1 / 15

Managerial and Contractual Issues in a Mission-Critical Air Force Project

Managerial and Contractual Issues in a Mission-Critical Air Force Project. Rod Barto 1 , Rich Katz 1 , and Kevin Hames 2 1 NASA Office of Logic Design 2 NASA Johnson Space Center. Introduction.

ricky
Download Presentation

Managerial and Contractual Issues in a Mission-Critical Air Force Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managerial and Contractual Issues in a Mission-Critical Air Force Project Rod Barto 1, Rich Katz 1, and Kevin Hames 2 1 NASA Office of Logic Design 2 NASA Johnson Space Center Page 1

  2. Introduction • In January 2003, the NASA Office of Logic Design was to form an independent assessment team (IAT) to review an Air Force project • Review Subject: Safety-critical missile electronics • The system had not yet been delivered by the contractor Page 2

  3. Purpose of Paper • Discuss corporate issues that led to program problems • Discuss factors that contributed to the review’s success • Present a success story in which a concerned engineer prevented the delivery of a poorly designed system Page 3

  4. Impetus for Review • An Air Force safety engineer • Was concerned over use of PLD (Altera Max 9000) • Was not an expert in technology • Faced considerable pressure to accept design • Stuck to his guns and pushed review Page 4

  5. Review Goals • Perform sampled assessment (i.e., not exhaustive) of • Design • Analysis • Parts issues • Not intended to be complete analysis Page 5

  6. Design Requirements • Mission life very short, with high reliability requirements • Storage time very long, up to 30 years • Difficult environment: temperature, vibration, EMI Page 6

  7. Review Conclusions • Contractor staff was not intimately familiar with the details of the design • Analyses performed on it were deficient • Contractor was not able to defend its questionable elements. • Design was not consistent with a long-life, safety-critical mission requiring highly reliable electronics. Page 7

  8. Technical Issues • Violations of part manufacturers’ specifications • Questionable circuit design practices • Circuits not meeting a cursory worst case analysis • Contractor unable to explain tool reports, state machine encodings, JTAG operation • Single point and common mode failures not considered • Questionable parts choices (e.g., 74xx vs. 54xx) • BIT did not test MAX9000 • Large number of test failures (15 out of 250 boards), most attributed to MAX9000 programming failures (Altera guarantees 100% programmability) Page 8

  9. Factors Contributing to Project Problems • Original contractor group had been sold to another company and moved to another state • Few original engineers followed the project • Continuity of project was lost • New contractor not fully cognizant of design • Worst case analysis not a contractual requirement • Consequently was not done • Contractor did not require it internally • Customer technical monitoring insufficient Page 9

  10. Sale of Design Contractor • Customers should: • Be aware of corporate and staffing changes • Work to maintain project continuity • Purchasing contractors should: • Scrutinize purchased projects • Require continuity-supporting documentation • Not expect continuity to be maintained by acquisition of project employees • Selling contractors should maintain continuity • Guards against unexpected loss of key personnel Page 10

  11. Missing Worst Case Analysis • WCA should be a contractually required deliverable for all systems • Contractors should require internally that all systems receive a WCA • Most important element of mission success assurance • Important for maintaining project continuity Page 11

  12. Deficient Monitoring • Customers should perform detailed monitoring • Supports mission success • Enhances project continuity • Customer visibility should be spelled out in contract Page 12

  13. Judging Review’s Success • Review was considered successful because: • Technical issues found before system delivered • Contractor agreed with assessment Page 13

  14. Factors Contributing to Review’s Success • Air Force did not mediate between IAT and contractor during review • Did not try to direct review • Did not try to protect contractor • Not always the case in reviews • Criticality of system made: • Contractor less likely to gloss over errors? • Customer more likely to listen to concerns? Page 14

  15. Lessons Learned • Customers should be proactive in maintaining program continuity • WCA should be contractual requirement • Technical monitoring should be more proactive • Project personnel should be encouraged to “stick to their guns” when concerned about an issue • Mission success depends on everyone believing that mission success is more important than any other goal. Page 15

More Related