1 / 43

THEMIS MISSION SYSTEM OVERVIEW Dr. Ellen Taylor University of California - Berkeley

THEMIS MISSION SYSTEM OVERVIEW Dr. Ellen Taylor University of California - Berkeley. Overview. Requirement Process Requirement Development and Verification Process Mission Requirements Document (Status, Statistics, Control) Mission Level Requirements Lifetime and Radiation

wylie-avery
Télécharger la présentation

THEMIS MISSION SYSTEM OVERVIEW Dr. Ellen Taylor University of California - Berkeley

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. THEMIS MISSION SYSTEM OVERVIEW • Dr. Ellen Taylor • University of California - Berkeley

  2. Overview • Requirement Process • Requirement Development and Verification Process • Mission Requirements Document (Status, Statistics, Control) • Mission Level Requirements • Lifetime and Radiation • Resource Budgets (Allocations, Tracking and Control) • Contamination Requirements (Magnetics, ESC, Contamination) • Interface Requirements (ICD Document Status) • Test and Verification Requirements (Verification Process) • Fault Tolerance (Reliability analyses - Fault Tree, PRA, FMECA) • Level 1 Science  Error Budgets • Risk Management • Configuration Management • System Change Notices • Major system trades

  3. Requirement Development • Top-Level requirements developed during Phase A • Concept Study Report (CSR) provides basic mission concept • Outlines top-level requirements imposed by science and programmatic objectives • Mission requirements flown down (to subsystem level), formalized and documented early in Phase B • All elements of CSR concept and mission requirements reviewed by development team • Mission Requirements Database (MRD) developed and reviewed • MRD finalized and put under Configuration Control at System Requirements Review (SRR), July 2003 • Subsystem Interfaces and Component Requirements further detailed in Phase B • Interface Control Documents between Subsystems and Institutions • System and Subsystem Specifications (Board Specifications, SOWs, etc) • Mission Plans and Policies (PAIP, Risk Management Plan, FMECA, etc) • Control Plans (Magnetics, ESC, Contamination)

  4. Requirement Verification • Requirement Verification Plans developed in Phase B and C • Development of Verification Matrix ensures a test or analysis is scheduled for all Mission Requirements in MRD • Performance Verification and Environmental Test Plan provides launch and space environments and outlines comprehensive component, subsystem and system level test program • Requirements Compliance and Verification Matrices completed in Phase D • MRD evolves into summary of test program as run • Documents Verification and Compliance Status of all Requirements • Provides direct trace-ability from requirements to test procedures and reports

  5. MRD Status MRD Rev A released at System Requirements Review (SRR) • MRD Rev B released prior to Instrument and Subsystem Peer Reviews • Incorporated SRR Recommendations and RFAs • Added verification plan (Inspection/Analysis/Test) for each requirement • MRD Rev C released at Mission PDR • TBD/TBR List:

  6. MRD Control MRD Change Control • Change history column with each requirement • Detailed change log shows Rev A statement, Rev B statement, etc. • Change log has approval column for check off by Systems and affected Subsystem leads • Parent and Child IDs used to identify affected subsystems Change Statistics • Approximately 800 requirements tracked • Approximately 200 minor changes since SRR (wording, clarifications, deletions) • Approximately 20 major changes since SRR (error budgets, magnetics, timing)

  7. Key Requirement Documents • Interface Control Plans: Sign-off by PDR • Instruments-to-IDPU ICDs (covers software, data, electrical) • Instruments-to-Probe ICDs (covers mechanical, thermal, contamination) • Probe-to-IDPU ICD (electrical and mechanical) • Launch Vehicle ICD (Boeing Mission Specification) • Ground System ICDs (Space-to-Ground link, Ground Station, Data System) • Electrical System Specification: Sign-off by PDR • Provides Electrical Standards for board design • System Plans for grounding, harness, etc. • Contamination Control Plans: Draft by PDR, Sign-off by CDR • Separate Plans for Magnetics, Electrostatic Cleanliness (ESC) and Contamination • Provides contamination budgets, best design practice guidelines and verification plans • Verification Plan and Environmental Spec: Draft by PDR, Sign-off by CDR • Performance Verification Plan • Qualification Philosophy and Test Levels (Acceptance, Qualification, Protoflight) • Vibration/Loads/Shock Environments • Thermal Vacuum/Balance Environments • EMI/EMC/Magnetics/ESC Test Requirements • Mission Simulations and RF Compatibility Testing

