Solar Probe Plus FIELDS MEP i-PER Safety and Mission Assurance Jorg Fischer FIELDS Mission Assurance Manager University of California, Berkeley jorg@ssl.berkeley.edu
iPER Overview Safety & Mission Assurance SMA PER SUCCESS CRITERIA SMA ASSESSMENT Safety & Mission Assurance SMA SAFETY: The status of safety data submissions, procedures, and verification activities indicate a proper maturity level at this point in the life-cycle. PAIP and Verification process is using the SMA requirements Matrix. SAFETY: All Hazardous Procedures have been identified, reviewed, and accepted by JHU APL. Descriptions of the FIELDS specific safety hazards are available in the backup slides. SAFETY: The identification of safety hazards for flight, range, ground hardware and operations is complete. A walk-through safety review of NPR 8715 with JHU APL was completed. ANOMALIES: The disposition and status of previous anomalies, deviations, and waivers have been assessed in their entirety and the identified risks are acceptable to proceeding. EEE parts and M&P: Approved or in process of approval NCRs/Waivers, EEE parts and M&P to be presented.
FIELDS – NCR/PFRs NCR/PFR – Non-conformance/Problem Failure Reports: Total: 13 Closed by UCB SSL: 13 In signature process UCB/APL: Last 4 NCRs Subassembly NCs – Pre-power on – Q-Notes : All NC/Q-Notes are shared with JHU APL SMA. A summary List is posted on SVN: SPF_NCR_SUM NCR details are shown in the backup slides Total: 9 Closed: 9
FIELDS – Waivers WAIVERS/Deviations: Total: 10 Ref. FIELDS Waiver Summary Document: SPF_SMA_Instrument_Waivers Waivers are presented by the FIELDS SE, Keith Goetz The disposition and status of previous anomalies, deviations, and waivers for FIELDS have been assessed by JHU APL and UCB SSL SMA in their entirety and the identified risks are acceptable to proceeding.
FIELDS – M&P, EEE parts MUA Total: 2, Closed MUA_2015-11 Spacecraft APTEK 6521 Outgassing – Approved MUA_2015-035 Niobium Molybdenum Outgassing All of the materials are Approved or Conditionally Approved with the exception Blanket Material – WIP. PAML: SPP-SMA-024B_v28_MPL_MIL_PAML_2016_10_21 EEE Parts: All ABDLs have been delivered. EEE parts are approved with lien: 1052080-1 - Connector, Perform up-screening (DWV, IR, Temp cycling) - WIP at JHU APL AD7621ASTZ - Completed qualification testing and provided a project waiver (CCR_007)
FIELDS – Verifications, GIDEP Verifications, Inspections, Overview JHU APL, UCB SSL QA/SMA – on site, as needed Verifications per SMA Matrix MIPs performed by JHU APL –no issues GIDEP and Alerts Closed loop process in place, up-to-date, no issues SPP_GIDEP_ALERTS Total: 310 of 309 items closed 1 open item NASA Advisory : NA-GSFC-2016-01 (Dielectric Rupture Due to Protons in Components Incorporating High-Z Elements. It requires project radiation assessment) – JHU APL/GSFC review is in progress. FACILITIES Facilities are ready for testing and have been reviewed by SSL and JHU APL SMA. Chamber use is coordinated with the SPP FIELDS team through PM and Gale Martin (Thermal Engineer Lead).
iPER FIELDS – SMA All test events will be supported by QA personnel Review/Approved Test Documents Monitor formal test events Present for all critical operations – moves, lifts, first power on/off, FSW loads CONOPS compliant with SPP PAIP and Matrix that identifies requirements applicable to Pre-test, As-run testing, and data collection Approved/released documentation Certified Test Conductors Certified Personnel Identified Mandatory Inspection Points Out of Sequence work protocols Redline/Flag system Anomalous/Out-of-Family process SMA is ready to support the Flight Test Phase
iPER FIELDS – SMA BACKUP SLIDES
FIELDS – SAFETY Hazard Descriptions: Acceleration: The Antennas deploy at a rate of approximately 18 degrees per second. A deployment takes approximately 6 seconds. While stowed on the spacecraft, non-flight restraints will prevent accidental deployment. The energy stored in each spring in the stowed configuration is 840 lb-in (95 J), but the hard stop of the antenna prevents the spring from unwinding all the way. The deployed mass is 248 grams. Pressure: Only Nitrogen doers. All personnel handling Ni is trained and certified by EH&S. Training cert records are available for review, through SMA Temperature: All operators for solder operations are trained by NASA JPL and certified by FIELDS SMA. Hazardous Materials: UCB has appropriate hazardous materials storage and MSDS available for polymeric materials and alcohol; follows UCB EH&S procedures
