ECSS-Q-40B Safety (17 May 2002)

This Standard has been cancelled and replaced by ECSS-Q-ST-40C (6 March 2009).


This Standard defines the safety programme and the technical safety requirements that are implemented in order to comply with the ECSS safety policy as defined in ECSS-Q-00. It is intended to protect flight and ground personnel, the launch vehicle, associated payloads, ground support equipment, the general public, public and private property, and the environment from hazards associated with European space systems.

The ECSS safety policy is applied by implementing a system safety programme, supported by risk assessment, which can be summarized as follows:

  • hazardous characteristics (system and environmental hazards) and functions with potentially hazardous failure effects are identified and progressively evaluated by iteratively performing systematic safety analyses;
  • the potential hazardous consequences associated with the systemcharacter- istics and functional failures are subjected to a hazard reduction sequence whereby:
    • hazards are eliminated from the system design and operations;
    • hazards are minimized;
    • hazard controls are applied and verified.
  • the risks that remain after the application of a hazard elimination and reduc- tion process are progressively assessed and subjected to risk assessment, in order to:
    • show compliance with safety targets;
    • support design trade-offs;
    • identify and rank risk contributors;
    • support apportionment of project resources for risk reduction;
    • assess risk reduction progress;
    • support the safety and project decision-making process (e.g. waiver approval, residual risk acceptance).
  • the adequacy of the hazard and risk control measures applied are formally verified in order to support safety validation and risk acceptance;
  • approval obtained from the relevant authorities.


This Standard cancels and replaces ECSS-Q-40A (19 April 1996).