1ITAR Restricted DataTHEMIS Mission CDR 6/18/04
System Safety OverviewWBS Element 00536.2.2.1.2.1.02.02
(301)902-4019
2ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Outline
Systems Safety Peer Review - RFAs and Suggestions THEMIS Safety Policy/Purpose/Mission Statement Organizational Functions Documentation Approval Flow Safety Program Milestones Integrated Hazard Assessments Safety Working Group Industrial Safety Mishap Reporting Hazard Reports EWR 127-1 Tailoring
3ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Safety Peer Review
Systems Safety Peer Review - May 28, 2004– FIRST known Safety Peer Review of a GSFC Explorers Office Probe– Received 6 1/2 RFAs and 3 Suggestions
Safe-001 - Systems Safety Program Plan (SSPP) is outstandingAction - Conditional Approval should be obtained before Mission CDRStatus - Complete
Safe-001a- Current SSPP lacks details regarding Tailoring of EWR 127-1Action - Include details on tailoring in the SSPPStatus - Complete and Closed
Safe-002 - EWR127-1 requires System Safety Process est. early in designAction - GSFC Explorers office will facilitate coordination and communication with KSC and Range
Status - Closed (see Safe-004)
Safe-003 - EWR 127-1 Tailoring has not been appr/submitted to Range.Action - Complete Tailoring dealing with design issues prior to CDRStatus - Closed
4ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Safety Peer Review
– Continuing with RFA Status
Safe-004 - No detailed forum for safety communication between all partiesAction - Establish a Safety Working group (detailed later in presentation)Status - Complete (first telecom meeting on 6/9/04) and Closed
Safe-005 - Determination of Risk Mitigation levelsAction - Determine Risk Levels for RCS systemStatus - Incomplete
Safe-006 - Survivability of inadvertent RCS Pressurant ReleaseAction - Confirm effectiveness of 2 mech inhibits; verify max thermal condition for
remaining phases will not over pressurize systemStatus - Incomplete
5ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Safety Peer Review
– Safety Peer Review Suggestions
Suggestion - Develop a clearer format for Hazard Reports that demonstrates better tracking of verification
Status - On going
Suggestion - Hazard Reports for operations not shown during review Status - The THEMIS mission will produce Hazard Reports for ground
operations as needed. Reports with a Catastrophic or Critical Severity ranking will be included in the MSPSP.
Suggestion - Formalize Safety Verification Tracking Log Status - This has been included into the latest version of the SSPP
6ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Safety Policy
THEMIS Safety Policy 1. To provide a safe work place for all personnel and operations.
2. All accidents and incidents are preventable.
3. The THEMIS Program places safety before cost and schedule. If it is not safe, stop work immediately and notify your supervisor.
4. The THEMIS Program uses an organized and systematic approach to identify and control potential hazards, measure the safety risks associated with all hazards and provide risk assessment and risk mitigation plans to management.
7ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Systems Safety Program
Purpose: 1. Identifies and details the safety systems and methods that will be
implemented during all phases of the THEMIS Mission.
2. Identify, evaluate and document all risks and hazards in order to eliminate or control them within the cost, schedule and technical constraints of the program.
3. Ensure that additional risks are not introduced during the design, production, integration and testing phases.
8ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Safety is a Priority of every person Working on the THEMIS Mission.
Therefore, every person working on the THEMIS Mission is part of the
THEMIS MISSION SAFETY TEAM!
THEMIS Mission Safety Team Mission Statement
9ITAR Restricted DataTHEMIS Mission CDR 6/18/04
THEMIS Safety Organization FunctionsThe NASA Explorers Office is the Range User. As such, the Explorers Office is responsible for submitting all required safety documentation and obtaining all necessary Range Safety approvals.
Under the direction of UCB, Swales is responsible for all Safety Engineer Tasks. Under the guidance of Safety Representatives from the NASA Explorers Office, Swales will produce all required safety documentation in an approved form for Range Safety submittal.
