1、Lessons Learned Entry: 1491Lesson Info:a71 Lesson Number: 1491a71 Lesson Date: 2004-04-26a71 Submitting Organization: LARCa71 Submitted by: Richard J. GilbrechSubject: Thorough Risk Assessment in the Design Phase Abstract: In November of 2003, the NASA Engineering and Safety Center (NESC) performed
2、an Independent Technical Assessment of the Code Y CALIPSO satellite Proteus propulsion bus (ref. NESC Final Report NESC-RP-001, NASA Technical Memorandum number applied for). This is a joint mission with NASA GSFC, LaRC and the Centre National dEtudes Spatiales (CNES) scheduled to launch from Vanden
3、berg Air Force base in April 2005 on a Delta II rocket. Several personnel safety hazards related to the hydrazine-fueled Proteus propulsion bus could have been minimized or avoided in the design phase.Description of Driving Event: The GSFC/LaRC Integrated Program Management Council co-chair, William
4、 Townsend (Deputy Center Director at GSFC) requested the NASA Engineering and Safety Center to review three personnel hazards associated with the CALIPSO satellite Proteus propulsion bus: 1-hydrazine leakage from the five threaded A/N fluid fittings, 2-hydrazine leakage through the thrusters and 3-i
5、nadvertent firing of the thrusters. These personnel hazards exist only during the period when the system is filled and pressurized until launch (approximately 36 days). The pre-ship review of the instrument (supplied by Ball Aerospace and integrated into the spacecraft by Alcatel Space Industries) w
6、as the driving program milestone that precipitated this review and subsequent lesson learned. At the time of the independent assessment, the spacecraft had been through its critical design review and the Proteus bus was already fabricated. The choice of mechanical A/N fittings instead of welded join
7、ts provided an area of concern for leakage of hydrazine propellant during ground processing. The use of a tank isolation valve for the hydrazine system (absent on the Proteus bus) would have provided improved safety during ground operations, but both mechanical fittings and a system without an isola
8、tion valve can be made safe by adhering to assembly and processing procedures. A thorough risk assessment in the design phase would have probed and documented the Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-rationale for these design decisions an
9、d perhaps resulted in a different flight configuration.Lesson(s) Learned: In the design phase of a project, a thorough risk assessment must be performed to ensure a configuration that provides the overall minimum risk to personnel, the mission, and the environment. While current NASA policy does req
10、uire a risk assessment, it is important to include all stages of project development when evaluating any potential hazards, including ground processing and integration. Recommendation(s): Programs and projects shall follow the guidance in NASA Procedural Requirement 7120.5B “NASA Program and Project
11、 Management Processes and Requirements“ that stipulates risk assessments be done throughout the project lifecycle which includes the design phase. Evidence of Recurrence Control Effectiveness: N/ADocuments Related to Lesson: NPR 7120.5BMission Directorate(s): a71 Exploration Systemsa71 Sciencea71 Sp
12、ace Operationsa71 Aeronautics ResearchAdditional Key Phrase(s): a71 Flight Equipmenta71 Ground Operationsa71 NASA Standardsa71 Program and Project Managementa71 Range Operationsa71 Risk Management/Assessmenta71 SpacecraftProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Additional Info: Approval Info: a71 Approval Date: 2004-05-26a71 Approval Name: Leslie Johnsona71 Approval Organization: LARCa71 Approval Phone Number: 757-864-9409Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