  8. Document Status

  9. Mission Requirements • Mission Requirements • Lifetime and Radiation (M-1 to M-4) • Fault Tolerance (M-5 to M-8) • Mission Design (M-9 to M-17 presented later in Mission Design) • Resource Budgets (M-19 to M-28) • Contamination Requirements (M-30 to M-37) • Interface Requirements (M-39) • Test Requirements (M-40 to M-42) • Launch Vehicle (M-43 to M-47, M-62 to M-64) • Ground Station (M-48 to M-58 presented later in Ground System) • Safety (M-64 to M-71 presented later in Safety Splinter)

  10. Lifetime and Radiation From PAIP:Parts shall have a TID tolerance of 33 Krads or more based manufactures data sheet, demonstrated technology hardness, or lot testing. The Radiation Environment for THEMIS: Michael XapsosRadiation Effects and Analysis GroupFlight Data Systems and Radiation Effects Branch/Code 561

  11. Lifetime and Radiation From PAIP: Parts shall be SEL-immune to a LET >37 MeV-cm2/mg, or else shall be protected against damage by a protection circuit. Parts that affect critical functions shall be SEU immune, or else shall use a Triple Modular Redundancy scheme. Parts shall meet these criteria based on manufacturers data sheet, demonstrated technology hardness, or lot testing. The Radiation Environment for THEMIS: Michael XapsosRadiation Effects and Analysis GroupFlight Data Systems and Radiation Effects Branch/Code 561

  12. Orbital Debris Analysis

  13. Resource Budgets - Propellant From THEMIS Maneuver Calculator:

  14. Resource Budgets - Mass From THM-SYS-008 System Mass Budget:

  15. Resource Budgets

  16. Resource Budgets - Mass *Note: TBR added since SRR. Decrease in launch vehicle performance estimate possible. From THM-SYS-008 System Mass Budget:

  17. Resource Budgets - Power From THM-SYS-009 System Power Budget:

  18. Resource Budgets - Data • From THM-SYS-010 • System Data Budget: • Detailed Instrument rates calculated for each Mode (Slow Survey, Fast Survey, Particle Burst and Wave Burst) • Summary Page provides data volume for each Probe by estimating how long Probe will be in different Modes

  19. Resource Margins From System Engineering Management Plan (SEMP): • Contingency is defined as a percentage of resource added to an estimate as a provision for uncertainty. • Contingency is based on the level of maturity:   1. Concept: 25% • 2. Design: 15% • 3. Prior Build: 7.5% • 4. Fabrication: 4% • 5. Flight Build: 2% • Contingency % that doesn’t meet schedule triggers re-allocation and possible release of PM Margin. • Program Managers (PM) Margin is defined as the amount of resource remaining when an estimate plus • the associated contingencies are subtracted from the available quantity.  The project will maintain • appropriate margin at each phase, as shown: 1. Phase A Concept: > 30% • 2. Preliminary Design Review (PDR): > 20% • 3. Conceptual Design Review (CDR): > 15% • 4. Pre-Environmental Review (PER): > 10% • 5. Pre-Ship Review (PSR): 2% to 5% • PM Margin % that doesn’t meet the following Margin Schedule will trigger a project level risk mitigation • plan, resulting in possible descope of mission objectives. Schedule is consistent with historic NASA project trends. NASA Systems Engineering Handbook, SP-6105, 1995, says spacecraft dry mass tends to grow during Phases C and D by as much as 25 to 30 percent. JPL guidelines say that from the Phase B start to launch, growth ranged from 20% to 48%. AIAA Recommended Practice (R-020A 1999) doesn't give mass growth by phase, but by type of calculation, and has 12-30% growth allowance.