Systems Safety Program Plan
10ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Systems Safety Program Plan
Documentation Submittal/Approval
Flow
Swales UCB ExplorersOffice KSC
Formal Approval Flow
Allowable Pre-Review Flow
RangeSafety
11ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Systems Safety Program Plan
THEMIS Safety Program
Milestones
12ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Safety Deliverables
Safety System Milestones
Flow*EWR 127-1 Tailoring
NASA-STD-8719.8 Table5.1 Task # 1.3
EWR 127-1 1.5.4 (a)
Draft MSPSP SubmittalEWR 127-1 1F.2.2.1 (a)EWR 127.1 3.4.1.1 (a)
NASA-STD-8719.8 Table 5.1Task # 2.1
Launch - 12 Months
Final MSPSP Submitted to PSWGPayload Shipment - 45 days
PSWG CommentsCDR + 45 days
PSWG CommentsLaunch - 315 days
NASA Payload Organization Approval of MSPSPNASA-STD-8719.8 Table 5.1 Task # 4.2
Final MSPSP PreparationNASA-STD-8719.8 Table 5.1 Task # 4.1
Payload Shipment -120 days
Payload Safety Working Group TIMNASA-STD-8719.8 Table 5.1 Task # 4.3
Payload Shipment - 180 days
Develop System SafetyProgram Plan (Draft)
NASA-STD-8719.8 Table 5.1Task # 1.1
EWR 127-1 1.5.4 (b)EWR 127-1 1B.3 Task 2
Perform Subsystem HazardAnalyses
EWR 127-1 1B.2.2
Perform Preliminary HazardAnalyses
EWR 127-1 1B.2.1
Hazard ReportsControls Verified
Perform Operating andSupport Hazard Analyses
EWR 127-1 1B.2.4
MSPSP In this contextincludes the GOP andSupporting Documents
THEMIS Range SafetyDocumentation and
Review Process
*Tasks can be extended beyond the Mission CDR
Hazardous Procedures willbe prepared and submittedper EWR 127-1[T]
Mission OrientationNASA-STD-8719.8 Table 5.1 Task #1.2
EWR 127-1 1F.3.1(a)Confirmation Review +45 Days
System LevelFMECA’s
*Subsystem FMECA’s
Hazard ReportHazards Identified
*Hazard ReportsControls Established
Hazardous ProceduresPayload Ship - 90 Days
Mission PDRMSPSP Data PresentedEWR 127-1 1F.3.2 (a)
PSWG Meeting
Mission CDRInitial MSPSP SubmittalEWR 127-1 1F.3.3 (a)Final SSPP Submittal
Event 01
Event 02
Event 02a
Event 02b
Event 03Event 04
Event 04a Event 04b
Event 05
Event 06
Event 07 Event 08Event 10
Event 09
Event 08a
Event 11
Event 12Event 13
Event 14
PSWGMeeting
13ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Safety System Milestones:(numbers shown correlate with event numbers from Milestone Flow)
01 System Safety Program Plan - Draft SUBMITTED02 Preliminary Hazard Analysis
a.System Level FMECA’s COMPLETEDb.System Level Hazard Identified COMPLETED
03 MSPSP Data Presented (CDR) - PSWG Meeting SUBMITTED04 Subsystem Hazard Analysis
a.Subsystem FMECA’s COMPLETEDb. Hazard Reports and Controls COMPLETED
05 EWR 127-1 Tailoring Final (Chapter 3 submitted, 1 and 6 by July 2)06 SSPP Final, Initial MSPSP, Hazard Reports SUBMITTED 07 Mission Orientation - PSWG Comments08 Operating and Support Analysis
Hazardous Procedures
Safety Deliverables
14ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Safety System Milestones (continued):
09 Hazard Reports Controls Verified(on going (possibly thru launch)
10 MSPSP Draft Submittal (launch-315 days (11/05))11 Payload Safety Working Group TIM (payload ship-180days (12/05))12 MSPSP Final Submittal (payload ship-120 days (2/06))13 NASA Payload Organization Approval of MSPSP 14 Final MSPSP Submitted to PSWG (payload-45days (4/06))
Systems Safety Program Plan
15ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Title Document Number Means of Delivery System Safety Program Plan This Document Hard Copy Eastern and Western Range Safety Policies and Processes – Tailored for the THEMIS Project (see section 4.2)
EWR 127-1 [T] Hard Copy
THEMIS Missile Systems Pre-Launch Safety Package
SAI-SFTY-TBD Hard Copy and CD-ROM Distribution
