1、Lessons Learned Entry: 0862Lesson Info:a71 Lesson Number: 0862a71 Lesson Date: 2000-05-22a71 Submitting Organization: ARCa71 Submitted by: Anthony BricenoSubject: 3.5-Foot Hypersonic Wind Tunnel Ceramic Bed Matrix Heater Mishap Description of Driving Event: Test personnel from the 3.5-foot Hypersoni
2、c Wind Tunnel facility, supported by personnel from the project phase 3 contractor, were conducting blowdown tests as a part of the Integrated Systems Testing (IST). The tests were being done to certify the operational status of the facility following a construction of facilities project for rehabil
3、itation of the facility. The mishap occurred seconds after the start of the 5th run of the day, at approximately 10:00 a.m. Four previous blowdown tests had been completed on that day without incident.Lesson(s) Learned: 1. The ceramic bed heater is especially vulnerable to excess differential pressu
4、re across the bed. Location of the lower pressure port created a single point failure that allowed the differential pressure to develop uncontrolled. Steps which could have been taken to prevent this mishap from occurring could have been more rigorous reviews, identifying the pressure ports in the v
5、essel as safety critical features, listing them as such on the fabrication drawings and in failure modes analyses, and assuring that inspection during construction was accomplished.2. Formal configuration management should commence immediately following design completion. This configuration manageme
6、nt may be tailored to the size and scope of the project. In cases of contracting for hardware or software systems, NASA should participate in or thoroughly audit the Contractors systems to assure adequate configuration controls.3. The Systems Engineering process, functioning in a project to define a
7、nd understand all system interfaces, is extremely important. It is even more important for rehabilitation type projects where interfaces between the old and the new systems can become critical.4. The Trial Run approach of IST for establishing differential pressure settings for safety limits offered
8、no provision for detecting system faults such as the incorrectly located pressure port. It could only have succeeded with a correctly functioning system. The test plan should have Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-provided predicted (ca
9、lculated) values of differential pressure across the orificed grate as a function of header pressure and valve position.5. Lines of authority and responsibility must be defined and functioning for a safe and successful ISH process. Project responsibility should extend through the IST process and unt
10、il the facility is recertified operational and returned to the operating organization.6. With known high incidence of errors in developmental software, a methodology should be implemented for simulation modeling of systems for software testing prior to putting research facilities at risk. Commercial
11、 software systems are available for these purposes.7. Real time recording and storage of run data for review and diagnostic use is very important whenever attempting the final validation of a control system and its associated software. It is extremely important when using actual system hardware to s
12、upport the validation process. The more dynamic the systems response to input, the greater the consequences of control system failure.8. Investigation of unexpected behavior of high energy or otherwise potentially dangerous systems should include support analyses or other positive causal verificatio
13、n which cannot result in detriment to the system, before proceeding with full system operation.Recommendation(s): 1. Inspect, repair and verify integrity of all internal heater vessel structures.2. Correct and relocate lower pressure port in the heater vessel to assure its location is well below the
14、 grate and any influence on the flow by the flow diverters.3. Perform another review of engineering and hazards analyses on all facility interfaces, with specific emphasis on interfaces between the old and the new. Identify the function of the pressure ports as having potential for a single point fa
15、ilure causing a critical mishap.4. Correct and recertify the software, followed by institution of a higher level of configuration management requiring NASA review and approval of changes.5. Inspect and correct malfunctions in the hardwire trip circuit system. Verify the reliability and independence
16、of the hardwire trip system.6. Develop predicted performance differential pressure characteristic values, based on planned test parameters. Use these expected values to set tolerance bands to be flagged as limits for IST. Establish procedures for review of test values falling outside the flagged lim
17、its, and for clearing the flags.7. Provide a high speed data acquisition system for use during IST for recording of run data that might be required for diagnostic purposes.Evidence of Recurrence Control Effectiveness: N/ADocuments Related to Lesson: Provided by IHSNot for ResaleNo reproduction or ne
18、tworking permitted without license from IHS-,-,-N/AMission Directorate(s): a71 Exploration Systemsa71 Aeronautics ResearchAdditional Key Phrase(s): a71 Aircrafta71 Ground Equipmenta71 Test FacilityAdditional Info: Approval Info: a71 Approval Date: 2000-06-6a71 Approval Name: Eric Raynora71 Approval Organization: QSa71 Approval Phone Number: 202-358-4738Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
