Residual Risk - PowerPoint PPT Presentation

1 / 26

About This Presentation

Title:

Residual Risk

Description:

Electrical schematics, FPGA fuse files. CDR Package and Action Item responses ... Additional $100K for complete electrical design. February 28, 2001 ... – PowerPoint PPT presentation

Number of Views:265

Avg rating:3.0/5.0

Slides: 27

Provided by: bryant4

Category:

more less

Transcript and Presenter's Notes

Title: Residual Risk

1
Section 3 Residual Risk
. . . Bryant Cramer EO-1 Mission Implementation
Manager
2
Residual Risk

Residual Risk is that risk remaining at launch
after all mitigation efforts have been completed
The Red Team is charged to ascertain and
document all residual risks, judged to be any
level higher than low, that are remaining in the
mission
NASA Administrator has asked that 3 system
engineering tools be used to estimate the
likelihood of occurrence and the overall mission
risk associated with the predominant failure
modes as identified by
Failure Modes and Effects Analyses
Fault Tree Analysis
Probabilistic Risk Analysis
Red Team Charter focuses on single-point failure
mechanisms as a major source of residual risk

3
Three System Engineering Tools

NASA Administrator has asked that we evaluate
residual risk through the use of
Failure Modes and Effects Analyses (FMEA)
Failure Tree Analysis (FTA)
Probabilistic Risk Analysis (PRA)
These are normally used during design definition
to support the system engineering process
These tools were not used to develop the EO-1
design
Single string design by policy
Hard cost cap and lots of schedule pressure
Redundancy was largely out-of-bounds -- by
policy, by budget, by schedule, and by available
staff
We utilized selective redundancy within the
existing constraints as best we could
We used these 3 tools in a complementary
abbreviated application to evaluate the
likelihood of successfully completing the EO-1
Minimal Mission
The results were presented to the Red Team on
June 13, 2000
Red Team Charter requires that they be assembled
in a separate document to be delivered by the
Chairman to the Center Director at the MRR

4
EO-1 Minimal Mission

Described in EO-1 Mission Success Criteria
Our evaluation focuses only on the EO-1 Minimal
Mission

5
EO-1 Residual Risk Assessment

Fault-Tree Analysis
Failure of the Minimal Mission
Includes all mission segments
Product is mission element failures that disable
the Minimal Mission
FMEA
Down to box, board or service level, as
appropriate
Used to survey single-point failures
Product is all single-point board failures
disabling the Minimal Mission
Probability Risk Assessment
Classified by similarity
Reliability Block Diagram
Product is probability of single-point failures
that disable Minimal Mission

Flight Segment Ground Segment Launch Unique
Segment
F M E A
Single-Point Failures of Minimal Mission within
each Mission Element
Fault Tree Analysis of Minimal Mission
Probabilistic Classification of Single-Point
Failures by Similarity
Reliability Block Diagram for Minimal Mission
Residual Risk Assessment of EO-1 Minimal Mission
Risk Mitigation Strategies
6
Assumptions For All FMEAs

One failure at a time
All required inputs are nominal
All consumables are present in sufficient
quantities
Nominal power is available (except when the
availability of power is part of the failure(s)
being considered)
Only the launch separation and on-orbit phase of
the mission has been treated
Connector failures are not treated
(Adapted from GSFC P-302-720 and GSFC S-302-89-01)

7
Failure Severity Criticality Categories for FMEAs

Severity criticality codes for these FMEAs are
defined as follows
1 Effective loss of the Minimal Mission
(non-recoverable complete loss of ALI data)
2 Loss of the Hyperion (non-recoverable
complete loss of Hyperion data)
3 Serious degradation, but still meets some of
the Level I ALI and/or Hyperion requirements
4 Some degradation or operations impact, but
still achieves the baseline mission
5 Little or no impact to mission success or
mission operations
Some examples are
Category 1 Power System, ACS, WARP, or ALI
instrument failing completely
Category 2 Hyperion instrument failing by itself
Category 3 A Hyperion ASP failure, or an X-Band
Phased Array failure
Category 4 Heaters
Category 5 PPT, GPS, AC, etc.

