RTCA, Inc
1828 L Street, NW Suite 805
Washington, DC 20036
RTCA/DO-160?
Environmental Conditions and Test
Procedures for Airborne Equipment
Section 2X
Atmospheric Radiation
Table of Contents
Atmospheric Radiation
Purpose of the Test
This section identifies the analysis requirements and or test procedures for aircraft
equipment whose normal functional flight envelope exceeds 18,000 ft or 5486 m.
The purpose of the analysis and tests is to validate the ability of the equipment under test
to function properly per equipment specifications at higher altitudes while under the
increased effects of back ground atmospheric radiation. These tests evaluate normal and
reasonable worst case radiation environments that vary by altitude, latitude and solar
activity.
Note: Tests in this section can be performed in any order in relation to other
environmental tests of this document.
Note: The methodologies used to evaluate an individual electronic component’s
radiation effects properties are performed at much higher neutron rates and with different
procedures then those described in this section.
Equipment Categories and Means of Compliance
Design
Assurance
Level (DAL)
Failure Affect
Level A
Cause or contribute
to a catastrophic
system function
failure
Level B
Cause or contribute
to a hazardous /
severe –major
failure
Cause or contribute
to a major failure
Cause or contribute
to a minor failure
Cause or contribute
to a failure with no
effect on aircraft or
pilot workload
Level C
Level D
Level E
Acceptable
means of
compliance for
safety.
Test
Acceptable means of
compliance for validating
warranty, availability and
reliability requirements.
Test
Test
Test
Test or
Analysis
Not Required
Test or Analysis
Not Required
Test or Analysis
Table 1
Test or Analysis
Compliance by Analysis
Validation of Requirements can be accomplished by Analysis if the equipment category
is DAL Level C or lower. Analysis is an effective tool as long as no components are
inadvertently excluded from the list of potentially sensitive components subject to
analysis. In today’s rapidly evolving semiconductor market, new failure mechanisms are
appearing and parts that previously have had no sensitivity suddenly are sensitive. This
combined with the increased complexity of today’s equipment requires that testing is the
only way to ensure the proper operation of safety critical equipment with DAL of A or B.
Scope of Analysis
Almost any active component in an electronic system design has the potential for
sensitivity to radiation effects. Examples of these kinds of components are op-amps, opto
couplers, pulse width modulators for power supplies, programmable devices, memory
and processors. Typically in the design process, a safety analysis is performed at an
electronic system level to determine critical functional failure paths. The list of
electronic components used to implement these critical failure paths is then reviewed to
identify components with potential sensitivity to radiation effects.
These identified components are either tested at a neutron lab or the test data from
previously run tests can be purchased. The test data rates are then rolled up into the
failure analysis to validate that the safety, availability and reliability requirements can be
met.
The exact details of this process are defined in SAE ARP 4761 "Guidelines and Methods
for Conducting the Safety Assessment Process on Civil Airborne Systems and
Equipment" and IEC/TS 62396 Process management for avionics - Atmospheric
radiation effects.
Compliance by Test
The Test Environment
The test environment is a shielded open room with a 14MeV neutron source. The nature
of the source is that the neutrons emit from a center location and radiate in a spherical
pattern. On the geometric plane that the UUT is located, as distance from the source
increases the density of the neutrons decreases by the inverse square of the distance.
Because of this phenomenon and the fact that most units under test (UUT) have a volume
and are usually flat in design, means that one part of a UUT will receive a slightly
different density of neutrons than another. As a result, attention is given to controlling
the placement of the UUT to ensure that all components being tested are exposed to the
same neutron density with a bounded +/- tolerance.
Figure 1
In the aircraft environment there are three types or geometric shapes of equipment.
These would be:
1. A LRM (line replaceable module), thin in design with 1 or 2 circuit card
assemblies;
2. A federated ATR category LRU sized from ¼ to 1 ½ ATR in both short or long;
3. Or an IMA (Integrated Modular Avionics) cabinet, which is a larger cabinet
assembly containing many LRMs.
Figure 2
Figure 2 is a rough geometric layout of an LRM. An LRM usually consists of a thin
rectangular enclosure which encapsulates one or perhaps two CCA (circuit card
assemblies). As sensitive components are identified their location on the CCA is noted.
In Figure 2, the line labeled “A” denotes the center line location of the left most
component. The line labeled “B” denotes the center line location of the right most
component. The line labeled “C” denotes the center line location of the bottom most
component. The line labeled “D” denotes the center line location of the top most
component. The intersection of these lines define a rectangle or test area on the CCA.
For LRM qualification testing, the center of this rectangle will be used as a point of
reference when orienting the LRM in the neutron beam. Typically the beam will be
oriented so that it impacts the LRM perpendicular to the CCA at the center point. The
distance from the neutron source will be measured to the center point of the above
described test rectangle.
