GNSS | |
Is certification of Galileo a bureaucratic overhead?
Martin Grzebellus |
||||||||||||
GPs is running since more than a decade. There are user groups in all domains relying on the provided information. GPS is even used in safety critical environment, but there have been no certification of the GPS system nor are there any plans to do so. Within aviation, GPS is assumed to fulfill requirement on reliability and availability based on observations of the past. Is the discussion in Europe about certification of the Galileo SIS (Signal in Space) just another proof for the bureaucratic overhead imposed on the Galileo project? NavCert as part of the TÜV SÜD group is focused on certification in the area of positioning and navigation. The mission of the group is “choose certainty, add value”. Thus it’s not just a rhetoric question but instead a question which under is always important to us, to identify the value add of a certification. Looking to Galileo, the starting point is quite different compared to GPS. GPS is running since more than a decade and Galileo as it looks now will become fully operational in 5 years. Galileo shall be used immediately for a variety of applications. Galileo already is delayed by 5 years and nobody wants to wait in 5 years time frame to use Galileo in safety critical applications as no observed reliability and availability will be available. Then after another period of 5 or even 10 years observing reliability and availability, one will come hopefully to the conclusion that the observed functionality allows the usage of the Galileo system in safety critical applications. Thus to avoid further delay after Galileo becoming operational (FOC), a certification is required. Another mayor difference between GPS and Galileo is the integrity signal, as Galileo provides an indication on the reliability and availability of the information for all services except the OS (Open Service). Due to the importance of this information, an independent validation through a certification is required. A certification cannot guarantee any feature or functionality of the certified product or service. The certification however reduces risks in operation and increases probability that all will work as intended and planned. Certification processes differ according to the scope, the domain and the object of the certification. On a high level one can differentiate between an audit as in the certification of a management system based on IOS 9000:2000 or a certification of a product. The product certification consists of two main parts, on the one side the hands on activity typically done in a laboratory and Figure 2: Galileo certification the paperwork desk oriented part of the certification. This is depicted in figure 1. Each of the phases is again divided in two parts. The activities in the laboratory are split into test and review. At first, the object under test is examined, measured and analyzed and if the certificate shall apply not only to a sample of a product but to all units of the mass production, a factory inspection has to be done as well. In the second step, the review, an independent person who was not involved in the testing, will review all protocols of the first phase to identify any discrepancies, to look for completeness of the generated documents and to check if the results are in the expected range. If not, the reviewer will ask for additional information from the tester or even to redo specific tests. In the second phase the actual certification, a technical certifier with at least the same technical skills and competence as the tester and reviewer will look to all documentation from the testing including the protocols of the reviewer. Only if the technical certifier will identify no issues, he will forward all documents to the formal certification entity. Here a formal check takes place to verify that the standard specified in the order is the same as the standard according to which the tests were performed. In addition it will be validated that the laboratory, the used equipment, the tester and the technical certifier have the formal authorization to perform their work for this standard. Only if this last check is also positive, a certificate will be printed. The technical certifier will sign this certificate to document his personal liability for the certification process. Of course this liability is forwarded to the head of the certification entity and finally Figure 3: From application specific to multimodal certification to the insurance company providing coverage for the certification body as required by the accrediting authority. The issued certificate typically is valid for a specific period of time depending on the criticality of the certified product; this might vary between 3 months up to 12 months. After this period a recertification has to be done which normally does not require all activities of the initial certification. A re-certification can be done for a well defined number of times and then again a new certification is required. The certification of the Galileo system imposes some challenges as Galileo has been designed to be used by all domains (aviation, rail, road and maritime) and in a variety of verticals opposed to EGNOS which was primarily linked to the aviation domain. For EGNOS the requirements of aviation were the base for the design and for the certification of the system. Galileo has to fulfill the requirements of all domains to be accepted and used later on in a variety of applications. Thus the certification of the Galileo system has to be mapped to the requirements of all domains. A study has been performed, the GALCERT project, funded by GSA, Brussels and managed by GZVB, Braunschweig to identify a way forward how to facilitate the usage of Galileo in all domains. The concept is depicted in figure 2. The domain specific requirements have to be reviewed, transferred and consolidated to achieve acceptance of the certification by all domains. The certification of the Galileo system will focus on the SIS or might even include a reference receiver as a black box to provide an easier accessible interface for the certification of the applications. There still will be a lot of requirements specific in each domain resulting from the applications. Thus with a certification for Galileo SIS in place, dedicated certifications for aviation APV II (approach operations with vertical guidance) |
||||||||||||
|
||||||||||||
|