200 likes | 454 Views
SYSTEMS SAFETY. J.T. Harper Code 302 NASA-Goddard Space Flight Center Greenbelt, MD 20771 301 ‑ 286 ‑ 7501 E-mail: james.t.harper@nasa.gov. SAFETY. Safe- - Freed from harm or risk. Safety-- The condition of being safe from undergoing or causing hurt, injury or loss.
E N D
SYSTEMS SAFETY J.T. Harper Code 302 NASA-Goddard Space Flight Center Greenbelt, MD 20771 301‑286‑7501 E-mail: james.t.harper@nasa.gov
SAFETY • Safe- - Freed from harm or risk. • Safety-- The condition of being safe from undergoing or causing hurt, injury or loss. • Perception of safety: • Influenced by culture and personal experience • Living within 5 miles of a Nuclear Power Plant • Having a loaded gun in the house. • Driving a loaded SUV on the highway at 70 mph.
COMMON HAZARDS AT GSFC • Electrical shock • Rupture of Pressurized Hardware • Cryogenics (Burns; Explosion; Asphyxiation) • Non-Ionizing (RF) Radiation • Battery Rupture (Fire; Toxic Gases) • Purge Gases (Asphyxiation) • Flammable Gases • Fire (Flammable Gases; Pyrophoric Materials; Electrical Systems) • Hazardous Chemicals (Toxic Vapors; Fire/Explosion)
Systems Safety The application of technical and managerial skills (hazard analysis) to the systematic, forward looking identification and control of hazards and risks throughout the life cycle of a project.
Hazard Analysis • A process to identify the hazards to personnel, flight hardware and facilities presented by your payload and it’s operations. • The more complex your payload and/or GSE; the more hazards. • Identify what could go wrong under worst case credible environmental/operational/failure conditions. What could go wrong? What happens next? • This must be done for each subsystem, and for the payload as a whole It is quite possible to have two subsystems that are each fault tolerant, but a combination of one failure in each equals catastrophe.
Project Management ‘True-isms” • ‘Any requirement can waived.’ • True for P.I.’s mission performance requirements. • ‘If you wait long enough, any requirement will go away.’ • True for P.I.’s mission performance requirements. • Non-compliance with safety requirements can be cause for cancellation.
SAFETY PRECEDENCE • DESIGN TO ELIMINATE HAZARDS - Do you really need that flammable, corrosive fluid to do your science? °DESIGN TO CONTROL HAZARDS - Fault Tolerance - Design For Minimum Risk ° PROVIDE SAFETY DEVICES - Relief Valves ° PROVIDE WARNING DEVICES ° PROVIDE SPECIAL PROCEDURES OR TRAINING
Safety Definitions Catastrophic hazard: • An event that results in injury or death to personnel, or damage to the flight hardware or ground equipment. • Must be controlled so that no combination of two failures or operator error (s) can result in a catastrophic hazard. In other words, 3 inhibits are required. Inhibit: • A design feature that provides a physical interruption between an energy source and a function. • Fault Tolerance: • Two or more inhibits are independent if no single credible failure, event or environment can eliminate more than one inhibit Design for minimum risk: • Concept that applies to hazards where inhibits are not practicable • Examples: • Structures • Pressure vessels, lines and components • Flammability • Critical mechanisms
SAFETY REQUIREMENTS ° Proving that you have safe hardware can involve climbing a tall mountain. The Safety Requirements provide a tunnel through the mountain. Safety Process and Design Requirements Documents AFSPC Manual 91-710 Range Safety User Requirements NPR 8715.3 NASA Safety Manual NASA Std. 8719.8 ELV Payload Safety Review Process Standard Additional Reference/Requirements Documents (NOT A COMPLETE LIST) KHB 1710.2 KSC Safety Practices Handbook MIL‑Std‑1522A Standard General Requirements for Safe Design and Operation of Pressurized Missile and Space Systems NASA‑Std-8714.9 Requirements for Interconnecting Cables, Harness and Wiring NFPA 70 National Electrical Code .
Project Team Safety Effort • All design disciplines must communicate and take part in the project safety effort. • Just because you comply with all of the Safety Requirements, does not mean that you have a safe design. • Assign an experienced systems safety engineer to work with the other team members • Systems Safety is this person’s sole duty. • A person the project trusts to tell them things they may not want to hear. • Develop a Project Safety Plan to act as a guide.
