National Aeronautics and Space Administration

www.nasa.gov/sls

Spac

e La

unch

Sys

tem

Topic: Phase I Safety Review Preparation for GT #2

Date: 10/21/2015

Org: Scott Spearing / FP30

Cube Quest Town Hall Meeting #2

Agenda

• Safety Ground Rules• Safety Review Process Overview• Safety Data Package Development• Safety Presentation• Questions?

2

Safety Ground Rules

3

Definition for a Hazard:

Any affect by or from the secondary payload which could cause harm or risk the successful operation or mission of the Space Launch System (SLS) vehicle, primary payload (Orion), or the ground crew.

The Secondary Payload Deployment System’s prime directives (in order of importance):

1) Do no harm to the vehicle2) Do not affect the process/schedule of the vehicle3) Deploy payloads at the end of SLS operations4) Aid in the success of the secondary payload missions

We are guests on the initial flight of a new vehicle, which has the ability to leave LEO.

Safety Status/Process

4

Phase 0 - Introduce payload concepts to the PSRP- Preliminary identification of possible hazards- Gain insight from PSRP as to payload concept & hazards

Process flow is from SLSP EM-1 Secondary Payload Safety Review

Process (SLS-PLAN-217)

Phase I - Present preliminary payload design to PSRP- Identify possible system design hazards & potential hazard mitigations- Receive PSRP comments/suggestions & direction to advance to Phase II

Phase II - Present mature payload design to PSRP- Identify methods of verification to assure hazard is eliminated or controlled- Identify any modifications/alterations to previous design or Phase I agreement- Receive PSRP comments/suggestions & direction to advance to Phase III

Phase III - Present verification results (i.e. analysis, test reports, inspections, etc.) to

PSRP- Identify any modifications/alterations to previous design or Phase II agreement- Receive PSRP comments & recommendation for flight to SLSPresentation Required Safety Data Package w/Hazard Report Required

Safety Data Package

5

Safety Data Package is composed of:1) Basic Introduction

Fill in blue highlighted wording w/payload specific information

2) Mission OverviewFill in blue highlighted wording w/payload specific informationBrief paragraph of mission details only

3) SLS Payload AccommodationsFill in blue highlighted wording w/payload specific information

4) Payload Hardware OverviewThis section w/#7 (see below) that the payload developer needs to put as much detailed information, concerning their hardware, into the document. Areas with in a cubesat design that could be a hazard (i.e. batteries, pressure vessels, liquid propellants, energy storage devices, etc.) need to have additional info added.

5) Ground ProcessingFill in blue highlighted wording w/payload specific information

6) On-Orbit OperationsFill in blue highlighted wording w/payload specific information

7) Safety AssessmentThis section needs to be filled out w/any possible hazard you think you have, whether it is identified in the outline or something you may have a concern about. Also need to discuss how that hazard could be eliminated/mitigated/controlled.

Hazard Report

6

Current hazard report hazards fall into either a “short form” or a “long form”.

Short Forms – Capture the more common type of hazards that most payloads could experience. For Phase I the following blocks need to be filled out:

Block A – Leave blank, to be filled in by NASA safetyBlock B – enter “Phase I”Block C – enter date you plan to submit hazard reportBlock D – enter your cubesat nameBlock F – Indicate Mission Phase the hazard could occurBlock H – Indicate which hazard control in Block G you plan to employ

Block I – is used for Phase II & III to identify how you plan to verify you have the proper hazard control in place (i.e. inspection, analysis, testing, etc.) and where you will list the reports confirming you completed the verification.

Any data you wish to add to support your filling out of the hazard report can be added as appendixes (i.e. materials lists, grounding schematic, etc.)

For GT#2 the info in Block I is not needed. But if you decide to add info in that block for future use it will not be held against you.

Hazard Report cont.

7

Long Form – Capture the unique hazard which your payload might have that was not in the short form (i.e. batteries, liquid propellant, etc.).

Header - fill out payload name and mark HR IDENTIFIER as “TBD”Line 1 – briefly describe the hazard & the condition it could occurLine 1a – identify “Phase I”Line 1b – enter date you plan to submit hazard reportLine 1c – enter “Payload Name, Cube Quest”Line 1d – list payload safety engineer (person who filled out the form)Line 2 – describe the hazard and its effect to the vehicle or ground crewLine 3 – create a title for the cause and mark the *severity & **likelihood

Line 4 – list what, if anything, you are using to control the hazard beyond the confines of your payload (i.e. dispenser for containment, etc.)Line 5 – mark the cause(s) as “new (Phase I)”Line 6 – add any other info for this hazard that you think would aid in

clarification of the other lines.*SeverityThis index quantifies the worst case accident or undesired event resulting from this cause. Severity levels are I (Catastrophic), II (Critical), and III (Marginal). Hazard Reports with Severity Level of III (Marginal) shall not be brought forth to the Safety Review Panel.

**LikelihoodThe likelihood (probability of occurrence) of this hazard cause manifesting itself after controls have been implemented. Likelihood levels are A, B, C (Remote), and D (Improbable), with A being the most probable.

