REG NASA-LLIS-1367-2002 Lessons Learned Scope of Safety Analysis.pdf

1、Lessons Learned Entry: 1367Lesson Info:a71 Lesson Number: 1367a71 Lesson Date: 2002-04-19a71 Submitting Organization: JSCa71 Submitted by: Steve Daniel/ Walter StoerkelSubject: Scope of Safety Analysis Abstract: Unavailable.Description of Driving Event: Background: In October 2001 the Payload Safety

2、 Review Panel (PSRP) conducted the phase III flight safety review for the Microgravity Science Glovebox (MSG) payload. During the safety review, the PSRP discovered that one of the MSG client payloads, a vibration attenuation device, did not address touch temperature hazards in the event of degradat

3、ion or loss of an ISS critical service - cooling by the ISS Moderate Temperature Loop (MTL). The client payload was mounted inside the MSG work volume and utilized the ISS Moderate Temperature Loop (MTL) for cooling. The payload organizations (PO) thermal analysis did not cover the MTL failure scena

4、rio. The PSRP directed the PO to perform additional thermal analysis for the MTL failure case. The new analysis revealed that the client payloads baseplate could reach a maximum temperature of 68 deg Celsius (154 deg Fahrenheit) which exceeded the NSTS/ISS 18798B Interpretation Letter (MA2-95-048) m

5、aximum allowable temperature (49 deg C) requirement for intentional crew contact. The client payload was therefore not ”safe without services” as required per the NSTS 1700.7B ISS Addendum. In order to protect the crew, the PO added a temperature strip and caution-warning sticker to its payload to s

6、erve as the second control of the touch temperature hazard. The MTL was the first control. With the addition of the temperature strip, the client payload now satisfied the NSTS 1700.7B ISS Addendum fault tolerance requirement for a critical hazard. The PO updated its standard payload hazard report t

7、o reflect the updated thermal analysis and new second control. In February 2002, the PSRP approved the client payload for flight (STS-111/UF-2). Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Root Cause: An integrated approach to the analysis, which

8、 would have included the potential for failure of critical services from outside the payload, was not thoroughly performed. The client PO did not include loss of services (MTL degradation or failure) in their original thermal analysis. This omission left a potential touch temperature hazard uncontro

9、lled after a single point failure. Lesson(s) Learned: Hazard analyses should consider critical interfaces and clearly identify any assumptions not subject to analysis.Recommendation(s): Hazard analyses should clearly identify any assumptions that limit the analysis scope. Assumptions should be asses

10、sed as a minimum during an integrated review. “Black box” analyses must clearly identify any services, conditions, circuitry, signals, or other active interface outside the box and a rationale presented for not including them in the analysis. The rationale will need to address failure scenarios and

11、contingency operations in addition to nominal operations. Evidence of Recurrence Control Effectiveness: N/ADocuments Related to Lesson: N/AMission Directorate(s): a71 Exploration Systemsa71 Sciencea71 Space Operationsa71 Aeronautics ResearchAdditional Key Phrase(s): a71 Configuration Managementa71 E

12、mergency Preparednessa71 Flight Equipmenta71 Flight Operationsa71 Ground EquipmentProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-a71 Ground Operationsa71 Hardwarea71 Independent Verification and Validationa71 Industrial Operationsa71 Launch Processa

13、71 Policy & Planninga71 Risk Management/Assessmenta71 Safety & Mission Assurancea71 Test & VerificationAdditional Info: Approval Info: a71 Approval Date: 2003-09-29a71 Approval Name: Ron Montaguea71 Approval Organization: JSCa71 Approval Phone Number: 281-483-8576Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-