  20. Resource Tracking & Control From System Engineering Management Plan (SEMP): • In order to ensure that the design will meet Mission Requirements, Systems Engineering controls the following key resources: • Mass (dry mass, delta-V, propellant margin) • Power • Telemetry (data budget) • RF Link Margin • Resource Requirements have been flowed down to the Probe, Probe Carrier, and Instrument Payload in the MRD. Each Instrument and Probe Subsystem includes: • Current Best Estimate (CBE), updated periodically as the design matures • Contingency, based on design maturity, following schedule outlined in SEMP • System not-to-exceed allocation (current CBE + contingency) documented in Mission Requirements Database • Sum of not-to-exceeds is less than the System Capability providing Program Managers Margin held at UCB • All Resources closely tracked throughout program • Continually tracked and updated by System Engineers (Probe and Instrument) • Periodically (once a month) reported to and reviewed by MSE and PM • Periodically (once a month) reported to NASA Mission Manager

  21. Magnetics From THEMIS Magnetics Contamination Control Plan: Figure 2-2: AC magnetic noise level requirement (solid curves) and goal (dashed curves) at 1m from the spacecraft. Ordinate is frequency in Hz. Abscissa is amplitude spectral density in nanoTeslas per root Hz. Figure 2-1: FGM and SCM sensitivity at the sensor location (1m and 2m respectively). Ordinate is frequency measured in Hz. Abscissa is amplitude spectral density in nanoTeslas per root Hz.

  22. Magnetics • THEMIS Magnetic Cleanliness Program: • Magnetics Control Board Established (Vassilis Angelopoulos, UCB; Ellen Taylor, UCB; Paul Turin, UCB; Tom Ajluni, SA; Mike McCullough, SA; David Jeyasunder, SA; Bob Snare, UCLA; Chris Russell, UCLA ) • Bi-weekly meetings held to coordinate all relevant activities • Main Offenders List and Preliminary Magnetics Budget Established • Budgeting was based on a survey of THEMIS components and identifying the main offenders listed below in decreasing order for each group: • Special considerations and activities to be taken (testing, modeling, analysis) for each of these major offenders are described in Magnetic Contamination Control Plan • Magnetic Verification and Test planning in progress

  23. Electrostatic Cleanliness • From THEMIS Electrostatic Cleanliness Specification: • Requirement: The maximum tolerable variation in potential across the surface of the THEMIS spacecraft, dVmax, shall be 1 Volt, with a goal of 0.1 Volts • Flow-down: No exposed components (solar cells, thermal coatings, boom appendages and sensors, exposed portions of instruments, spacecraft hardware, cables) shall charge to potentials in excess of the maximum tolerable variation with respect to the mean spacecraft potential, and all exposed surfaces shall be tied together into a single conductive surface. • Adherence: Upper bounds on bulk resistivity and resistance to ground to meet requirement calculated: • Verification: Adherence to specification is guaranteed by ESC subcommittee, consisting of EFI Lead Scientist and the MSE (at a minimum). End item verification straightforward - measuring resistance between any pair of surfaces.

  24. Contamination • From THEMIS Contamination Control Plan (based on successful FAST program): • Instrument Requirements: • External cleanliness level of 500A per MIL-STD-1246B • ESA & SST purged continuously, not to be interrupted for periods longer than 24 hours • Non-flight covers remain installed at all possible times • Spacecraft Requirements: • Typically maintained at a Visibly Clean, Highly Sensitive level per NASA-JSC-SN-C-0005 • Cleaned to Level 500A per MIL-STD-1246B for instrument integration, occasions when the non-flight covers are removed from ESA and SST • Adherence and Verification: • THEMIS Subsystem Bake-out Plan • Class 100,000 clean area for integration and test • Bagged w/approved material during periods of inactivity or when removed from clean area • Routinely verified by visual inspection with a white lamp per NASA-JSC-SN-C-0005, Revision C

