itar restricted data 1themis mission cdr 6/18/04 system safety overview wbs element...

1ITAR Restricted DataTHEMIS Mission CDR 6/18/04

System Safety OverviewWBS Element 00536.2.2.1.2.1.02.02

Tim [email protected]

(301)902-4019


Outline

Systems Safety Peer Review - RFAs and Suggestions THEMIS Safety Policy/Purpose/Mission Statement Organizational Functions Documentation Approval Flow Safety Program Milestones Integrated Hazard Assessments Safety Working Group Industrial Safety Mishap Reporting Hazard Reports EWR 127-1 Tailoring


Safety Peer Review

Systems Safety Peer Review - May 28, 2004– FIRST known Safety Peer Review of a GSFC Explorers Office Probe– Received 6 1/2 RFAs and 3 Suggestions

Safe-001 - Systems Safety Program Plan (SSPP) is outstandingAction - Conditional Approval should be obtained before Mission CDRStatus - Complete

Safe-001a- Current SSPP lacks details regarding Tailoring of EWR 127-1Action - Include details on tailoring in the SSPPStatus - Complete and Closed

Safe-002 - EWR127-1 requires System Safety Process est. early in designAction - GSFC Explorers office will facilitate coordination and communication with KSC and Range

Status - Closed (see Safe-004)

Safe-003 - EWR 127-1 Tailoring has not been appr/submitted to Range.Action - Complete Tailoring dealing with design issues prior to CDRStatus - Closed


Safety Peer Review

– Continuing with RFA Status

Safe-004 - No detailed forum for safety communication between all partiesAction - Establish a Safety Working group (detailed later in presentation)Status - Complete (first telecom meeting on 6/9/04) and Closed

Safe-005 - Determination of Risk Mitigation levelsAction - Determine Risk Levels for RCS systemStatus - Incomplete

Safe-006 - Survivability of inadvertent RCS Pressurant ReleaseAction - Confirm effectiveness of 2 mech inhibits; verify max thermal condition for

remaining phases will not over pressurize systemStatus - Incomplete


Safety Peer Review

– Safety Peer Review Suggestions

Suggestion - Develop a clearer format for Hazard Reports that demonstrates better tracking of verification

Status - On going

Suggestion - Hazard Reports for operations not shown during review Status - The THEMIS mission will produce Hazard Reports for ground

operations as needed. Reports with a Catastrophic or Critical Severity ranking will be included in the MSPSP.

Suggestion - Formalize Safety Verification Tracking Log Status - This has been included into the latest version of the SSPP


Safety Policy

THEMIS Safety Policy 1. To provide a safe work place for all personnel and operations.

2. All accidents and incidents are preventable.

3. The THEMIS Program places safety before cost and schedule. If it is not safe, stop work immediately and notify your supervisor.

4. The THEMIS Program uses an organized and systematic approach to identify and control potential hazards, measure the safety risks associated with all hazards and provide risk assessment and risk mitigation plans to management.


Systems Safety Program

Purpose: 1. Identifies and details the safety systems and methods that will be

implemented during all phases of the THEMIS Mission.

2. Identify, evaluate and document all risks and hazards in order to eliminate or control them within the cost, schedule and technical constraints of the program.

3. Ensure that additional risks are not introduced during the design, production, integration and testing phases.


Safety is a Priority of every person Working on the THEMIS Mission.

Therefore, every person working on the THEMIS Mission is part of the

THEMIS MISSION SAFETY TEAM!

THEMIS Mission Safety Team Mission Statement


THEMIS Safety Organization FunctionsThe NASA Explorers Office is the Range User. As such, the Explorers Office is responsible for submitting all required safety documentation and obtaining all necessary Range Safety approvals.

Under the direction of UCB, Swales is responsible for all Safety Engineer Tasks. Under the guidance of Safety Representatives from the NASA Explorers Office, Swales will produce all required safety documentation in an approved form for Range Safety submittal.