Hazard Reports Phased Completion
Hard Copy and Electronic
MHE List Part of MSPSP MHE Design and Initial Test Data Part of MSPSP MHE Single Point Failure List Part of MSPSP MHE NDE Plan Part of MSPSP RF Safety Interlock Test Plan SAI-PLAN-TBD Hard Copy RF Safety Interlock Test Results Part of MSPSP Safety Compliance Matrix Part of MSPSP RF Site Plan SAI-PLAN-TBD Hard Copy Radiation Protection Program RF User Request Authorization
Part of MSPSP
Launch Site Ground Operations Plan SAI-PLAN-0650 Hard Copy Hazardous Procedures SAI-PROC-TBD PDF Files
Systems Safety Program Plan
Deliverable Data
16ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Systems Safety Program Plan
Non- Deliverable Data
Document or Data Document Location Format Range User SSPP Review PDF Subcontractor SSPP Reviews Work Order System Paper File Problem Records Paper File MHE Test Records Paper File MHE SFP Analyses Paper File
17ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Integrated Hazard
Assessments
Systems Safety Program Plan
18ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Systems Safety Program Plan
Hazard Identification ProcessesTOP Down System Hazard Analysis
During the first stages of the THEMIS design, a System Level Preliminary Hazard Analysis (PHA) was completed. This was completed in order to follow the Hazard Elimination/Mitigation Procedures
Bottom Up Subsystem Hazard AnalysisA Failure Modes and Effect Analysis (FMEA) is being performed which will include all possible sources of failure and their effects on both the subsystem and the system.
Operations & Support Hazard Analysis Used to identify potentially hazardous operations and critical GSE. Conducted using the final design, I&T Plan and Launch Site Ground Operations Plan. Output is the correct classifications of hazardous and non-hazardous operations for the Work Order Authorization process.
19ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Systems Safety Program Plan
Hazard Analysis
The inputs to the Hazard Analysis are the PHA (system level), FMECA (subsystem level with respect to the system) and the Operations and Support Hazard Analysis. The products of the Hazard Analysis are the Hazard Reports
Hazard Reports will contain a Hazard Severity based on EWR 127-1 guidelines.All Hazard Reports with a Catastrophic and Critical severity rating will be
included in the MSPSP.
PHA
Controls HazardReports
HazardAnalysis
SubsystemDesign Verification
Requirements
FMECA
Mission
SystemDesign
Operations&SupportHazardAnalysis
20ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Systems Safety Program Plan
Hazard Elimination/Mitigation Procedures
a. Eliminate Hazards by designb. Minimize or Negate Hazards through Designc. Install Safety Devicesd. Provide Protective Clothing and Equipmente. Install Caution and Warning Devicesf. Develop Administrative Controls including Special Proceduresg. Establish Controlled Areas
21ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Systems Safety Program Plan
Hazardous OperationsThe System Safety Engineer, in addition to the Subsystem Lead Engineer, will ensure all controls are in place for any Hazardous Operations.
All operations will be governed by a Work Order system and the Safety Engineer will be a required sign off on any Hazardous Procedures.
Operation &SupportHazardAnalysis
HazardousProcedures Work Order
Authorization Operations
I&T Plan
Launch SiteGround
OperationPlan
Requirements
Verification
Meetingsand
Reviews
Non-HazardousProcedures
Work OrderAuthorization Operations
SignaturesI&T Manager,
Lead Resp. EngLead Mech. Eng.Lead Elect. Eng
Quality Eng.Safety Eng.
SignaturesI&T Manager,
Lead Resp. EngLead Mech. Eng.Lead Elect. Eng
Quality Eng.
22ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Safety Working Group (SWG)
Purpose: Provide a forum where Safety Concerns and questions can be addressed with all agencies represented
Chaired by UCB (David King). Members include representatives from UCB, Swales, GSFC, KSC and the Range
Meet weekly (Wednesday 3pm (eastern))
Weekly agenda items will include deliverable documentation and Safety Program Schedule
An Issues and Actions List will be created and updated at each meeting. SWG Chairperson will maintain this list
23ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Industrial Safety
Swales– Well established, OSHA Compliant program at Swales (Barry
McCarthy)– Standard Operating Procedure (SAI-HAS-0001) governs all work at any
Swales facilities– Industrial Safety Specialist will be used for all safety training/cert.,
protective clothing, hazardous material storage, incident reporting and safety audits
Other Facilities– Swales will work with GSFC, Astrotech and the Range to verify that we
are in compliance with the applicable facility Safety Operating Procedure
24ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Mishap Reporting
Swales company policy that all accidents, incidents and close call occurrences will be reported– Swales Safety and Health Manual (SAI-HAS-0001)
NASA facilities – Processing Mishap, Incident and Close Call Reports (GPG-8621.2)
Mishap Type Classification
Details
Type A Mishap Death or 3 in-patient hospitalizations within 30 days or Property damage or loss X > $1M
Type B Mishap Disability or <3 in-hospitalizations within 30 days or Property damage or loss $250< X <$1M
Type C Mishap Lost workday or Property damage or loss $25k< X <$250k
Incident Injury requiring more than first aid or Property damage or loss $1k< X < $25k
Close Call Unplanned occurrence with no injury that had the potential to become a Mishap.
25ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Hazard Report
Preliminary Hazard Reports have been generated– Swales generated bus hazard reports in THEMIS standard format in a
single excel database– Swales generated additional mechanical subsystem hazard reports in
KSC shuttle format using word files– Swales generated additional I&T hazard reports in KSC shuttle format
using word files– UCB generated instrument hazard reports in THEMIS standard format in
a single excel database Plan to consolidate all hazard reports in the THEMIS
standard format in a single excel database prior to CDR– Update data, complete all sections and standardize format
26ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Hazard Report Summary
27ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Tailoring Sheets: Tailoring is conducted in to order to produce an EWR 127-1 document that is specific to THEMIS.
Chapter 3 - Gone through a review process (between UCB, Swales and GSFC). 56 Tailoring Items have received preliminary approval to be forwarded onto KSC (and then to the Range)
• Majority of tailoring sheets deleted sections that did not apply to THEMIS.
Chapters 1 and 6 will be completed by July 2
Tailoring
28ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Back Up Slides
Systems Safety Program
29ITAR Restricted DataTHEMIS Mission CDR 6/18/04
Organization
THEMIS Safety Team
Systems Safety Program
30ITAR Restricted DataTHEMIS Mission CDR 6/18/04
University of California, Berkeley Safety OrganizationPrincipal Investigator: Vassilis Angelopoulos
Project Manager: Peter Harvey Deputy Project Manager: David King
Mission Assurance Manager: Ron Jackson Mission Systems Engineer: Ellen Taylor Lead Mechanical Engineer: Paul Turin
Integration and Test: Rick Sterling
Systems Safety Program Plan
Program Manager: Mike Cully Safety Program Engineer: Tim KeepersIndustrial Safety Specialist: Barry McCarthy Electrical Safety: Bob Kraeuter, Ginger RobinsonMechanical Safety: Chris Lashley, Rob Eppler, K.Hylan Systems Safety: Tom Ajluni, Kevin Brenneman W.ChenSoftware Safety: Steve Hammers, Chris Xenophontos
I&T Safety: Marc Kaylor EGSE Safety: Tammy Faulkner RCS Safety: Mike McCulloughRF Safety: Jim JewACS Safety: Richard LeBoeuf Thermal Safety: Rommel Zara
Swales Aerospace Safety Organization
31ITAR Restricted DataTHEMIS Mission CDR 6/18/04
NASA GSFC Explorers OfficeMission Manager: Frank SnowObservatory Manager: John ThurberSystems Assurance Manager: Ron PiersonExplorers Program Safety Manager: Jamie HarperExplorers Program Safety Engineer: Jamie Burget
NASA KSC/Range Safety?
Systems Safety Program Plan