  25. Interfaces From THM-SYS-000 Document List: • Electrical ICDs (Instrument to IDPU) • THM-SYS-103 EFI Digital Fields Board-to IDPU ICD Rev B Signed Off • THM-SYS-104 EFI Boom Electronics Board-to-IDPU ICD Rev B Signed Off • THM-SYS-105 ESA and SST Electronics Card Spec (ICD) Rev A In Review • THM-SYS-106 FGM I/F Requirement Document (ICD) Rev B In Signature Cycle • THM-SYS-107 SCM Interface Control Document (ICD) Rev - In Signature Cycle • Mechanical ICDs (Instrument to Probe) • THM-SYS-108 Probe-to-EFI Radial Booms ICD Rev B In Signature Cycle • THM-SYS-109 Probe-to-EFI Axial Booms ICD Rev B In Signature Cycle • THM-SYS-110 Probe-to-SST ICD Rev B In Signature Cycle • THM-SYS-111 Probe-to-FGM Mag Boom ICD Rev B In Review • THM-SYS-112 Probe-to-SCM Mag Boom ICD Rev B In Review • IDPU to Probe Interface • THM-SYS-101 IDPU/ESA-to-Probe ICD Rev F Signed Off • Flight to Ground ICDs • THM-SYS-102 Command Format Specification Rev A In Review • THM-SYS-115 Telemetry Data Format Specification Rev C In Review

  26. Test and Verification • From THEMIS Systems Engineering Management Plan: • Verification Program • Applies to all technical requirements stated in MRD and associated documents • Each item in MRD has fields for verification method, procedure, and result • All associated documents will include verification matrix, containing same criteria • Verification Methodology • Verification of requirements is by inspection, analysis, demonstration, test or combination • Tasks for each method include: establishing the criteria; preparing plans and procedures; implementing; and documenting the results. • Verification Levels • Verification will be performed at one or more of following levels: Assembly, Subsystem, Element, Space Segment

  27. Test and Verification • From THEMIS Systems Engineering Management Plan: • Verification Plan and Environmental Test Specification • Document shall define the environmental test tolerance limits at each level of assembly • Contains the parameters associated with environmental tests and analysis planned, including: • Test conditions (i.e. temperature, cleanliness) • Environmental levels • Durations • Functional operations • Safety and contamination precautions • Instrumentation • Procedure/Report Requirements • Parameters apply to the following tests described in the specification: • Shock test requirements • Acoustic excitation levels • Qualification and acceptance vibration test levels • Electromagnetic test levels • Thermal and thermal vacuum test profiles including hot and cold soak durations, transitions, etc. • Life testing

  28. Test and Verification From THEMIS Systems Engineering Management Plan: Systems Engineering is responsible for preparing the CPT. The purpose of the CPT is to ensure that the Instrument Payload and Probe Bus are completely functionally tested and ready for environmental tests. It is also used as part of the validation process during environmental tests. This plan combines all test plans associated with the Probe, and is based on the tests identified in lower level Instrument Calibration Plans…. From Swales I&T Flow - RevB:

  29. Launch Vehicle

  30. Error Budgets • Level 1 requirements flow down directly to Instrument performance requirements • In addition, an overall error budget is developed to ensure Level 1’s will be met • From THEMIS Error Budget: • Driving requirement on pointing stability. S-8: Determine the cross-current-sheet current change near the current disruption region at substorm onset … using the planar current sheet approximation with relative (inter-probe) resolution and inter-orbit (~12hrs) stability of 0.2nT. • Inter-orbit stability over 12 hours shall be <0.2nT (relates to FGM sensor only) • IN.FGM-3a: The relative stability of the FGM shall be less than 0.2nT over 12hrs • Inter-probe resolution shall be <0.2deg (relates to knowledge only) • ACS knowledge (FGM internal) shall be <0.1deg (Bx and By) • GS-SOC-13: ACS knowledge (FGM-to-spin axis) shall be estimated to within 0.1 degree every hour using ground-based processing; and • IN.FGM-3b: The relative stability of the FGM shall be less than 0.1nT over 1hr • Mechanical/thermal stability shall be <0.1deg • IN.BOOM-2: Magnetometer Boom stability shall be better than 0.1 degree (includes boom and bus components, i.e. sensor mount to boom, boom thermal stability, boom mount to bus, thermal stability of deck) • Driving requirements on absolute time. Level 1 science objective of onset and evolution of substorm instability to within 30 seconds; the onset time of the auroral breakup, current disruption and reconnection should all be known to within 10 seconds. With a 3 second cadence due to the spin period on the 3 probes in the current disruption region, error on the absolute time must be less than 1 second  • PB.CDH-44: The C&DH subsystem shall maintain Coordinated Universal Time (UTC) with an accuracy of +/- 0.5 sec. • Requirement drives the accuracy of the C&DH oscillator. Oscillator drift then drives how often the probes must be contacted to update the on-board time.

  31. Error Budgets • From THEMIS Error Budget: • Driving requirements on absolute knowledge: S-6. Track between probes the earthward ion flows (400km/s) from the reconnection site and the tailward moving rarefaction wave in the magnetic field…with sufficient precision of… B to within 1nT… • Requires absolute FGM orientation on one probe to 1deg (translated from 1nT in 10nT field, near the current sheet where flows and current disruption measurements are made). • Bus stability (Probe Z axis-to-Izz principle axis) and Magnetometer drift (drift is 0.2nT/300nT, or <0.03 deg, at perigee) are considered negligible

  32. Fault Tolerance From THEMIS Maneuver Calculator – Replacement Strategy:

  33. Fault Tolerance • Fault Tree Analysis • Validates and depicts analyzed relationships between probe components and subsystems and associated “block” failure, regardless of cause • Fault Tree Analysis completed in Phase A continues to be valid due to little system architecture change • Probability Risk Assessment (PRA) • Evaluates the likelihood of entering potential failed states • Preliminary PRA performed to trade internal bus architecture and validate reliability related to minimum and nominal mission lifetime requirements • Component-Level PRA (worst-case electronics board) performed in Phase B on Instrument Payload • Component-Level PRA will be performed in Phase B (prior to CDR) on flight system after all vendors are selected • Failure Mode Effects and Criticality Analyses (FMECA) • Determines potential failure modes, data points required to detect them, and steps that should be taken to mitigate them • Preliminary FMECA performed (THM-SYS-007 THEMIS Failure Modes Effects and Criticality Analysis) • One-day FMECA Technical Interchange Meeting (TIM) with all technical leads scheduled

  34. Fault Tree Analysis

  35. Probability Risk Assessment • PRA String Model used to obtain mission reliability values • Conservative component reliability data from vendors and internal electronics database used to generate individual failure rates • Mission reliability:

  36. FMECA Objectives and Process • FMECA main objectives • Verify redundant paths are isolated or protected such that any single failure that causes the loss of a functional path shall not affect the other functional path or the capability to switch operation to that redundant path • Verify system has no single or redundant interface failure mode, which could affect safety of personnel, or cause catastrophic failure of the launch vehicle • Verify any single point failure have sufficient reliability so as to not compromise the probability of mission success • Identify existing methods of failure detection and any possible need for new methods • Identify any failure modes that may be time critical for corrective action • FMECA process • Performed at subsystem interface level for functional elements (Power, Data, Thermal, Software, Mechanisms) using block diagrams traceable to FMECA worksheets (JPL tool)

