160 likes | 393 Views
S&MA Overview Code 321: Systems Safety Branch. Name: Bo Lewis Title: Branch Head Office: Systems Safety Branch Tel: 301-286-7123 Email: bo.lewis@nasa.gov. Why Do We Need Safety?. Ariane V. Challenger. Delta II. NOAA N’. Columbia.
E N D
S&MA OverviewCode 321: Systems Safety Branch Name: Bo Lewis Title: Branch Head Office: Systems Safety Branch Tel: 301-286-7123 Email: bo.lewis@nasa.gov
Why Do We Need Safety? Ariane V Challenger Delta II NOAA N’ Columbia “If eternal vigilance is the price of liberty, then chronic unease is the price of safety." James Reason, “Managing the Risk of Organizational Accidents”
GSFC SAFETY ORGANIZATIONS Greenbelt Flight Systems Safety (Code 321) Lift Devices & Pressure Vessels Recertification (Code 540) Institutional Safety (Code 350) Director Safety & Mission Assurance (Code 300) System Safety & Occ Safety & Health (Wallops) (Code 803) Greenbelt I&T Facility Safety Lab Safety (Code 500)
Bo Lewis Branch Head Bob Dedalis CSO (RESTORE) PSM (TDRS K) Carol Hamilton PSM (NPP, JPSS, OSIRIS REx) LADEE SWG Chair Susie Pollard PSM (JWST, MOMA, SO) Angela Melito Deputy CSO (LADEE) Jana Rezac PSM (GOES R, Flt & Grnd, SGSS) Paul Gibbons PSM (LDCM, TIRS, MMS, Astro H) Will Conn PSM (GPM, LADEE Inst) Phillip Adkins PSE (RESTORE, CATS, GEMS) Shandy McMillian PSM (ICESAT 2, RBSP, SPP) Systems Safety Branch (Code 321) Steve Leiter PSM (MAVEN, IRIS) Michelle Perez PSE (MMS, GOES R, SMAP)
Code 321 Systems Safety Branch (SSB) Charter • Support implementation of systems safety over the program life cycle for GSFC managed space flight missions. • Life cycle for system safety analysis is Phase A up through safe separation from launch vehicle – after that it’s mission success • Early identification and resolution of safety related issues. • Safety can then be effectively addressed to better support the Projects’ challenge of managing mission risk with respect to both cost and schedule constraints. • The office provides Project Safety Managers to each project to assist in • defining and interpreting safety requirements • developing solutions to safety issues to enhance the likelihood of safely achieving mission success. • The SSB works to policy guidelines set by NASA Headquarters and the Center, and to safety implementation requirements set by the Agency, OSHA, the ISS Program Office and the various launch range authorities (AF, ESA, JAXA, etc.). • NPR 8715.3, NASA General Safety Program Requirements • NPR 8715.7, “Expendable Launch Vehicle Payload Safety Program” • NASA-STD-8719.xx “NASA Expendable Launch Vehicle Payload Safety Requirements” • NASA tailored version of AFSPCMAN 91-710, “Range Safety User Requirements” • KNPR 8715.3, “KSC Safety Practices Procedural Requirements” • NASA-STD-8719.14, “Process for Limiting Orbital Debris”
System Safety Principles Hazard Reduction Precedence Sequence • Design for Minimum Hazard • Inherent safety through selection of appropriate design features as fail-operational/fail-safe combinations and appropriate safety factors • Hazards shall be eliminated by design where possible • Damage control, containment, and isolation of potential hazards shall be included in design considerations • Safety Devices • Hazards that cannot be eliminated through design selection shall be reduced to an acceptable level through the use of appropriate safety devices as part of the system, subsystem, or equipment • Relief devices, interlocks, safe/arm devices, protective barriers, etc. • Warning Devices • Employed for the timely detection of the hazardous condition and the generation of an adequate warning signal • Alarms, signs, etc. • Special Procedures • Includes personal protective equipment as well as written procedures • Least effective because dependent on human factors & behavior, which are often unpredictable
System Safety Principles cont’d… • If a system failure may lead to a catastrophic hazard, the system shall have 3 independent, verifiable inhibits (dual failure tolerant). • A catastrophic hazard is defined as a condition that may cause: • death or permanently disabling injury, major system or facility destruction on the ground, or mission loss during operations. • If a system failure may lead to a critical hazard, the system shall have 2 independent, verifiable inhibits (single failure tolerant). • A critical hazard is defined as a condition that may cause: • Severe injury or occupational illness, or major property damage to facilities, systems or flight hardware • Hazards which cannot be controlled by failure tolerance (e.g., structures, pressure vessels, etc.) are called "Design for Minimum Risk" areas of design. • Separate, detailed safety requirements • Hazard controls related to these areas are extremely critical • Warrant careful attention to the details of verification of compliance on the part of the developer.
System Safety Principles cont’d… What is an inhibit… • INHIBIT - A design feature that provides a physical interruption between an energy source and a function • Examples: a relay or transistor between a battery and a pyrotechnic initiator, a latch valve between a propellant tank and a thruster, etc. • INDEPENDENT INHIBIT - Two or more inhibits are independent if no single credible failure, event or environment can eliminate more than one inhibit.
Safety Data Packages Due (MSPSPs) Project Safety Activities • - I&T Safety Support • Track Closure of Verification Items • Final Risk Assessment • - Safety Certification • - Prelaunch Safety Support • - Verification of Hazard Controls • Updated Risk Assessment • - PSWG meeting support • - Design Assessment • Hazard Identification • Recommended Hazard Controls • Initial Risk Assessment • Range Safety reqts tailoring • Reqts Definition • Finalize MAR inputs • Safety Plan • Negotiate funding • Proposal Support • MAR inputs
Project Safety Functions • Negotiating range safety requirements (and potential tailoring) with the applicable launch range (AF & KSC) • Interpreting the range safety requirements to allow projects to meet them in cost efficient manner • Performing hazard analysis and implementing closed loop hazard tracking system to ensure all hazards are adequately controlled and verified • Support Project Reviews (PDR, CDR, PER, PSR) & Launch Site Reviews (GOWG, MIWG, etc.) • Documenting the design and analyses in Safety Data Packages to be sent to KSC and AF Range Safety for approval • Reviewing hazardous operating procedures & monitoring hazardous operations at GSFC I&T facility & at launch site • Providing technical support during the development and test of the mission hardware and software • Providing system safety certification letter to project to allow them to ship payload to launch site • Providing on-site safety coverage as necessary at the launch site
Impact on Mission Success • Systems Safety is critical to mission success, as identified hazards, if left uncontrolled, could lead to injury or death or loss/damage to mission hardware. • Project Safety Managers are part of the systems engineering team and are involved early on in the project lifecycle to ensure early identification of hazards and allow for timely elimination or control. • They interface on a regular basis with external organizations such as KSC & Air Force Range Safety to ensure payload is given approval to ship to launch site and eventually launch • System safety is paramount on manned missions, such as HST or ISS • JSC Payload Safety Review Panel (PSRP) is independent review panel and is major focus of project development activities for manned missions • HST Servicing Mission support has been excellent example of GSFC system safety impact on mission success • Design assessments, EVA task assessments, etc.