose of the clause
This clause explains the tasks that can be performed to construct reliability.
6.2 Calculation tasks
6.2.1 Reliability goals and allocation
The purpose of determining reliability goals and allocation is to:
— precise the reliability goals of the system and apply them to its constituent products (quantification
of characteristics according to operational goals);
— identify the main axes of the programme that require effort, help to set priorities and define the
necessary means.
Reliability goals and/or allocations are determined depending on the programme phase and
after having:
— identified the need;
— defined and analysed the life profile of the system;
— identified the environmental conditions.
They are determined on the basis of system performance requirements. Product-specific reliability
goals are allocated.
Their accuracy will depend on the experience acquired on similar systems (see 6.3.1):
— the basic reliability goals are established taking into account:
o economic constraints (e.g. cost, goal);
o safety constraints;
o the overall availability of the installed products (which depends on the policy and on the
maintenance means);
— the mission reliability goals for each mission can be defined based on:
o the required probability of success;
o the availability at the start of the mission;
o other parameters likely to influence mission progress;
— the reliability goals for each component are defined based on:
o the basic product reliability goals associated with each component;
o the mission reliability goals;
o the contribution of each component to the realization of the product’s functions (deduced from
the internal functional analysis – see 6.3.3) and the impact of potential failures of the
component in terms of degradation of the product’s functions (deduced from the risk
analysis – see 6.3.1).
The reliability goals of a given component are thus defined in the form of basic reliability (in relation to
the component and its life profile) and mission reliability goals (the missions of a component being
defined by its expected functions). These goals are often translated into failure rates.
6.2.2 Reliability prediction
The purpose of reliability prediction is to assess basic and mission reliability to ensure the proposed
design can meet the requirements.
Basic reliability is determined for each component on the basis of internal or external databases or from
models referenced in documents such as FIDES and MIL-HDBK 217F for electronic components.
This basic reliability data may take into consideration derating with respect to the maximum levels that
these components can support.
Mission reliability is determined by modelling the product’s architecture and mission profile.
Assessments are carried out using the mathematical reliability models defined in 6.3.4.
6.3 Analysis tasks
6.3.1 Risk analysis
The aim is to identify potential weaknesses of the product: general failure modes, effects of each
adverse event according to the product’s life profile situation.
This analysis is carried out at the level of the product and its constituents: all product events are
examined and their effects on the missions and safety of people and goods are determined.
This type of analysis is generally used at the beginning of the programme to determine the main feared
events and thus deduce the requirements and recommendations for the rest of the programme.
6.3.2 Experience feedback
The purpose of experience feedback activity is to collect and keep during the development, production
and use phases of the various products, and in a manner that can be used in short-, medium- and long-
term, all information useful for the design and realization of products that satisfy the need.
Given the dispersion of data and possible disparities between the values of reliability parameters in
external databases, the creation of dedicated and adapted banks may be considered.
Qualitative and quantitative data sources are brought together and synthesized to ensure all products
are processed consistently.
It is important that all data derived from the ongoing programme (including data from the failure
reporting analysis and corrective action system [FRACAS]) be entered into a database for use in future
programmes.
6.3.3 Functional analysis
Functional analysis can be used to:
— establish the need;
— determine the functions required to meet the need;
— identify the performance of each of these functions;
— build the function breakdown structure;
— identify the constraints applied to each function;
— analyse the solutions that meet these functions and their performance.
Functional analysis serves as a common core for:
— the design (to establish the functional performance specifications [FPS] of the constituents of
the product);
— value analysis;
— the construction of documentation (according to the function breakdown structure);
— configuration management;
— reliability analyses;
— subsequent justifications for processing non-conformities;
— justification of measures.
The RAMS analyst may need to use both levels of functional analysis:
— external functional analysis (EFA) to understand the context in which the product operates and for
example analyse the consequences of failures;
— internal functional analysis (IFA) to understand the internal design of the product, by analysing its
constituents, to identify malfunctions.
NOTE See subclause 6.4.3 of RG.Aero 000 50A:2025.
