ITAR Restricted Data 1THEMIS Mission CDR 6/18/04 System Safety Overview WBS Element Tim Keepers (301)

ITAR Restricted Data 2THEMIS Mission CDR 6/18/04 Outline  Systems Safety Peer Review - RFAs and Suggestions  THEMIS Safety Policy/Purpose/Mission Statement  Organizational Functions  Documentation Approval Flow  Safety Program Milestones  Integrated Hazard Assessments  Safety Working Group  Industrial Safety  Mishap Reporting  Hazard Reports  EWR Tailoring

ITAR Restricted Data 3THEMIS Mission CDR 6/18/04 Safety Peer Review  Systems Safety Peer Review - May 28, 2004 –FIRST known Safety Peer Review of a GSFC Explorers Office Probe –Received 6 1/2 RFAs and 3 Suggestions Safe Systems Safety Program Plan (SSPP) is outstanding Action - Conditional Approval should be obtained before Mission CDR Status - Complete Safe-001a- Current SSPP lacks details regarding Tailoring of EWR Action - Include details on tailoring in the SSPP Status - Complete and Closed Safe EWR127-1 requires System Safety Process est. early in design Action - GSFC Explorers office will facilitate coordination and communication with KSC and Range Status - Closed (see Safe-004) Safe EWR Tailoring has not been appr/submitted to Range. Action - Complete Tailoring dealing with design issues prior to CDR Status - Closed

ITAR Restricted Data 4THEMIS Mission CDR 6/18/04 Safety Peer Review –Continuing with RFA Status Safe No detailed forum for safety communication between all parties Action - Establish a Safety Working group (detailed later in presentation) Status - Complete (first telecom meeting on 6/9/04) and Closed Safe Determination of Risk Mitigation levels Action - Determine Risk Levels for RCS system Status - Incomplete Safe Survivability of inadvertent RCS Pressurant Release Action - Confirm effectiveness of 2 mech inhibits; verify max thermal condition for remaining phases will not over pressurize system Status - Incomplete

ITAR Restricted Data 5THEMIS Mission CDR 6/18/04 Safety Peer Review –Safety Peer Review Suggestions Suggestion - Develop a clearer format for Hazard Reports that demonstrates better tracking of verification Status -On going Suggestion - Hazard Reports for operations not shown during review Status - The THEMIS mission will produce Hazard Reports for ground operations as needed. Reports with a Catastrophic or Critical Severity ranking will be included in the MSPSP. Suggestion - Formalize Safety Verification Tracking Log Status - This has been included into the latest version of the SSPP

ITAR Restricted Data 6THEMIS Mission CDR 6/18/04 Safety Policy  THEMIS Safety Policy 1. To provide a safe work place for all personnel and operations. 2. All accidents and incidents are preventable. 3. The THEMIS Program places safety before cost and schedule. If it is not safe, stop work immediately and notify your supervisor. 4. The THEMIS Program uses an organized and systematic approach to identify and control potential hazards, measure the safety risks associated with all hazards and provide risk assessment and risk mitigation plans to management.

ITAR Restricted Data 7THEMIS Mission CDR 6/18/04 Systems Safety Program Purpose: 1. Identifies and details the safety systems and methods that will be implemented during all phases of the THEMIS Mission. 2. Identify, evaluate and document all risks and hazards in order to eliminate or control them within the cost, schedule and technical constraints of the program. 3. Ensure that additional risks are not introduced during the design, production, integration and testing phases.

ITAR Restricted Data 8THEMIS Mission CDR 6/18/04 Safety is a Priority of every person Working on the THEMIS Mission. Therefore, every person working on the THEMIS Mission is part of the THEMIS MISSION SAFETY TEAM! THEMIS Mission Safety Team Mission Statement

ITAR Restricted Data 9THEMIS Mission CDR 6/18/04 THEMIS Safety Organization Functions The NASA Explorers Office is the Range User. As such, the Explorers Office is responsible for submitting all required safety documentation and obtaining all necessary Range Safety approvals. Under the direction of UCB, Swales is responsible for all Safety Engineer Tasks. Under the guidance of Safety Representatives from the NASA Explorers Office, Swales will produce all required safety documentation in an approved form for Range Safety submittal. Systems Safety Program Plan