SUMMARY OF CURRENT NASA ELV PAYLOAD SAFETY REVIEW PROCESS Governing Documents ° NASA-STD 8719.8- EXPENDABLE LAUNCH VEHICLE PAYLOAD SAFETYREVIEW PROCESS STANDARD (JUNE 1998) - REFERENCES NASA SAFETY MANUAL - THIS PROCESS IS APPLICABLE TO ALL NASA ORBITAL AND SUB-ORBITAL PAYLOADS LAUNCHED BY ELV’s, INCLUDING SOUNDING ROCKETS AND BALLOONS. - THE SAFETY REVIEW PROCESS FOR SOUNDING ROCKET AND BALLOON PALOADS IS CONTAINED IN RSM-2002, RANGE SAFETYPOLICIES AND CRITERIA FOR GSFC/WFF.
SUMMARY OF CURRENT NASA ELV PAYLOAD SAFETY REVIEW PROCESS Governing Documents • KSC-PLN 2160, Rev. A- GUIDE FOR LAUNCH SERVICES PROGRAM SPACECRAFT PROCESSING AT KENNEDY SPACE CENTER (KSC) AND CAPE CANAVERAL AIR FORCE STATION (CCAS) (MAY 2004) • RANGE SAFETY REQUIREMENTS • EWR 127-1, EAST-WEST RANGE REQUIREMENTS • AFSPCMAN 91-710, RANGE SAFETY USER REQUIREMENTS • THE RANGE SAFETY REQUIREMENTS CONTAIN DETAILED AND SPECIFIC DESIGN, TESTING AND DATA REQUIREMENTS FOR BOTH FLIGHT HARDWARE AND GSE. (367 CLOSE SPACED PAGES, vs. NSTS 1700.7B+KHB 1700.7C=181 PAGES) • PRESENT NASA POLICY IS TO USE USAF RANGE SAFETY REQUIREMENTS AS A GUIDE FOR DESIGN AND VERIFICATION OF ELV PAYLOADS, GSE AND PRE-LAUNCH PROCESSING.
SUMMARY OF CURRENT NASA ELV PAYLOAD SAFETY REVIEW PROCESS Payload Safety Working Group (PWSG) ° PER NASA STD. 8719.8, THE REVIEW OF PAYLOAD SAFETY DATA IS PERFORMED BY THE PSWG • IT IS ESTABLISHED BY ‘APPROVING AUTHORITIES’. - PSWG MEMBERS: *PAYLOAD SAFETY *KSC SAFETY *RANGE SAFETY *LAUNCH VEHICLE SAFETY * PPF (PAYLOAD PROCESSING FACILITY) SAFETY - CHAIRPERSON ASSIGNMENT IS BASED ON LOCATION OF PPF.
SUMMARY OF CURRENT NASA ELV PAYLOAD SAFETY REVIEW PROCESS • PSWG FUNCTIONS TO RECOMMEND TO PAYLOAD PROJECT MANGEMENT, ACCEPTANCE OR REJECTION OF PAYLOAD SAFETY ANALYSES AND OTHER DATA, PROVIDED BY THE PAYLOAD PROJECT. - PSWG NORMALLY MEETS AS A ‘SPINTER’ AT OTHER MAJOR MEETINGS, SUCH AS DESIGN REVIEWS (PDR’s; CDR’s), GOWG’S AND MIWG’S. - PER NASA STD 8719.8: THE PSWG ‘WILL PROVIDE A DEFINED AND STRUCTURED APPROACH TO RESOLVING SAFETY RELATED ISSUES EARLY IN THE PAYLOAD DESIGN…’ BUT, ‘…IT IS NOT AN INDEPENDENT SAFETY ASSESSMENT FUNCTION.’ - SAFETY ISSUES BROUGHT TO THE PSWG ARE RESOLVED BY CONSENSUS OF THE VOTING MEMBERS. - IF CONSENSUS IS NOT REACHED, THE CHAIRPERSON ELEVATES THE ISSUE TO ‘UPPER LEVEL SAFETY MANAGEMENT’.