6.3.4 Failure mode, effects and criticality analysis (FMECA)
The purpose of the FMECA is to identify all of a product’s possible failure modes and to determine their
consequences on the performance of this product in order to assist its design, in terms for example of
risk control or maintenance support.
The FMECA offers the advantage of spotlighting both simple failures and degraded modes. Therefore,
the FMECA provides a knowledge base for the product in question and can be used to manage failures.
Except in specific cases, the FMECA does not combine events and does not take into account event
sequencing or combined scenarios.
NOTE This approach can be generalized to include critical analysis of processes of manufacturing, maintenance
and associated tools.
This approach can be applied to all levels of the product breakdown structure. Therefore, it is important
to determine the level at which the analysis is made and the goal sought.
All the hardware, software and functional failure modes possible at this level are examined and their
effects on higher levels are determined.
The analysis can be carried out in all life profile situations in all modes of operation of the product
in question.
In the context of FMECA, the term “criticality of effects” covers the effects of the failure not only on
safety, but also on mission success, availability, need for product maintenance and logistics support, as
well as how the failure manifests itself to the operator or maintenance staff.
NOTE 1 The FMECAs used for software are better known by the acronym SEEA (software errors
effects analysis).
NOTE 2 When only the consequences of failures are studied, without considering their frequency or probability,
the acronym FMEA (failure mode and effects analysis) is used.
NOTE 3 FMECAs and FMEAs are performed either by component or by function.
6.3.5 Reliability and availability modelling
6.3.5.1 General
The analyses described below rapidly become complex and require the use of computer resources.
Block diagram, fault tree, Markov chain and Petri net type models are not always easy to use. In this
case, the behaviour of a product can be simulated by temporal simulation.
RAMS analysis processes use dedicated RAMS modelling tools and languages (which can be grouped
under the term MBSA [model-based safety analysis]) that are based on general engineering models
(model-based system engineering [MBSE]) representative of the system. These modelling allow to
verify the requirements and hypotheses, and to simulate hypotheses (trade-offs) in order to optimize
the system architecture solutions.
6.3.5.2 Reliability block diagram
The purpose of these reliability models is to:
— create graphical representations of the product to show how it works (e.g. reliability block
diagram, various functional diagrams) in order to spotlight redundancies and “paths to success”;
— generate the mathematical representations associated with these models that may be used to
predict and assess mission reliability.
These models can be used to assess the reliability of the product, in particular mission reliability, based
on the reliability of the components.
The functional analysis can be used to establish, describe in detail down to the required level, and
maintain the reliability models and deduce the mathematical representations.
6.3.5.3 Fault tree
Its purpose is to search, as exhaustively as possible, for combinations of events that lead to the
occurrence of events that adversely affect the product, with the aim of:
— analysing adverse events;
— analysing combinations of failures in connection with the adverse events;
— quantifying the probability of adverse events.
NOTE The fault tree is used primarily for safety studies and to assist in fault diagnosis but can also be used in
some reliability calculations.
The fault tree is a diagram representing a logical combination of events leading to a Boolean equation.
It can be considered from both a qualitative and a quantitative aspect:
— establishment of minimal cuts by reducing the Boolean equations giving a synthetic representation
of the tree;
— probability of occurrence of events.
The fault tree cannot be used to deal with sequential aspects such as repair or reconfiguration because
there is a risk of non-exhaustiveness.
6.3.5.4 Markov chain
The purpose is to determine the probability that a product will be in a given state at a given time, when:
— the initial state is known;
— the conditional probabilities of transitioning from one state to another (or transition probabilities)
depend only on these two states and not on previous states;
— the product cannot be in several states at the same time.
It is a representation, possibly in the form of a graph, of all:
— the states of the product (vertices of the graph);
— the transitions (arcs);
— the transition probabilities (values).
This allows elaboration of equations translating changes in the product over time and resolved using
matrix calculation techniques.
In particular, the Markov chain can be used to calculate the average amount of time spent in each state.
6.3.5.5 Petri nets
For complex or critical products, considered “reliable, available, maintainable and safe”, Petri nets can
be used to eliminate design defects for which previous methods are not suitable.
