Guide to the Identification of SafetyCritical Hardware Items

  • Slides: 18
Download presentation
Guide to the Identification of Safety-Critical Hardware Items for RLV Developers COMSTAC RLV Working

Guide to the Identification of Safety-Critical Hardware Items for RLV Developers COMSTAC RLV Working Group Meeting Washington D. C. 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Outline • • Project Overview WG Participation Current Status Document Overview - Depth of

Outline • • Project Overview WG Participation Current Status Document Overview - Depth of analysis Safety-criticality guidelines Identification process List of potentially safety-critical items • Future Work • Observations • Q&A 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Project Overview • Tasked by FAA/AST to form RLV industry working group in 2003

Project Overview • Tasked by FAA/AST to form RLV industry working group in 2003 • The working group was originally formed to: - define criteria for identifying potentially safety-critical systems for RLVs - develop a list of potentially safety-critical RLV items - to identify risks and develop risk mitigation/elimination controls for RLV operations 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

WG Participation • The following organizations actively participated in the project for the past

WG Participation • The following organizations actively participated in the project for the past two years: - 25 May 2005 The Boeing Company Kistler Aerospace Lockheed Martin TGV Rockets XCOR Aerospace FAA/AST COMSTAC RLV Working Group Meeting - Washington D. C.

Current Status • Document released on 1 May 2005 - Brief announcement at Space

Current Status • Document released on 1 May 2005 - Brief announcement at Space Access meeting - Freely available at AST and AIAA websites u http: //ast. faa. gov u http: //www. aiaa. org/content. cfm? pageid=593 • One example remains to be discussed by working group • Document can be updated provided there is sufficient interest and involvement from affected parties 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Document Contents • • Introductory material (foreword, scope, purpose, definitions) Hazard contributors Three-pronged approach

Document Contents • • Introductory material (foreword, scope, purpose, definitions) Hazard contributors Three-pronged approach to public safety Depth of analysis examples Risk assessment methodologies Guidelines and process for identifying safety-critical items List of potentially safety-critical hardware items Risk mitigation strategies for safety-critical hardware items 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Depth of Analysis Examples • Provides developers with characterization of level of effort associated

Depth of Analysis Examples • Provides developers with characterization of level of effort associated with identifying safety-critical items for different mission scenarios • Three scenarios presented - Sub-orbital launch in which dispersed IIP does not intersect populated area - Sub-orbital launch in which dispersed IIP intersects a small number of populated areas - Sub-orbital launch in which dispersed IIP intersects a large number of populated areas 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Safety-Criticality Guidelines (1/3) In general, if BOTH of the following conditions are true for

Safety-Criticality Guidelines (1/3) In general, if BOTH of the following conditions are true for a particular item, the item is potentially safety-critical and may require further analysis. (1) If the vehicle is over/in a populated area, or may reach a populated area as a result of failure, and (2) the item could credibly fail, with the failure resulting in one or more of the five described hazard conditions 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Safety-Criticality Guidelines (2/3) List of Hazard Conditions Failure causes vehicle breakup The vehicle is

Safety-Criticality Guidelines (2/3) List of Hazard Conditions Failure causes vehicle breakup The vehicle is broken into fragments. Failure causes vehicle loss of control: The vehicle can no longer be controlled by the crew (may be onboard crew or ground crew) or by autonomous means. Failure causes uncontrolled debris: The failure leaves the vehicle intact and controllable, but debris is ejected, without any means of controlling where the debris will impact. For example, an engine failure leaves the vehicle intact and in control, but may cause a fan blade to be ejected from the vehicle; or a structural failure may lead to the separation of a aerodynamic control surface. The intentional jettison of a component (e. g. drop tank) during normal or emergency operations in a designated area is not considered a failure. 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Safety-Criticality Guidelines (3/3) List of Hazard Conditions (continued) Failure causes uncontrolled discharge of hazardous

Safety-Criticality Guidelines (3/3) List of Hazard Conditions (continued) Failure causes uncontrolled discharge of hazardous material: The failure leaves the vehicle intact and controllable, but leads to the discharge of hazardous material (toxic, flammable, cryogenic, etc. ). The controlled dumping of propellants in a designated area during an abort scenario is not considered a failure. Failure prohibits safe landing The failure leaves the vehicle intact and controllable in flight, but prohibits the vehicle from either reaching a designated landing location where the public is not endangered (e. g. a missile range), or prevents the vehicle from performing a controlled emergency landing without endangering the uninvolved public (e. g. at a public airport). 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Identification Process (1/2) 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D.

Identification Process (1/2) 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Identification Process (2/2) 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D.

Identification Process (2/2) 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

List of Safety-Critical Items (1/2) 25 May 2005 COMSTAC RLV Working Group Meeting -

List of Safety-Critical Items (1/2) 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

List of Safety-Critical Items (2/2) 25 May 2005 COMSTAC RLV Working Group Meeting -

List of Safety-Critical Items (2/2) 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Future Work FY 05: • Incorporate fourth example into “Depth of Analysis” section Possible

Future Work FY 05: • Incorporate fourth example into “Depth of Analysis” section Possible Follow-On Activities: • Expand guidelines to cover hazard contributors other than hardware items • Update and correct first version as necessary • Any other suggested topics for gov’t/industry cooperation Any follow-on activities will depend on interest and involvement of affected parties 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Observations (1/2) • This effort established a neutral forum for industry/government to discuss safety

Observations (1/2) • This effort established a neutral forum for industry/government to discuss safety concerns • The document could be used for meeting RLV regulations on the identification of safety-critical items • A considerable effort was made to ensure that this Guide will not place any undue regulatory burden on developers • Guidelines and process defined should be applicable to a wide-range of vehicles • A great deal of technical knowledge has been captured in this document 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Observations (2/2) • Model of industry/government working together seems to have been effective •

Observations (2/2) • Model of industry/government working together seems to have been effective • Other regulatory topics could possibly be addressed in a similar manner • Reaching consensus between industry and government can be a struggle, but ultimately invaluable to both • Any future efforts would benefit from greater industry participation to ensure as broad a consensus as possible 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.

Contact Information Craig Day AIAA Standards Program Manager American Institute of Aeronautics and Astronautics

Contact Information Craig Day AIAA Standards Program Manager American Institute of Aeronautics and Astronautics 1801 Alexander Bell Drive, Suite 500 Reston, VA 20191 -4344 Phone: 703 -264 -3849 Email: craigd@aiaa. org 25 May 2005 COMSTAC RLV Working Group Meeting - Washington D. C.