If this LRM is included in an IMA cabinet that is undergoing cabinet or system level
qualification, then this rectangle will be considered in determining the center reference
point for the IMA Cabinet.
Figure 3
Figure 3 is a rough geometric layout of an LRU. An LRU will usually consist of many
circuit cards. However, due to the nature of the design, many of these cards will contain
only passive components used to control EMI, etc. In this representation of the LRU, the
four lower circuit cards are the only ones with components that may have some radiation
susceptibility. If this is not the case, the size of the rectangle may force breaking the test
into two or more test areas. This is driven by the geometric case that the width of the
rectangle cannot exceed 20 cm. Table 2 describes this and shows that the increased
distance between “A” and “B” requires that the UUT be placed farther away from the
neutron source to reduce the angular distortion of the beam on a flat surface.
As sensitive components are identified their location on each of the CCA is noted. In
Figure 3, the line labeled “A” denotes the center line location of the left most CCA. For
example, if the most left card contained no sensitive components, then line “A” would be
moved over to the next CCA to the right. The line labeled “B” denotes the center line
location of the right most CCA. The line labeled “C” denotes the center line location of
the bottom most component on any of the CCAs. The line labeled “D” denotes the center
line location of the top most component on any of the CCAs. The intersection of these
lines define a rectangle or test area on the LRU.
Min
Max *
offset
Single card or module
45
168
0
Front to back separation of 5cm
50
168
0
Front to back separation of 8cm
80
168
0
Front to back separation of 10cm
95
168
0
Front to back separation of 13cm
125
168
0
Front to back separation of 15cm
125
168
2
Front to back separation of 18cm
125
168
5
Front to back separation of 20cm
125
168
7
* Assuming a beam source with 1 E10 max intensity.
Min
Max *
offset
Single card or module
45
53
Front to back separation of 5cm
50
53
* Assuming a beam source with 1 E9 max intensity.
Table 2 UUT placement matrix
Figure 4
0
0
Figure 4 is a rough geometric layout of an IMA Cabinet. In many cases an IMA Cabinet
fully populated with many different kinds of previously qualified LRMs may need to be
qualified to validate the system level considerations of SEU (Single Event Upset) caused
by Atmospheric Radiation. In many cases, this is required since many of the techniques
used to detect or mitigate erroneous SEU behavior are implemented in software or by
system level methods or architectures.
An IMA Cabinet will usually consist of power supplies and many different LRMs. In
this representation of the IMA Cabinet, the test area rectangles mentioned above for each
LRM are compared to produce lines “A” and “B”. Keep in mind that this is three
dimensional. The LRMs had four lines and the above figure only shows one dimension
of that rectangle. If the narrower side of the combined IMA test rectangle happens to be
in the depth dimension of Figure 4 then the Cabinet should be rotated so that the neutron
beam passes perpendicularly through the narrowest dimension.
Validation of Warranty and Reliability Requirements
Tests and analysis of many electronic components used in Airborne Equipment has
shown a significant susceptibility to the effects of Atmospheric Radiation and in many
cases these direct or indirect effects will result in hard permanent failures that will occur
at rates far greater than normal reliability predictions.
Test Setup
Due to the nature of these tests and the potential for hard failures to be induced by
radiation, it is recommended that two or three units be available for testing or be tested at
the same time.
Testing at the LRM level is for qualification.
Testing at the LRU level is for qualification.
Testing at the IMA Cabinet level is for Cabinet or system level qualification.
For all qualification tests, the UUT will be placed at a distance from the source per this
test section and the beam intensity for that prescribed distance will be adjusted to produce
28,000 n/cm²sec at the determined test center. This produces a time acceleration factor of
10,000X hours of life for each hour of test.
Pass / Fail Criteria
Warranty and Reliability Validation
One of the aspects of radiation effects on electronic components is a failure mechanism
which results in the UUT to cease normal function. This can either be a permanent
condition requiring removal and repair or it can be a temporary condition requiring power
cycling to restore unit functionality.
Permanent Failures - To pass the test, the number of failures when normalized to the time
acceleration of the test environment, must be less than the number projected by the
calculated MTBF of the UUT.
Temporary Failures - To pass the test, the number of failures when normalized to the time
acceleration of the test environment, must be less than the number projected by the
calculated MTBUR of the UUT. If there are limitations on the frequency of power
cycling on the targeted aircraft, then this restriction combined with potential MEL
requirements may supersede MTBUR requirements for the pass fail criteria.
Any failures occurring at an average rate less than 30 minutes of real test time, shall be
considered failed.
Working Notes
For warranty and reliability use 28,000 n/cm²sec. This produces a time acceleration
factor of 10,000X hours of life for each hour of test.
For safety validation, this same environment works to provide a time acceleration of
100X a significant solar event.