Petri nets can be used to provide an abstract and formal illustration of the interactions of processes
(synchronous, asynchronous, concurrent) representative of the life of a product, for example when
resources are shared by several users.
The materialization of information flows requires:
— the statistical support of a directed graph built on three sets that can be interpreted by the user:
places, arcs and transitions;
— a dynamic function for marking places with symbolic “tokens” indicating the presence at a given
time of particular information or initialization.
6.3.6 Design guides
The design guides used in engineering offices for each type of product or technology provide criteria,
methods and techniques to:
— avoid introducing design errors that would reduce reliability;
— calculate and reduce the constraints applied to parts and components;
— reduce the effects of parameter variations (e.g. manufacturing dispersion, wear, drift) on
performance;
— calculate and optimize tolerances;
— limit the use of technologies whose reliability has not been demonstrated, although all technologies
shall be validated before the production phase.
Such guides should include:
— rules for using electromechanical or electronic components at a performance level lower than the
maximum level stated by their manufacturers;
— rules for designing products that are tolerant of failures or performance drifts;
— coding rules for software;
— rules for using off-the-shelf products (COTS);
— criteria for choosing electromechanical or electronic components and materials;
— rules for defining the safety coefficients of mechanical equipment.
6.3.7 Other analyses
6.3.7.1 Sneak circuit analysis
The purpose of this type of analysis is to identify sneak circuits which, unrelated to any known failure,
cause an adverse event or inhibit a desired event.
Examples of sneak circuits include “paths”, sequences, wording and directions.
The scope and rationale for these analyses are carefully specified.
6.3.7.2 Area analysis
The purpose of an area analysis is to:
— identify failures that may result from the location of the product in its environment and the
physical layout of the components in relation to each other;
— determine their effects;
— carry out the corresponding risk reduction actions.
This study, which is only qualitative in nature, can be carried out as soon as the components are
identified and realization solutions are available (e.g. a layout drawing).
There are four steps to an area analysis:
— definition of the function, the associated requirements, the equipment, the area concerned;
— identification of the feared events linked to this layout (e.g. explosive mixture, pollution, interface
with human activity) and possible aggressions;
— identification of the components in the analysed area likely to be affected and assessment of
failures due to proximity as well as the resulting effects;
— proposed corrective actions.
6.3.7.3 Worst-case analysis
The purpose of these analyses is to quantify the effect of dispersions of parameters of components
serving a function, on the characteristics and/or on the performance of the product in question.
They seek to check that these dispersions do not lead to:
— an unacceptable degradation of the function;
— the emergence of unacceptable risks.
For these analyses to be cost-effective, their level is carefully specified.
Depending on the technologies implemented for the product in question and on the knowledge of the
distribution laws of the parameters, these analyses may be carried out:
— either by computer simulations, if modelling is possible;
— or by specific tolerance tests.
To perform these analyses, there are two possible approaches:
— the deterministic approach, which takes into account the extreme values of the parameters; this is
called “worst-case analysis”;
— the statistical approach, which takes into account the distribution law of the parameters of each
component to obtain the distribution law of the output parameters of the function in question; this
is called “tolerancing analysis”.
6.4 Testing tasks
6.4.1 General
Throughout the development phase, the test programmes carried out at all levels of product integration
shall help to control its reliability as well as the other specified functional performances.
In particular, test programmes can be used for reliability by highlighting weaknesses in the design,
technologies used and manufacturing methods.
Other specific test programmes are designed to:
— accelerate the maturing process of the product and quantify this process (reliability dedicated growth tests);
— formally demonstrate the conformity of the product’s level of reliability with requirements
(reliability demonstration tests).
All these tests will contribute even more to the product reliability growth if they are based on the FRACAS.
NOTE Debugging is part of the manufacturing process, it helps to improve the reliability of the products
delivered. Debugging is not considered a test (see RF.Aero 900 10).
6.4.2 Reliability/durability characterization tests in the development phase
The purpose of reliability and durability testing in the development phase is to confirm reliability
predictions and the associated modelling.
These tests are generally performed on the components considered critical or of primary importance in
the developed product.