Systems Safety Program Plan



Documentation Submittal/Approval

Flow

Swales UCB ExplorersOffice KSC

Formal Approval Flow

Allowable Pre-Review Flow

RangeSafety



THEMIS Safety Program

Milestones


Safety Deliverables

Safety System Milestones

Flow*EWR 127-1 Tailoring

NASA-STD-8719.8 Table5.1 Task # 1.3

EWR 127-1 1.5.4 (a)

Draft MSPSP SubmittalEWR 127-1 1F.2.2.1 (a)EWR 127.1 3.4.1.1 (a)

NASA-STD-8719.8 Table 5.1Task # 2.1

Launch - 12 Months

Final MSPSP Submitted to PSWGPayload Shipment - 45 days

PSWG CommentsCDR + 45 days

PSWG CommentsLaunch - 315 days

NASA Payload Organization Approval of MSPSPNASA-STD-8719.8 Table 5.1 Task # 4.2

Final MSPSP PreparationNASA-STD-8719.8 Table 5.1 Task # 4.1

Payload Shipment -120 days

Payload Safety Working Group TIMNASA-STD-8719.8 Table 5.1 Task # 4.3

Payload Shipment - 180 days

Develop System SafetyProgram Plan (Draft)

NASA-STD-8719.8 Table 5.1Task # 1.1

EWR 127-1 1.5.4 (b)EWR 127-1 1B.3 Task 2

Perform Subsystem HazardAnalyses

EWR 127-1 1B.2.2

Perform Preliminary HazardAnalyses

EWR 127-1 1B.2.1

Hazard ReportsControls Verified

Perform Operating andSupport Hazard Analyses

EWR 127-1 1B.2.4

MSPSP In this contextincludes the GOP andSupporting Documents

THEMIS Range SafetyDocumentation and

Review Process

*Tasks can be extended beyond the Mission CDR

Hazardous Procedures willbe prepared and submittedper EWR 127-1[T]

Mission OrientationNASA-STD-8719.8 Table 5.1 Task #1.2

EWR 127-1 1F.3.1(a)Confirmation Review +45 Days

System LevelFMECA’s

*Subsystem FMECA’s

Hazard ReportHazards Identified

*Hazard ReportsControls Established

Hazardous ProceduresPayload Ship - 90 Days

Mission PDRMSPSP Data PresentedEWR 127-1 1F.3.2 (a)

PSWG Meeting

Mission CDRInitial MSPSP SubmittalEWR 127-1 1F.3.3 (a)Final SSPP Submittal

Event 01

Event 02

Event 02a

Event 02b

Event 03Event 04

Event 04a Event 04b

Event 05

Event 06

Event 07 Event 08Event 10

Event 09

Event 08a

Event 11

Event 12Event 13

Event 14

PSWGMeeting


Safety System Milestones:(numbers shown correlate with event numbers from Milestone Flow)

01 System Safety Program Plan - Draft SUBMITTED02 Preliminary Hazard Analysis

a.System Level FMECA’s COMPLETEDb.System Level Hazard Identified COMPLETED

03 MSPSP Data Presented (CDR) - PSWG Meeting SUBMITTED04 Subsystem Hazard Analysis

a.Subsystem FMECA’s COMPLETEDb. Hazard Reports and Controls COMPLETED

05 EWR 127-1 Tailoring Final (Chapter 3 submitted, 1 and 6 by July 2)06 SSPP Final, Initial MSPSP, Hazard Reports SUBMITTED 07 Mission Orientation - PSWG Comments08 Operating and Support Analysis

Hazardous Procedures

Safety Deliverables


Safety System Milestones (continued):

09 Hazard Reports Controls Verified(on going (possibly thru launch)

10 MSPSP Draft Submittal (launch-315 days (11/05))11 Payload Safety Working Group TIM (payload ship-180days (12/05))12 MSPSP Final Submittal (payload ship-120 days (2/06))13 NASA Payload Organization Approval of MSPSP 14 Final MSPSP Submitted to PSWG (payload-45days (4/06))