ITAR Restricted Data 10THEMIS Mission CDR 6/18/04 Systems Safety Program Plan Documentation Submittal/Approval Flow

ITAR Restricted Data 11THEMIS Mission CDR 6/18/04 Systems Safety Program Plan THEMIS Safety Program Milestones

ITAR Restricted Data 12THEMIS Mission CDR 6/18/04 Safety Deliverables Safety System Milestones Flow

ITAR Restricted Data 13THEMIS Mission CDR 6/18/04 Safety System Milestones: (numbers shown correlate with event numbers from Milestone Flow) 01 System Safety Program Plan - Draft SUBMITTED 02 Preliminary Hazard Analysis a.System Level FMECA’s COMPLETED b.System Level Hazard Identified COMPLETED 03 MSPSP Data Presented (CDR) - PSWG Meeting SUBMITTED 04 Subsystem Hazard Analysis a.Subsystem FMECA’s COMPLETED b. Hazard Reports and Controls COMPLETED 05 EWR Tailoring Final (Chapter 3 submitted, 1 and 6 by July 2) 06 SSPP Final, Initial MSPSP, Hazard Reports SUBMITTED 07 Mission Orientation - PSWG Comments 08 Operating and Support Analysis Hazardous Procedures Safety Deliverables

ITAR Restricted Data 14THEMIS Mission CDR 6/18/04 Safety System Milestones (continued): 09 Hazard Reports Controls Verified (on going (possibly thru launch) 10 MSPSP Draft Submittal (launch-315 days (11/05)) 11 Payload Safety Working Group TIM (payload ship-180days (12/05)) 12 MSPSP Final Submittal (payload ship-120 days (2/06)) 13 NASA Payload Organization Approval of MSPSP 14 Final MSPSP Submitted to PSWG (payload-45days (4/06)) Systems Safety Program Plan

ITAR Restricted Data 15THEMIS Mission CDR 6/18/04 Systems Safety Program Plan Deliverable Data

ITAR Restricted Data 16THEMIS Mission CDR 6/18/04 Systems Safety Program Plan Non- Deliverable Data

ITAR Restricted Data 17THEMIS Mission CDR 6/18/04 Integrated Hazard Assessments Systems Safety Program Plan

ITAR Restricted Data 18THEMIS Mission CDR 6/18/04 Systems Safety Program Plan Hazard Identification Processes TOP Down System Hazard Analysis During the first stages of the THEMIS design, a System Level Preliminary Hazard Analysis (PHA) was completed. This was completed in order to follow the Hazard Elimination/Mitigation Procedures Bottom Up Subsystem Hazard Analysis A Failure Modes and Effect Analysis (FMEA) is being performed which will include all possible sources of failure and their effects on both the subsystem and the system. Operations & Support Hazard Analysis Used to identify potentially hazardous operations and critical GSE. Conducted using the final design, I&T Plan and Launch Site Ground Operations Plan. Output is the correct classifications of hazardous and non-hazardous operations for the Work Order Authorization process.

ITAR Restricted Data 19THEMIS Mission CDR 6/18/04 Systems Safety Program Plan Hazard Analysis The inputs to the Hazard Analysis are the PHA (system level), FMECA (subsystem level with respect to the system) and the Operations and Support Hazard Analysis. The products of the Hazard Analysis are the Hazard Reports Hazard Reports will contain a Hazard Severity based on EWR guidelines. All Hazard Reports with a Catastrophic and Critical severity rating will be included in the MSPSP.

ITAR Restricted Data 20THEMIS Mission CDR 6/18/04 Systems Safety Program Plan Hazard Elimination/Mitigation Procedures a. Eliminate Hazards by design b. Minimize or Negate Hazards through Design c. Install Safety Devices d. Provide Protective Clothing and Equipment e. Install Caution and Warning Devices f. Develop Administrative Controls including Special Procedures g. Establish Controlled Areas

ITAR Restricted Data 21THEMIS Mission CDR 6/18/04 Systems Safety Program Plan Hazardous Operations The System Safety Engineer, in addition to the Subsystem Lead Engineer, will ensure all controls are in place for any Hazardous Operations. All operations will be governed by a Work Order system and the Safety Engineer will be a required sign off on any Hazardous Procedures.

