 In this video, you will get all the information you will need to perform a preliminary risk analysis of an Earth Observation Satellite later on. This technique is part of the risk identification and analysis activities required to develop this case study. Remember, you are participating in a project to design an Earth Observation Satellite able to take detailed images of a chosen part of the world. Our customer has some requirements regarding safety and dependability. One of the requirements is to perform a preliminary risk analysis. First, we suggest doing a functional breakdown at system level. Then, we will identify the different life cycle phases and finally, we will be able to analyze various failure scenarios. The functional breakdown allows us to identify the different parts of the satellite. We can separate the system into two main parts, the satellite and the ground segment. Now, we can divide the satellite into two parts, the platform and the payload. The platform includes the power supply, the transceiver, the main computer, the attitude control system and the thermal control. The payload contains all the image detection, compression, storage and transmission units. The ground segment includes the two antennas, the command control and image center and the data communication network. Now, we will identify the different life cycle phases of the system. There are four main phases. The first phase is the ground phase. It concerns the preparation of the satellite before launch. The second phase is the launch phase when the satellite is sent into space. The third phase is the space phase. Space phase can be divided into four stages. First, the early orbit phase where the satellite is separated from the launcher and is positioned in its orbit and the solar arrays are deployed. Second, the operational mode when the satellite is positioned and operating normally, capturing and transmitting images. Third, the orbit controlled mode when the satellite has to be repositioned on its working orbit to perform its mission. And finally, the safe hold mode in case of detection of any critical event that might indicate loss of control or dangerous conditions. Finally, the fourth phase of the overall life cycle is the disposal when the satellite finishes its mission. Now, we will introduce the risk severity levels used in the space industry, so you will be able to classify the failure scenarios. There are four levels of severity that can be seen both from a dependability and safety point of view. From the most severe to the least severe, there four levels are Level one, catastrophic. Level two, critical. Level three, major. And level four, minor or negligible. The preliminary risk analysis should be done from a dependability and safety point of view. Here, we will only focus on the dependability events. From the dependability perspective, catastrophic risk would refer to failures that could propagate without control. A critical risk would imply the loss of the mission. A major risk would mean major mission degradation. And finally, a minor or negligible risk would mean minor mission degradation or any other effect. Now, we can perform our preliminary risk analysis according to the following template. In the column function, you must specify which part of the system you are analyzing. In the column failure scenario, you must list possible failures associated with the function. In the column phase, you must specify during which life cycle phase this failure could happen and bear consequences. In the column severity level, you have to classify the risks according to the risk level previously presented. Finally, suggest some design or operation recommendations to prevent these failures or to reduce their severity level. Let me give you an example of how to fill in the table. We will consider the solar array, which is part of the power generation unit. Due to volume constraints, solar array is held against the satellite structure during launch. Immediately afterwards, in the early orbit phase, pyrotechnic devices are fired to deploy it. A possible failure scenario could be the no deployment of the solar array during early orbit phase. This would mean the satellite would not be able to perform its functions, leading to the loss of the mission, which corresponds to a severity level of 2. That is critical. We could suggest implementing a redundancy of each solar array pyrotechnic deployment mechanism. You have seen how to do a preliminary risk analysis for a satellite. Now, it is your turn to do it.