8
EO-1 Minimal Mission ElementsCategory 1 Failures
9
EO-1 Minimal Mission ElementsCategory 1
Failures(continued)
10
EO-1 Minimal MissionReliability Block Diagram
Attitude Control Subsystem (ACS)
Electrical Power Subsystem (EPS)
Communications Subsystem (CS)
Command Data Handling Subsystem (CDHS)
Reaction Control Subsystem (RCS)
0.9490
0.9679
0.9535
0.9638
Has Redundancy
0.9999
ALI
WARP
Reliability _at_ 1 year 0.7447 Failure Likelihood
0.2553
0.8960
0.9846
Has Consequence Category 1 from FMEA
11
0.75
12
PRA Summary

Reliability at 1 year for FMEA Category 1
0.7491
Reliability at 1 year for FMEA Category 1R
0.9941
Redundant 1R items have small impact on
reliability
Reliability at 1 year for Category 1 1R
0.7447
If 1R items were not redundant then R 0.6917
Category 1 single point failures are primary
drivers of residual risk.

13
Special Topic Accelerated Minimal Mission
. . . Bryant Cramer EO-1 Mission Implementation
Manager
14
Overview

The EO-1 Accelerated Mission is a change in
operations to maximize the likelihood of flight
validating the ALI WARP (Minimal Mission)
The concept is an outgrowth of our Probabilistic
Risk Assessment (PRA)
EO-1 is a largely single-string design and for
such a mission the reliability typically
decreases to about 0.70 at the end of one year
Due to selective redundancy, our reliability is
at 0.75 _at_ 12 months
By increasing the data collection rate from 4 to
8 Data Collection Events (DCEs) during the first
four months aloft, we can increase the
probability of completing the Minimal Mission
from 0.75 to 0.90
The cost is roughly 600K

15
Reliability vs. Mission Success Criteria
Minimal Mission
Completely Successful Mission
Successful Mission
Probability
Completely Successful Mission
8 DCEs / Day
Successful Mission
4 DCEs / Day
Months After Launch
16
EO-1 Accelerated Mission
600K
Accelerated Mission Science Validation Facility
(SVF) Normal Ops
COST (K)
MONTHS
17
Summary

Accelerated Mission capitalizes on the early
reliability of the observatory
Maximizes the likelihood of completing the
Minimal Mission
Cost-effective -- can be supported from existing
resources
Leaves the option for an extended mission still
intact
Facilitates DCEs in Southern Hemisphere
Strengthens the overall science validation

18
Special Topic WARP Back-Up Solid State Recorder
. . . Irving Linares EO-1 BSSR Lead
19
Background

WARP failed on 1/4/00 and subsequent
troubleshooting found a connector with a bent pin
and socket corrosion that was repaired
WARP failed again on 2/26/00 and this time an
LM136 regulator failed and overstressed adjacent
parts
This regulator was the true cause of the first
failure
A new regulator board was built, integrated, and
tested, and the WARP returned to the spacecraft
on 5/16/00
After the second WARP failure, it was decided
that EO-1 would pursue a Backup Solid State
Recorder (BSSR) as a prudent risk mitigation

20
What is the BSSR

Backup Solid State Recorder is a
high-reliability, stand-alone CCSDS-compatible
unit packaged as a single card to fit directly
into the WARP
4.6 Gb of solid state memory
Interfaces MIL-STD-1773 28V power input
RS-422 science data input/output
31 mux for input science data
Maximum science data input rate of 165 Mbps
No processor, no internal software, therefore
design is simple and independent of flight
hardware software
Design incorporates radiation-hardened mil-spec
EEE parts to gain a reliability prediction of 95
over two years
Team Members