Safety Presentation

8

Phase I presentation is a summation of the safety data package and review of the hazard report forms (short & long). Basic info needed is:

• Payload objectives – 1 page• Concept of Operations (w/emphasis on hand over @ KSC thru 15 sec. after

deployment) – 1 page• Overall cubesat configuration description (i.e. top level description, block

diagrams, etc.) – 1 to 3 pages• Description of each system (diagrams, components identified, operations, etc.) – 6

to 10 pages• Detailed hardware descriptions concerned w/possible hazards – x pages (as

needed)• Overall payload schedule – 1 page• Summary of identified hazards (standard & unique) – 2 to 3 pages• Review each hazard report page (short & long) – x pages

Back-ups• Approach to meet IDRD safety requirements tables – x pages• Any additional info you might need to have for your presentation – x pages

Project Schedule

9

Town Hall - Safety

10

Questions ?

Back – Up Charts

11

Verification/CoFR Plan

12

Short Form Example

13

SLS EM-1 SECONDARY PAYLOAD STANDARDIZED HAZARD CONTROL REPORT

A. NUMBER B. PSRP PHASE C. DATE STD-ERROR! REFERENCE SOURCE NOT FOUND.

ERROR! REFERENCE SOURCE NOT FOUND.

ERROR! REFERENCE SOURCE NOT FOUND.

D. HARDWARE NAME ERROR! REFERENCE SOURCE NOT FOUND. F. HAZARD: G. HAZARD CONTROLS: H.

APP. I. VERIFICATION METHOD, REFERENCE AND STATUS:

(complies with) (If Not Applicable for hardware, enter N/A and state why.) 1) Payload Deployment

Mission Phase Launch Processing Launch

Must be compliant with a) and b) in all cases. a) Be compatible with an ejection rate of 4.6 ± 0.2 ft/sec (1.4

± 0.06 m/sec)

b) Restrict payload volume expansion of its launch configuration, which expands its size beyond 3 times its launch envelope, for a minimum of 15 seconds after deployment.

For co-deployment payloads in addition to a) and b). c) Restricted to a 5 second delay between deployer

activation. Note: Identify the features used to restrict deployment in b) and c) as an attachment.

2) Structural Failure

Mission Phase Launch Processing Launch

Must be compliant with a) and b) in all cases. a) Mounted in an approved Payload Dispenser for launch. b) Payload primary structure designed to a FoS of 1.4 for

the worst case environments for the MSA in SLS-SPIO-SPEC-001 “ISPE Design Environments Document”.

Note: A non-approved Payload Dispenser will require a unique hazard report. Note: Identify the Payload Dispenser and provide a summary of the loads assessment as

an attachment. 3) Structural Failure of Sealed Containers

Mission Phase Launch Processing Launch

Sealed containers must not have a window, must not be attached to hoses or lines, and must be compliant with a) and b) in all cases:

a) Be a single, independent container containing a non-hazardous substance.

b) Contain less than 19,310 Joules (14,240 foot-pounds) of stored energy due to pressure.

AND c) Have a maximum delta pressure of 1.5 atmospheres (22

psia, 1.5 bars).

OR d) Have an Maximum Design Pressure (MDP) greater than

1.5 atm (22 psia, 1.5 bars), but less than 6.81 atm (100 psia, 6.9 bars) and analysis or test showing minimum safety factor for the design is 2.5 X MDP.

OR e) Have an MDP greater than 1.5 atm (22 psia, 1.5 bars),

but less than 6.81 atm (100 psia, 6.9 bars) and each flight unit pass a proof test to 1.5 X MDP.

Note: Include a table of the sealed container(s) with the amount of stored energy and maximum pressure as an attachment.

EXAMPLE

Long Form Example

14

UNIQUE HAZARD CONTROL REPORT FORMAT 

Payload NameSLS EM-1 Secondary Payload

HR IDENTIFIER 

1. HAZARD TITLE:Enter a brief description of the hazard in terms of hazard initiator, action or consequence.a. Review Level: Phase I, II, or IIIb. Revision Date: Datec. Scope: Payload, Payload Carrierd. Hazard Report Focal: Name, Phone Number

 _____________________________________________________________________________________________2. HAZARD CONDITION DESCRIPTION:The hazard description should define the risk situation including the unsafe act or conditions and its effect on SLS or personnel. _____________________________________________________________________________________________3. CAUSE SUMMARY: CAUSE 1: Cause Title 1

SEVERITY: LIKELIHOOD: 

CAUSE 2: Cause Title 2SEVERITY: LIKELIHOOD: 

_____________________________________________________________________________________________4. INTERFACES:What does the Payload interface with? Does it rely on other hardware for controls? _____________________________________________________________________________________________5. STATUS OF OPEN WORK: CAUSE 1: Closed or Open (Phase II); Closed or Closed to SVTL (Phase III)CAUSE 2: Closed or Open (Phase II); Closed or Closed to SVTL (Phase III) _____________________________________________________________________________________________6. REMARKS:Entries here should include any information relating to the hazard but not fully covered in any other item field.

EXAMPLE