1 / 19

NASA PRA Practices and Needs for the New Millennium International Space Station Probabilistic Risk Assessment Stage 7A

NASA PRA Practices and Needs for the New Millennium International Space Station Probabilistic Risk Assessment Stage 7A. October 25-26, 2000. Purpose of ISS PRA. Provide a decision support tool for the ISS program that evaluates safety and mission assurance risk Objectives

pakuna
Télécharger la présentation

NASA PRA Practices and Needs for the New Millennium International Space Station Probabilistic Risk Assessment Stage 7A

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NASA PRA Practices and Needsfor the New MillenniumInternational Space StationProbabilistic Risk AssessmentStage 7A October 25-26, 2000

  2. Purpose of ISS PRA • Provide a decision support tool for the ISS program that evaluates safety and mission assurance risk • Objectives • Provide risk data across ISS functions/systems (useful to operations planners as well as follow-on development managers) • Ensure synergy with ongoing safety, reliability, and risk management activities • Scope • Develop the PRA in phases (allows for strategic/tactical changes to approach) • Consider only the catastrophic end states of loss of station, crew, module, or mission • Incorporate existing safety and reliability data

  3. PRA Products • Risk model capable of assessing risks due to changes in ISS configuration, operations, or environmental factors • Probability distribution functions (including median values, mean values and uncertainties) for the end states, events, and accident scenarios • Trade and sensitivity analyses (i.e. effects of: system upgrades; risk mitigation strategies; modeling assumption changes etc.) • Identification of any discrepancies found in existing safety and reliability analyses (provides independent check)

  4. Phased Approach

  5. Definitions • Event Sequence Diagram (ESD) - ESDs show the progression of an initiating event to all the possible end states. • Initiating Event - Initiating events begin the event sequences. • Single component failure or a combination of failures • Start of a procedure • Energetic external event • Pivotal Event - Pivotal events are those that must occur in order to prevent the initiating event from propagating further. These may take the form of safety systems, procedural steps, crew or ground intervention, physical conditions, or time constraints. • End States - Terminating point of an event sequence. An ESD can have multiple end states. • Sequence - Accident scenario. A path through the ESD from initiator to a bad end state • Basic Events - Lowest quantified part of the model

  6. Model Philosophy • Stage 7A (including previous stages) is assembled correctly • All equipment is operational at start of 7A • Structural failures are not credible • Spares noted in logistics plans are on station • Repair actions incorporate • restoration of initiating events • restoration of onboard spared items • Human errors are not initiating events • They do contribute to pivotal events • Russian EVA resources not available • Procedures do not yet show the use of these assets • Software is perfect for this iteration of the model

  7. Stage 7A Configuration • Airlock is attached and functional • Model includes: • 3 Crew members • 8 Months of operations • 3 Progress dockings • 3 Orbiter dockings • 2 Soyuz dockings • 1 Soyuz port change • 1 Avoidance maneuvers • 2 Reboost burns • 3 EVAs

  8. End State Definitions • Station and Crew are Functional (OK) • This end state signifies that the station is still working with the flight rule constraints • Loss of Station and Crew (LOS/C) • Catastrophic loss of the station and crew • Loss of Crew (LOC) • Resultant loss of a crew-member • Also includes the inability to evacuate the station due to evacuation end state and the unavailability of either Soyuz or Orbiter to perform such a task

  9. End State Definitions • Evacuation End States (EVAC) • Emergency Evacuation • An emergency situation exists and warrants station evacuation. These situations are characterized by short response times and are captured in Flight Rules. • Flight Rule Evacuation • Evacuation as a set of conditions are met. Some Flight Rules state that certain conditions must be satisfied but do not identify further action, while others state that further discussion with the ground is required. • Medical Evacuation • Evacuation of the station is dictated by a medical condition of one of the crewmembers. At Stage 7A all three crewmembers must evacuate together since only one Soyuz is available.

  10. End State Definitions • Other Undesired End States (OUE) • Collection of end states, while neither catastrophic nor an evacuation, still represent a “bad day”. These include: • The shut down of any pressurized module • as dictated by flight rule • as result of MMOD • The loss of either US or RS distributed systems Electrical Power Attitude Control Command & Data Handling Thermal Control Guidance & Nav Communications Environmental Control and Life Support Propulsion • Loss of a function such as • ability for Orbiter, Progress, or Soyuz to dock • ability to reboost • insufficient O2 or N2 reserves

  11. ISS PRA Approach Flow Diagram Integrates operational models and hardware configuration to provide results

  12. Master Logic Diagram

  13. ISS PRA Model ISS PRA Model End States Probabilities based on: • Housekeeping ESDs • EPS • TCS • GNC • C&DH • ECLSS • ACS • Medical Continuous operations Gathered across all ESDs Results Probabilities and dependency interactions Per demand • Procedural ESDs • Orbiter Docking • Soyuz Docking • Progress Docking • Reboost • EVAs PRA Stage 7A Model status 65 Event Sequence Diagrams ~450 Fault Trees ~1500 Basic Events 28 Unique Bad End States ~400 Sequences >2 million Cut-sets • Energetic Hazard ESDs • MMOD • Radiation • Fire • Toxic Occurrence frequency

  14. Failure Path Initiator Pivotal Event End State ESD Example - O2 Generation

  15. Fault Trees - CDRA Fault trees trace failures into supporting systems such as the DDCUs

  16. Quantification • For each Basic Event, the probability of failure is calculated within a given time period • Pr = e-t • where: l = failure rate (failures/hours) • t = mission time • Failure rates and probabilities • Derived from a number of sources to give a mean and distribution • MADS - ISS logistics approved • NPRD - Nonelectronic Parts Reliability Data • EPRD - Electronic/Electrical Parts Reliability Data • Russian R&M reports RE-03, R-10-R02 • Probability distributions reflect the uncertainty in knowing the time of the next failure • Typically 5th and 95th percentiles of log-normal failure rates

  17. Basic Event Quantification Many data points are combined to derive the mean failure rate and its distribution

  18. Quantification (Updating) Component failure rates are updated with actual failure experience on-orbit

  19. Significance of Results • MMOD is > 90% of risk of LOS • Majority of risks do not lead to catastrophic end states • Numbers over estimate the risk of non-catastrophic end states since many options may still be available to the crew and ground once end states are reached • Not meeting flight rules triggers end states • Ops documentation still in development • Several top sequences are driven by having no power jumper to the airlock • Failure of external US power channel 2B prevents an EVA and therefore power is not repairable • No Russian EVA (not in flight rules or procedures) • Lacks fidelity on Russian segment

More Related