Several types of tests may be carried out in the development phase:
— fracture tests to characterize the strength of a material or component;
— tests with degradation measurement to identify damage behaviour and influential parameters
(e.g. with an experimental plan);
— endurance tests (censored or truncated) to demonstrate experimental reliability at a given
confidence level. These endurance tests can be performed with or without an acceleration factor.
6.4.3 Use of integrated reliability growth tests (non-specific tests)
In terms of reliability, it is important that all tests are used to:
— reveal issues related to the design, technologies or manufacturing methods that result in
insufficient reliability;
— determine the root causes of the identified weaknesses and decide on the appropriate
corrective actions;
— assess the effectiveness of corrective actions once they have been incorporated into the products
under test.
6.4.4 Reliability dedicated growth tests
The purpose of these tests, that are specifically geared to reliability, is to:
— accelerate the process of detecting weaknesses that are inherent to the design or manufacture of
the product, by subjecting it to a long-term test, designed especially for this purpose and
reproducing as closely as possible the operational use profile specified for the product in question;
— accelerate product maturation through efficient implementation of the “test/failure/corrective
action” process during each dedicated test;
— quantify the reliability growth observed with each dedicated test and determine the level of
reliability achieved at the end of testing;
— obtain a stabilized product from the first article production.
Reliability dedicated growth tests are defined according to specific contractual requirements.
6.4.5 Reliability demonstration tests
The purpose of reliability demonstration tests is to prove that the reliability of the product or of some of
its components is compatible, by their design or by the technologies used, with a specified goal for
determined conditions of use.
Unlike reliability dedicated growth tests, which are dynamic, reliability demonstration tests are
“observation” type tests, because they do not rely on the “test/failure/corrective action” process that
generates reliability growth, but are limited to demonstrating that the expected performance
is achieved.
Reliability demonstration tests are defined according to specific contractual requirements, such as:
— the configuration and technology of the product to be tested;
— the reliability goal(s) and required confidence level;
— the nature of the mortality laws of the product in question;
— the environment profile;
— the test sizing (hours or number of cycles);
— the test resources to be implemented;
— the reliability characteristics selected;
— the failure criteria;
— the acceptance criteria.
6.4.6 Measurement of reliability in series production
6.4.6.1 General
The aim is to ensure that product reliability remains in conformity with the requirements throughout
the production phase, irrespective of any changes made to tooling, manufacturing processes, design
or sourcing.
There are two types of production reliability test:
— product reliability acceptance;
— reliability assurance.
6.4.6.2 Product reliability acceptance test
The aim is to check, within the framework of a contract, that the reliability characteristics of the mass-
produced products remain compatible with the specified values throughout the production process
under given conditions.
The test is based on a batch test plan, negotiated with the customer and made contractual.
The test plan defines in particular:
— the characteristic of a production batch;
— the sample selection criterion;
— the type of test (fixed length or sequential);
— the statistical criterion corresponding to batch acceptance;
— the policy adopted in case of batch rejection.
NOTE Acceptance conditions are defined clearly taking into account acceptable sample sizes (test duration and
number of products tested) that are representative of the specified reliability parameters.
6.4.6.3 Reliability assurance
This is generally a voluntary (but sometimes negotiated) approach on the part of the manufacturer to
ensure that the product’s operational performance in terms of reliability does not deteriorate during
the series production phase.
In general, reliability assurance tests are geared more towards searching for indicators (e.g. drifts,
sensitive points) than towards formal measurement of a reliability characteristic.
This approach contributes to experience feedback (see 6.3.2).
7 Management tasks
7.1 Reliability programme plan
A reliability programme plan, defining “who does what, when and how” shall be written.
The reliability programme plan:
— defines the reliability control tasks to be implemented according to the chosen goals, the size of the
programme, its complexity, the development lead-times, the technologies used, the financial
possibilities and other requirements;
— identifies how the reliability programme is conducted and defines its phases (duration, insertion in
the general programme phases, milestones and meeting points with the ordering party);
— identifies the tasks to be performed and the corresponding responsibilities (customer or supplier)
for execution, assessment, management and inspection. It describes each task, sets the start and
...