SUMMARY OF CURRENT NASA ELV PAYLOAD SAFETY REVIEW PROCESS SAFETY DATA SUBMITTALS • NASA-STD 8719.8 - THIS DOCUMENT PROVIDES NO SAFETY DATA SUBMITTAL TEMPLATE. • KSC-PLN 2160 - THREE (3) MSPSP SUBMITTALS, VIA KSC INTEGRATION MANAGER: • DRAFT MSPSP; SUBMITTED ‘AROUND PDR TIMEFRAME’ • PRELIMINARY MSPSP; SUBMITTED ‘POST CDR’ or ‘NLT MONTHS PRIOR TO LAUNCH’ • FINAL MSPSP; SUBMITTED 45 or 75 DAYS PRIOR TO ARRIVAL • RANGE SAFETY REQUIREMENTS - FOUR (4) MSPSP SUBMITTALS: * DRAFT MSPSP; SUBMITTED AT cDR * INITIAL MSPSP; SUBMITTED AT PDR * PRELIMINARY MSPSP; SUBMITTED AT CDR • FINAL MSPSP; SUBMITTED 45 DAYS PRIOR TO ARRIVAL NOTE: MOST PROJECTS TAILOR THE PROCESS SO AS TO SUBMIT TWO (2) MSPSP’s: - PRELIMINARY MSPSP; SUMBITTED NLT 1 YEAR PRIOR TO ARRIVAL - FINAL MSPSP; SUBMITTED 45 DAYS PRIOR TO ARRIVAL
SUMMARY OF CURRENT NASA ELV PAYLOAD SAFETY REVIEW PROCESS SAFETY DATA APPROVAL • PSWG LETTER TO ‘APPROVING AUTHORITIES’ RECOMMENDING APPROVAL OF MSPSP. • KSC SAFETY APPROVAL OF FINAL MSPSP VIA LETTER/MEMO TO PAYLOAD PROJECT. • RANGE SAFETY APPROVAL OF FINAL MSPSP VIA LETTER/MEMO TO PAYLOAD PROJECT. NOTE: HAZARD REPORTS ARE CONSIDERED TO BE PART OF THE MSPSP. THERE IS NO REQUIREMENT FOR ANY OF THE ABOVE ORGANIZATIONS TO APPROVE (sign) PAYLOAD HAZARD REPORTS.
Proposed Changes To The NASA ELV Payload Safety Review Process CALIPSO SURFACED WEAKNESSES IN THE CURRENT ELV PAYLOAD SAFETY REVIEW PROCESS - NO CLEAR LINE OF SAFETY AUTHORITY FOR PAYLOAD DESIGN COMPLIANCE WITH SAFETY REQUIREMENTS - RELIANCE ON REQUIREMENTS ESTABLISHED BY ANOTHER AGENCY (USAF) - A LACK OF CONSISTANCY IN REGARDS TO REQUIREMENTS INTERPRETATIONS AND COMPLIANCE - CURRENT PROCESS IS SUBJECT TO MISUNDERSTANDING AND CONFUSION ON THE PART OF NASA’s PARTNERS AND CONTRACTORS - NO CLEAR DIRECTION ON THE APPLICABLE SAFETY VARIANCE PROCESS - NO CLEAR DIRECTION FOR WHEN THE SWG CAN NOT ACHIEVE CONSENSUS ON A SAFETY ISSUE, RESULTING IN THE ISSUE FESTERING UNTIL THE ‘FINAL HOUR’
Proposed Changes To The NASA ELV Payload Safety Review Process ° NASA HQ HAS SET-UP A WORKING GROUP TO ESTABLISH A NEW ELV PAYLOAD SAFETY REVIEW PROGRAM • HQ OSMA (Chair) • -KSC SMA • JPL SMA • -GSFC CODE 302 ° WORKING GROUP OBJECTIVES • ESTABLISH A NASA ORGANIZATION RESPONSIBLE FOR CONSISTENT INTERPRETATION AND IMPLEMENTATION OF SAFETY REQUIREMENTS, AND THE SAFETY REVIEW PROCESS • ESTABLISH AND MAINTAIN NASA ELV PAYLOAD SAFETY REQUIREMENTS • IDENTIFY DECISION MAKING AUTHORITIES
Proposed Changes To The NASA ELV Payload Safety Review Process GSFC PROPOSSED CHANGES • ESTABLISH THE NEW SAFETY ORGANIZATION AT NASA HQ • PATTERN THE NEW PROCESS AFTER NASA’s OTHER SUCCESSFUL PAYLOAD SAFETY REVIEW PROCESS (SPACE SHUTTLE PSRP) • FORMAL STAND-UP REVIEW OF PAYLOAD SAFETY DESIGN AND HAZARD REPORTS • REVIEW PANEL APPROVAL OF ALL HAZARD REPORTS • REVIEW OF PROPOSSED SAFETY WAIVERS • FORMAL INTERPRETATION OF SAFETY REQUIREMENTS • ESTABLISH A FORMAL PRE-LAUNCH PROCESSING ‘CoFR’ FOR ELV PAYLOADS • SUBMITTED BY PAYLOAD PROJECT MANAGER • CONCURRENCE BY REVIEW PANEL CHAIRMAN • APPROVED BY NASA HQ