FIELDS – Waivers Waivers/Deviations generated before Integration: CCR_008 – SPF_CCR_008_SCM_Thermal_Cycling. Affected Items: FIELDS SCM sensor Requirement: SPP Environmental Design and Test Requirements Document (7434-9039), Section 5.1.2 requires thermal vacuum cycling testing on SCM sensor component. Description of Change: The thermal cycling test in vacuum for SCM is a difficult test to perform. The sensor electronics is designed to be thermally isolated from the mag boom itself, from the sensor’s mounting hardware and from vacuum chamber thermal control plates. With such weak thermal coupling, we expect cycling in vacuum to take an unreasonably long time. Testing in air will speed the process markedly (e.g. 6h per cycle as opposed to 24+h per cycle). Deviation: Modify the requirement to allow thermal cycling in air as a substitute for thermal vacuum cycling. It would be expected to run more cycles and at more extreme temperatures. As follows: SCM 12 cycles in air from -60C (TBC) to +80C (heater set point is -50C) Rationale/Justification for Change (include names of peer reviewers): Cycling this sensor in vacuum would be very difficult. Cycling this sensor in air is straightforward and gives acceptable results. Risk Assessment: FIELDS believes that thermal cycling in air would actually be more effective at revealing workmanship problems in a limited duration test. The SCM sensor includes a number of EEE parts – all fully encapsulated in the 3d-Plus preamplifier structure. As such, testing in air with reasonable dwell times at temperature extremes will give good workmanship results. Waivers are presented by the Systems Engineer, Keith Goetz
FIELDS – NCR/PFRs PL Subassembly NCRs generated before Integration: NCR_001 – DCB SN001 3-D Plus SDL Workmanship, The root cause is incorrect soldering by the supplier of these types of modules (which require special attention during the assembly process). Use As-Is for FM spare and Build DCB FM2 Closed, (Vendor Workmanship) NCR_002 – LASP NCR 142400, DFB FM1, Electrostatic Discharge appears to have damaged two of the inputs on the SIDECAR ASIC, The assembly is at risk for ESD when being probed. Test operator error. DFB FM1 use for FM spare, build DFB FM2 Closed, (Vendor Operator Error) NCR_003 - AEB 01 and 02, J32 Digital Input Overvoltage, Improperly designed ground support equipment. was generated. GSE modified to conform to AEB input voltage. Aeroflex applications engineer confirmed and MRB agreed that our test setup did not damage the transceiver IC Closed, (Design Change) NCR_004 – LASP DFB SN1, SN02 NCR 145444A_146400A_145702A Rework. (1) U61, a Honeywell, 512K X 8 SRAM non-FM part installed, replaced with FM part. Reworked (2) before testing bent leads on U42 - assembly has not yet been powered up. Reworked (3) poor Common Mode Rejection between V1_AC and V2_AC, mismatch in parasitic capacitance at U55, Reworked. Closed, (EEE parts replacement and Design Change). NCR_005- LASP DFB SN1, 146340RevA Workmanship - U61 was mistakenly soldered on the assembly using the wrong orientation, Reorked. Closed, (Vendor Workmanship) NCR_006 – DCB FM1, DCB/AEB HSK Anomaly. Design - The issue is caused by inputs that exceed recommended (not absolute) operating conditions for op-amp input voltage. ECN_020 issued, Rework performed. Closed, (Design Change). NCR_007,008 VOID NCR_009 – DCB FM2, DCB FM2 missing R47. Resistor not installed. Process. Rework performed. Closed, (Design Change)
FIELDS – PFRs PL Subassembly NCRs generated before Integration: NCR_010 – DCB FM2 RFS V1 Input Over-voltage. Test operator error. Replaced two AD8001S devices, U10 and U14, that were exposed to the 0.3V over voltage. Rework performed. Closed, (Operator Error) NCR_011 – SCM NCR_012 – DCB FM2, DCB Disconnected +6VA rail. Absolute maximum input voltage on U134 is exceeded when the +6VA power rail turns on before other power rails. Design Error, Reworked Closed, (Design Change) NCR_013 –DCB FM2 Washer to GND during installation. Kee pout zone. Operator and Design Error. Reworked. Closed, (Operator and Design error). NCR_014 – AEB1, GSE Short Circuit of 5V AEB1 Regulator. GSE inter-connect. Reworked. Closed, (GSE). NCR_015 – TDS FM1, TDS FPGA Daughter Board Alignment Pins. Layout/Design Error. Reworked. Closed, (Design Error). NCR_016 – TDS FM1, TDS Shows Corrupt Data. Layout/Design Error. As it happened, the TDS had another problem (reported in SPF_NCR_015) in which the daughter board could not be fully mated. This problem was due to a PWB layout problem that would not allow the proper mounting of the standard alignment hardware used on the connectors of the FPGA daughter board. The resolution of this problem was to remove all such alignment hardware from the TDS motherboard. This included the offending washer described above. So the problem almost corrected itself. Reworked. Closed, (Design Error).
FIELDS – SMA VERIFICATION SMA MATRIX Requirements Verification File: SPF-SMA-01B_7434-9096RevB_Matrix_Verification