Pursuit of Excellence- Value-Added auditing -

SAE AS9100 Auditor Workshop

July 30, 2009

Brian Hughitt, NASA Headquarters

Office of Safety and Mission Assurance

What has been done will be done again.There is nothing new under the sun.

Is there anything of which one can say,“Look this is something new”?It was here already long ago.It was here before our time.

King Solomon1000 BC

USS THRESHER

First in her classShe was fast, quiet, and deep diving

The leading edge of US Submarine Technology

Apollo 1 Command Module

First in her classShe was much larger & far more complex

than any previous design

The leading edge of US Spacecraft Technology

Loss of the USS THRESHER

On April 10, 1963, while engaged in a deep test dive 220 miles east of Cape Cod, MA, the USS THRESHER was lost at sea, settling at a depth of 8400 feet with all aboard

The crew of 112 Naval Officers and Enlisted personnel and 7 civilians perished

Loss of the Apollo 1 Command Module

Contributing Causal Factors- Inadequate Workmanship -

THRESHER

Improperly brazed pipe joint

Apollo 1

“The board found numerous examples in the wiring of poor installation and poor workmanship”.

Contributing Causal FactorsInadequate Fabrication Processes

THRESHER

Brazed piping joints exposed to full submergence pressure

Apollo 1

Teflon wire coating could be easily damaged or penetrated by abrasion

Contributing Causal Factors- Ineffective Quality Assurance -

USS THRESHER

Portsmouth Naval Shipyard inspectors using newly developed ultrasonic testing techniques identified numerous instances of faulty brazed joints. Many brazed joints on the THRESHER were never UT’d.

Apollo 1

Kennedy Space Center inspectors cited multiple instances of deficient parts, equipment, and workmanship.

Contributing Causal FactorsVulnerable Design

Inadequate Emergency RecoveryUnforeseen Failure Mode

THRESHER

• Reactor shutdown• Impaired access to vital

equipment• Compromised ballast

tank blow

Apollo 1

• Single gas atmosphere• Flammable materials• Inward opening hatch

Vacuum Chamber thought to have been a pressure vessel

SL-1 Reactor, Idaho

BP Refinery, Texas

Big Dig, Boston

Montana

All of these events were terrible tragedies

All of these events were completely avoidable

Quality System Weaknesses

The marked boxes indicate ineffective QMS elements and a failure of quality assurance auditing to identify & correct these shortcomings.

Requirements

Design

Quality Assurance

When Events Line Up, the Consequences Can Be Devastating

Adapted from : James Reason, Managing the Risks of Organizational Accidents, 1997, p. 12

Mishap

Manufacturing

Test

Operations

Hazard

Procedures and inspections are often added to “correct” issues that are symptoms, this is the often the least effective way to manage risk.

Failure to effectively respond, failure to put cost or schedules aside to prevent risk, lack of communication, risk management plans, noncompliance or fear of raising issues are signs of a failing quality system.

All quality professionals should be system health monitors.

Three Rules:

1. Be attuned: Know your internal quality system weaknesses, andbe continually working to remedy them.

2. Be attentive: Know your external quality risks, and be continuallyworking to mitigate them.

3. Step back and connect the dots…Look for intangible influences on product quality.Become a student of quality system failures.

19

Removed for copyright protection

20

Removed for copyright protection

The Two Modes of Mishap Prevention

Become a student of quality system failures.

23

NASA System Safety Case Studieshttp://pbma.nasa.gov/index.php?fuseaction=pbma.main&cid=584

Zinc Whiskers on Hot Dip Galvanized Steel Pipe

Tin Whisker on Electromagnetic RelayShorting Terminal to Case

External Quality Risks

25

“Unglamorous as the work sounds - and indeed is – the whole business of maintaining human life in the air comes down to thinking and rethinking about curious and fiddlesome problems of this order.”

Paul EddyDestination Disaster

To improve life here,To extend life to there,To find life beyond.

27

Marking indicates an Op Amp from ADI…

… but contains die for a Voltage Reference from PMI

Evidence of prior marking for a part with inferior performance …

… accompanied by bogus test report

Device lead condition shows parts were used

Part number indicates a CLCC package, but this package is a CDP…

Counterfeiting

Retopping Remarking

GIDEP Counterfeit Report Submissions

0

10

20

30

40

50

1976 1978 1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000 2002 2004 2006 2008

Year

Rep

orts

28

29

Separate the vital few from the trivial many

Joseph Juran

30

… mitigate risks associated with noncompliance. Risk considers the likelihood of noncompliance and the consequences associated with noncompliance, including the maturity, complexity, criticality, and value of work performed …

31

… attain confidence levels that are commensurate with the severity of consequences that would be incurred in the event of noncompliance.

32

… periodically reevaluated and adjusted based on changes to risk factors.

33

AS9100: 2009A New (and needed) Focus on Risk

7.1.2 Risk Management

The organization shall establish, implement and maintain a process for managing risk to the achievement of applicable requirements, that includes as appropriate to the organization and the product

a) assignment of responsibilities for risk management,b) definition of risk criteria (e.g., likelihood, consequences, risk

acceptance),c) identification, assessment and communication of risks throughout

product realization,d) identification, implementation and management of actions to

mitigate risks that exceed the defined risk acceptance criteria, e) acceptance of risks remaining after implementation of mitigating

actions.

critical items … key characteristics … special requirements

35

The Stakes….The Stakes

http://www.washingtonpost.com/wp-dyn/content/print/asection/index.html

37

38

39

"The society which scorns excellence in plumbing because plumbing is a humble activity and tolerates shoddiness in philosophy because it is an exalted activity will have neither good plumbing nor good philosophy. Neither its pipes nor its theories will hold water."

John Gardner

Back-Up slides

42

Counterfeit Parts Examples

Backtop peeling away. Sand marks evident

Acetone Swipe

National Semiconductor does not use “ : ” in part numbers

New versus Refurbished leads

Missing Serial Number

Dual Markings

BusinessWeek Video Clip

http://www.businessweek.com/magazine/content/08_41/b4103034193886.htm?chan=top+news_top+news+index+-+temp_top+story

44

Product ImpactGIDEP Counterfeit Case Summaries

Tools & Resources to Combat Counterfeiting

Tools & Resources (cont)