  37. COLUMN HEADER DEFINITION FMECA Item Code Unique number assigned to the functional interface under analysis. Interface Concise statement of the functional interface. Potential Failure Modes Concise statement of each failure mode possible. Potential Failure Effects Effects of the failure mode on component, subsystem, system, or LV. Severity (Sev) On a scale of 1-10, the severity of each failure (10=most severe). Potential Cause Concise statement of the potential cause(s) of the interface failure. Probability (Prob) On a scale of 1-10, the probability of the failure occurring. Current Design Controls Examination of the current design as applied to the failure mode. Specifically includes: the detection method for each failure mode; action that may be taken in the event of the failure; description of alternate means of operation; and/or redundancy available after a failure. Detect-ability (Det) On a scale of 1-10, the ability to detect if the failure occurred. Risk Priority Number The combined weighting of severity, likelihood, and detect-ability. Recommended Action Concise statement of response plan as required. Responsibility and Target Completion Date Identification of person responsible to implement response plan by a specific milestone. Action Taken Concise statement of action that was taken. New Sev, Prob, Det, FPN Re-evaluation of failure mode. FMECA Worksheet

  38. FMECA Results • Category Definitions • Category 1 failures include loss of all Probes or potential catastrophic effect on launch vehicle. FPN above 200. • Category 2 failures included loss of one Probe, or significant (de-habilitating) problems. FPN of 20-200. These failures include loss of core functions on one Probe (power distribution, data collection, etc.) • Category 3 failures included significant degradation of baseline science mission. FPN of 10-20. These failures included timing, experiment quality and thermal considerations. • Identification of Problem Areas • Category 1 Failures: None. Only potential single point failure is the separation signal not triggering release or triggering an inadvertent separation of a probe or probes during ascent • Current design control: two of three inhibitors to release a probe • Recommended action: design must be extensively reviewed and tested • Category 2 Failures: Single-string system results in numerous category 2 failures • Current design controls: selected redundancy and graceful degradation where possible (Examples: redundant mag boom deploy, stability proven for one wire boom failure, failed attenuator does not effect minimum science, selective board level redundancy, i.e. either DFB ADC can fail, switch in the redundant, cross-strapped, ADC) • Recommended actions: identification of critical item list and mitigation techniques • Category 3 Failures: Complete loss of an instrument and specific elements of system design that could effect quality of all sensor data result in some category 3 failures • Current design controls: science resilience (minimum mission can still be accomplished with partial or total loss of one or more sensors on different probes), timing analyses, contamination control plans, redundant thermal paths

  39. FMECA Results • Critical Items List • Significant aspect of the potential cause or mechanism of Category 2 failures. Circuit elements are studied from the critical items list and, on a case-by-case basis, the best method for adding redundancy or ensuring reliability is recommended (see Worksheet). • THEMIS Critical Items List (in decreasing order): 1. Separation Signal; 2. Receiver; 3. Transponder; 4. BAU Coldfire; 5. IDPU 8085 6. FPGAs; and 7. FETs • Failure Prevention and Mitigation Techniques • Analysis Techniques • Parts Stress Analysis (PSA): examines all of the components in a circuit to ensure parts operate within their prescribed guidelines under all input conditions assuming standard derating criteria (change in Power Supply voltage, change in temperature, change in load, etc.) • Worst-Case Analysis (WCA): looks at lifetime and performance issues and is appropriate for circuits whose performance degradation cannot be reasonably compensated for • Board-Level Thermal Analysis: detailed look at parts placement on a circuit board; power consumption; conductivity between part leads and part junction; conductivity of circuit board and housing; and reference plate temperature to derive predicted junction temperatures • Timing and Frequency Simulations:simulates FPGA performance under given set of test vectors to ensure adequate timing margin, etc. exists in the design • Test Techniques • Voltage Margin Testing: varies the operational voltage and the operational temperature to values outside those specified • Frequency Margin Testing: clock signals are run from an external function generator and rise time, frequency, and symmetry are adjusted over approximately a 10% range

