The objective of this activity is to propose generic solutions for the AOCS/GNC functional chain to recurring issues currently met with Failure Detection Isolation and Recovery (FDIR), both in the technical design versus requirements area and in the early verification area.

 

The standard 'Satellite AOCS requirements' (ECSS-E-ST-60-30C) will not impose a strict upfront architectural design with a full segregation of A branch and B branch. Innovative control solutions need to be proposed, with the proper balance between mission availability and satellite survivability while also reducing the current complexity of FDIR implementation.

 

Projects also suffer from a late dynamic verification of the FDIR mechanisms often postponed to the overall avionics verification, when all HW and SW elements are available. A design framework will thus be proposed allowing already in Phase A/B an early prototyping and dynamic verification of FDIR AOCS/GNC mechanisms. This will complement the current TRP activity 'FDIR Development and VV Process' ref. T702-301SW which tackles discrete failure observables.

 

This activity will contribute to mitigate the current lack of systematic approach and the lack of engineering transparency and guidance of the FDIR engineering process, with also the aim to decrease overall complexity. It will contribute from the AOCS/GNC perspective to the preparation of an ESA FDIR design and development handbook, in coordination with Software and Data Handling efforts.

 

 

The activity will include the following tasks:

 

• Critical analysis of customer's requirements evolution between fully segregated HW constraints for Safe Mode (traditional ESA approach)and authorised reusepending justifications.

 

• Critical analysis of current AOCS/GNC FDIR complexity and proposals for simplification with equivalent coverage, including model-based approach orintelligent sensors.

 

• Survey of ECSS documents relevant for AOCS/GNC FDIR bottom-up synthesis (failure analysis) and top-down synthesis (feared events analysis) and guideline for AOCS/GNC engineers from QA/PA techniques.

 

• Development of a design framework allowing a rapid prototyping and earlydynamic verification of FDIR from the AOCS/GNC perspective in Phase A/B, to be tested on already developed AOCS FDIR systems (either Telecom or Earth Observation or Science missions).

 

• Recommendations for next generation intelligent sensors enabling more efficient FDIR and Health Monitoring Systems.

 

• Conclusions and control inputs for an ESA FDIR handbook.