Title Document Number Means of Delivery System Safety Program Plan This Document Hard Copy Eastern and Western Range Safety Policies and Processes – Tailored for the THEMIS Project (see section 4.2)

EWR 127-1 [T] Hard Copy

THEMIS Missile Systems Pre-Launch Safety Package

SAI-SFTY-TBD Hard Copy and CD-ROM Distribution

Hazard Reports Phased Completion

Hard Copy and Electronic

MHE List Part of MSPSP MHE Design and Initial Test Data Part of MSPSP MHE Single Point Failure List Part of MSPSP MHE NDE Plan Part of MSPSP RF Safety Interlock Test Plan SAI-PLAN-TBD Hard Copy RF Safety Interlock Test Results Part of MSPSP Safety Compliance Matrix Part of MSPSP RF Site Plan SAI-PLAN-TBD Hard Copy Radiation Protection Program RF User Request Authorization

Part of MSPSP

Launch Site Ground Operations Plan SAI-PLAN-0650 Hard Copy Hazardous Procedures SAI-PROC-TBD PDF Files


Deliverable Data



Non- Deliverable Data

Document or Data Document Location Format Range User SSPP Review PDF Subcontractor SSPP Reviews Work Order System Paper File Problem Records Paper File MHE Test Records Paper File MHE SFP Analyses Paper File


Integrated Hazard

Assessments




Hazard Identification ProcessesTOP Down System Hazard Analysis

During the first stages of the THEMIS design, a System Level Preliminary Hazard Analysis (PHA) was completed. This was completed in order to follow the Hazard Elimination/Mitigation Procedures

Bottom Up Subsystem Hazard AnalysisA Failure Modes and Effect Analysis (FMEA) is being performed which will include all possible sources of failure and their effects on both the subsystem and the system.

Operations & Support Hazard Analysis Used to identify potentially hazardous operations and critical GSE. Conducted using the final design, I&T Plan and Launch Site Ground Operations Plan. Output is the correct classifications of hazardous and non-hazardous operations for the Work Order Authorization process.



Hazard Analysis

The inputs to the Hazard Analysis are the PHA (system level), FMECA (subsystem level with respect to the system) and the Operations and Support Hazard Analysis. The products of the Hazard Analysis are the Hazard Reports

Hazard Reports will contain a Hazard Severity based on EWR 127-1 guidelines.All Hazard Reports with a Catastrophic and Critical severity rating will be

included in the MSPSP.

PHA

Controls HazardReports

HazardAnalysis

SubsystemDesign Verification

Requirements

FMECA

Mission

SystemDesign

Operations&SupportHazardAnalysis



Hazard Elimination/Mitigation Procedures

a. Eliminate Hazards by designb. Minimize or Negate Hazards through Designc. Install Safety Devicesd. Provide Protective Clothing and Equipmente. Install Caution and Warning Devicesf. Develop Administrative Controls including Special Proceduresg. Establish Controlled Areas



Hazardous OperationsThe System Safety Engineer, in addition to the Subsystem Lead Engineer, will ensure all controls are in place for any Hazardous Operations.

All operations will be governed by a Work Order system and the Safety Engineer will be a required sign off on any Hazardous Procedures.

Operation &SupportHazardAnalysis

HazardousProcedures Work Order

Authorization Operations

I&T Plan

Launch SiteGround

OperationPlan

Requirements

Verification

Meetingsand

Reviews

Non-HazardousProcedures

Work OrderAuthorization Operations

SignaturesI&T Manager,

Lead Resp. EngLead Mech. Eng.Lead Elect. Eng

Quality Eng.Safety Eng.

SignaturesI&T Manager,

Lead Resp. EngLead Mech. Eng.Lead Elect. Eng

Quality Eng.


