1、Lessons Learned Entry: 1208Lesson Info:a71 Lesson Number: 1208a71 Lesson Date: 1999-07-23a71 Submitting Organization: JSCa71 Submitted by: Nicholas Gaspar/ Ronald A. MontagueSubject: Use of “cant fail“ process to reduce chances for operator error Description of Driving Event: A functional test was b
2、eing performed at one of the subcontractors on Pressure Transducers. The physical setup consisted of a supply pressure bottle connected to a pressure manifold (with 4 pressure transducers installed) and to a test console. The objective of the functional test was to ensure that at various pressures t
3、he pressure transducers were within allowable tolerance. The system was to be pressurized to 400 psi (line pressure), then a 40 psi differential pressure applied to the transducers. a71 The technician applied 15 VDC voltage to the pressure standard. This is below required voltage.a71 Next, he increa
4、sed the line pressure expecting an indication from the pressure standard. However, as the pressure increased, the input voltage to the pressure standard dropped from 15 VDC to 11 VDC. At 11 VDC the standard is not able to function due to the low voltage and therefore no increase in pressure was indi
5、cated.a71 The technician had no indication that pressure buildup was exceeding the allowable limit for the transducers.a71 Overpressurization damaged the diaphragms in the pressure transducers.Root cause: Human error.a. Technician applied incorrect input voltage to the pressure standard. As a result
6、 the pressure standard failed to indicate the actual line pressure.b. Technician failed to limit the source pressure. He failed to set the bottle pressure regulator to 440 psi. This would have ensured that the transducers could not be subjected to a pressure exceeding their proof pressure.c. Contrib
7、uting Causes: Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-1. Inadequate training in use of test equipment. Although the technician had received on-the-job-training in test procedures and use of lab equipment, the technician was unaware of the haz
8、ardous consequences should the pressure standard be starved for current.2. Adequate failure tolerance (Cant Fail) was not required to be built into the procedure.3. Required input voltage was not readily available. Since this incident the input voltage requirements for the pressure standard have bee
9、n added to the calibration sheet with a warning to the technicians. In addition the input voltage requirements have been stenciled, as a warning to technicians, in large red letters, directly to the standard.Lesson(s) Learned: Use of “cant fail“ processes when designing manufacturing, test, and oper
10、ations can greatly reduce the chances for human errorRecommendation(s): Apply “Cant Fail“ process to each procedure where hardware is handled, machined, installed or tested to ensure that an operator error, equipment failure or software anomaly will not lead to a significant event. Evidence of Recur
11、rence Control Effectiveness: N/ADocuments Related to Lesson: N/AMission Directorate(s): a71 Exploration Systemsa71 Aeronautics ResearchAdditional Key Phrase(s): a71 Computer-Aided Design/Manufacturing/Engineeringa71 Configuration Managementa71 Flight Equipmenta71 Flight Operationsa71 Ground Equipmen
12、tProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-a71 Ground Operationsa71 Hardwarea71 Human Factorsa71 Industrial Operationsa71 Launch Processa71 Parts Materials & Processesa71 Payloadsa71 Policy & Planninga71 Risk Management/Assessmenta71 Safety & M
13、ission Assurancea71 Softwarea71 Spacecrafta71 Test & Verificationa71 Test Articlea71 Test FacilityAdditional Info: Approval Info: a71 Approval Date: 2002-06-17a71 Approval Name: Ronald A. Montaguea71 Approval Organization: JSCa71 Approval Phone Number: 281-483-8576Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