ITAR Restricted Data 22THEMIS Mission CDR 6/18/04 Safety Working Group (SWG)  Purpose: Provide a forum where Safety Concerns and questions can be addressed with all agencies represented  Chaired by UCB (David King). Members include representatives from UCB, Swales, GSFC, KSC and the Range  Meet weekly (Wednesday 3pm (eastern))  Weekly agenda items will include deliverable documentation and Safety Program Schedule  An Issues and Actions List will be created and updated at each meeting. SWG Chairperson will maintain this list

ITAR Restricted Data 23THEMIS Mission CDR 6/18/04 Industrial Safety Swales –Well established, OSHA Compliant program at Swales (Barry McCarthy) –Standard Operating Procedure (SAI-HAS-0001) governs all work at any Swales facilities –Industrial Safety Specialist will be used for all safety training/cert., protective clothing, hazardous material storage, incident reporting and safety audits Other Facilities –Swales will work with GSFC, Astrotech and the Range to verify that we are in compliance with the applicable facility Safety Operating Procedure

ITAR Restricted Data 24THEMIS Mission CDR 6/18/04 Mishap Reporting  Swales company policy that all accidents, incidents and close call occurrences will be reported –Swales Safety and Health Manual (SAI-HAS-0001)  NASA facilities –Processing Mishap, Incident and Close Call Reports (GPG )

ITAR Restricted Data 25THEMIS Mission CDR 6/18/04 Hazard Report  Preliminary Hazard Reports have been generated –Swales generated bus hazard reports in THEMIS standard format in a single excel database –Swales generated additional mechanical subsystem hazard reports in KSC shuttle format using word files –Swales generated additional I&T hazard reports in KSC shuttle format using word files –UCB generated instrument hazard reports in THEMIS standard format in a single excel database  Plan to consolidate all hazard reports in the THEMIS standard format in a single excel database prior to CDR –Update data, complete all sections and standardize format

ITAR Restricted Data 26THEMIS Mission CDR 6/18/04 Hazard Report Summary

ITAR Restricted Data 27THEMIS Mission CDR 6/18/04 Tailoring Sheets: Tailoring is conducted in to order to produce an EWR document that is specific to THEMIS.  Chapter 3 - Gone through a review process (between UCB, Swales and GSFC). 56 Tailoring Items have received preliminary approval to be forwarded onto KSC (and then to the Range) Majority of tailoring sheets deleted sections that did not apply to THEMIS.  Chapters 1 and 6 will be completed by July 2 Tailoring

ITAR Restricted Data 28THEMIS Mission CDR 6/18/04 Back Up Slides Systems Safety Program

ITAR Restricted Data 29THEMIS Mission CDR 6/18/04 Organization THEMIS Safety Team Systems Safety Program

ITAR Restricted Data 30THEMIS Mission CDR 6/18/04 University of California, Berkeley Safety Organization Principal Investigator: Vassilis Angelopoulos Project Manager: Peter Harvey Deputy Project Manager: David King Mission Assurance Manager: Ron Jackson Mission Systems Engineer: Ellen Taylor Lead Mechanical Engineer: Paul Turin Integration and Test: Rick Sterling Systems Safety Program Plan Program Manager: Mike Cully Safety Program Engineer: Tim Keepers Industrial Safety Specialist: Barry McCarthy Electrical Safety: Bob Kraeuter, Ginger Robinson Mechanical Safety: Chris Lashley, Rob Eppler, K.Hylan Systems Safety: Tom Ajluni, Kevin Brenneman W.Chen Software Safety: Steve Hammers, Chris Xenophontos I&T Safety: Marc Kaylor EGSE Safety: Tammy Faulkner RCS Safety: Mike McCullough RF Safety: Jim Jew ACS Safety: Richard LeBoeuf Thermal Safety: Rommel Zara Swales Aerospace Safety Organization

ITAR Restricted Data 31THEMIS Mission CDR 6/18/04 NASA GSFC Explorers Office Mission Manager: Frank Snow Observatory Manager: John Thurber Systems Assurance Manager: Ron Pierson Explorers Program Safety Manager: Jamie Harper Explorers Program Safety Engineer: Jamie Burget NASA KSC/Range Safety ? Systems Safety Program Plan