Safety Working Group (SWG)

Purpose: Provide a forum where Safety Concerns and questions can be addressed with all agencies represented

Chaired by UCB (David King). Members include representatives from UCB, Swales, GSFC, KSC and the Range

Meet weekly (Wednesday 3pm (eastern))

Weekly agenda items will include deliverable documentation and Safety Program Schedule

An Issues and Actions List will be created and updated at each meeting. SWG Chairperson will maintain this list


Industrial Safety

Swales– Well established, OSHA Compliant program at Swales (Barry

McCarthy)– Standard Operating Procedure (SAI-HAS-0001) governs all work at any

Swales facilities– Industrial Safety Specialist will be used for all safety training/cert.,

protective clothing, hazardous material storage, incident reporting and safety audits

Other Facilities– Swales will work with GSFC, Astrotech and the Range to verify that we

are in compliance with the applicable facility Safety Operating Procedure


Mishap Reporting

Swales company policy that all accidents, incidents and close call occurrences will be reported– Swales Safety and Health Manual (SAI-HAS-0001)

NASA facilities – Processing Mishap, Incident and Close Call Reports (GPG-8621.2)

Mishap Type Classification

Details

Type A Mishap Death or 3 in-patient hospitalizations within 30 days or Property damage or loss X > $1M

Type B Mishap Disability or <3 in-hospitalizations within 30 days or Property damage or loss $250< X <$1M

Type C Mishap Lost workday or Property damage or loss $25k< X <$250k

Incident Injury requiring more than first aid or Property damage or loss $1k< X < $25k

Close Call Unplanned occurrence with no injury that had the potential to become a Mishap.


Hazard Report

Preliminary Hazard Reports have been generated– Swales generated bus hazard reports in THEMIS standard format in a

single excel database– Swales generated additional mechanical subsystem hazard reports in

KSC shuttle format using word files– Swales generated additional I&T hazard reports in KSC shuttle format

using word files– UCB generated instrument hazard reports in THEMIS standard format in

a single excel database Plan to consolidate all hazard reports in the THEMIS

standard format in a single excel database prior to CDR– Update data, complete all sections and standardize format


Hazard Report Summary


Tailoring Sheets: Tailoring is conducted in to order to produce an EWR 127-1 document that is specific to THEMIS.

Chapter 3 - Gone through a review process (between UCB, Swales and GSFC). 56 Tailoring Items have received preliminary approval to be forwarded onto KSC (and then to the Range)

• Majority of tailoring sheets deleted sections that did not apply to THEMIS.

Chapters 1 and 6 will be completed by July 2

Tailoring


Back Up Slides



Organization

THEMIS Safety Team



University of California, Berkeley Safety OrganizationPrincipal Investigator: Vassilis Angelopoulos

Project Manager: Peter Harvey Deputy Project Manager: David King

Mission Assurance Manager: Ron Jackson Mission Systems Engineer: Ellen Taylor Lead Mechanical Engineer: Paul Turin

Integration and Test: Rick Sterling


Program Manager: Mike Cully Safety Program Engineer: Tim KeepersIndustrial Safety Specialist: Barry McCarthy Electrical Safety: Bob Kraeuter, Ginger RobinsonMechanical Safety: Chris Lashley, Rob Eppler, K.Hylan Systems Safety: Tom Ajluni, Kevin Brenneman W.ChenSoftware Safety: Steve Hammers, Chris Xenophontos

I&T Safety: Marc Kaylor EGSE Safety: Tammy Faulkner RCS Safety: Mike McCulloughRF Safety: Jim JewACS Safety: Richard LeBoeuf Thermal Safety: Rommel Zara

Swales Aerospace Safety Organization


NASA GSFC Explorers OfficeMission Manager: Frank SnowObservatory Manager: John ThurberSystems Assurance Manager: Ron PiersonExplorers Program Safety Manager: Jamie HarperExplorers Program Safety Engineer: Jamie Burget

NASA KSC/Range Safety?