  40. Risk Management • Continuous Risk Management • Lessons Learned database reviewed • SAI-PLAN-0618 Probe Bus and Probe Carrier Continuous Risk Management (CRM) Plan completed • Swales using web based tool PRIMX for managing risks • UCB Risk Management Plan in progress with help from GSFC • Project uses 5x5 matrix (ranking 1-5 probability and impact) to assess risks • Risk Reporting • UCB will have access to Swales PRIMX tool • Probe and Probe Carrier top 10 risks will be reported to UCB monthly • Report combined with UCB top 10 risks and reported to GSFC Explorers monthly • Project specific risks will be presented during Confirmation Assessment Review (CAR)

  41. Configuration Management • From THM-SYS-011 Configuration Management Plan: • Configuration Identification • Provides schedule of data and document release to facilitate interface and interaction between subsystems and subcontractors • Configuration Accounting • Controlled document, drawing and schematic revisions, ensure formal review process for changes, maintain history • Engineering database control using PDMWorksTM • Security: password protected, typical UCB network protection • Controlled Access: only authorized user can view, add or delete (Read, Write permissions), only one owner at any one time has ability to change document and check it back in • Controlled Revision: automated revision control and history tracking, all previous revisions kept within database • Accountability: maintains log of all persons responsible for any change, addition, or deletion to the database • Configuration Assurance and Verification • Accomplished by end-item inspection and documentation review to determine product compliance with the latest approved baseline • Responsibility relies mainly with the MAM • The THEMIS Performance Assurance and Implementation Plan (PAIP) provides the plans for inspection and test, requirements for end-item acceptance, and procedures for numbering and serializing accepted parts, subassemblies, and assemblies

  42. Configuration Management • From THM-SYS-011 Configuration Management Plan: • Configuration Control • Formal change approval/disapproval implemented to protect against uncoordinated/ unauthorized change • Change process involves an Impact Assessment (IA) followed by a formal approval process. The IA is attached a System Change Notice (SCN) and submitted to the Configuration Control Board (CCB) for approval. • Impact Assessments (IAs): Includes rationale for a change to baseline, summary of impact • System Change Notices (SCNs): Prompts a systematic evaluation of the proposed changes • Problem Failure Reports (PFRs): Initiated after a problem is found, documents impacts, assesses alternatives and provides recommended courses of action • Configuration Control Board (CCB) used for Level 1,2,3 changes • Subsystem trades (level 4) can be made within the resources of the subsystem. Systems Engineer insight and involvement. • Trades that impact subsystem/system interfaces or resource allocations (level 3/level 2) require concurrence by the Configuration Control Board (CCB): Principal Investigator, Project Manager, Mission Systems Engineer (MSE), Probe Systems Engineer, Mission Operations Manager and affected Team Leads. GSFC Mission Manager insight. • Trades that impact Level 1 baseline science/programmatic requirements must include approval by Principal Investigator and GSFC Mission Manager. • Trades that impact Level 1 minimum science/programmatic requirements must include have approval by NASA HQ.

  43. System Change Notices • SCN 001 Propulsion Tank Size Change • Initiated to improve propellant margins by 11.5% • Required EFI spin plane booms to be ‘canted’ by small angle • Increased propellant load from 34.52 to 38.7 kg • Approved • SCN 002 Separation System Change • Initiated to ensure separation system met timing requirement • Required heavier pyro activated clamp band • Increased Probe Carrier mass allocation from 103 to 122 kg • Approved • SCN 003 Thruster Size Change • Initiated to improve maneuver efficiency • Required dynamic instability analysis (Fuel Slosh and Boom Wire “Wiggle”) • Increased Thrusters from 1N to 5N • Approved • SCN 004 SST Envelope Increase • Initiated to ensure full SST FOV is accommodated • Required reduction in minimum static clearance between probes kept by Swales (3.8 in vs. 4 in) • Approved • SCN 005 ACS Stability • Initiated after recent dynamic simulations • Requires further verification of mass properties and analyses • If problem does exist, axials can be shorted or radials lengthened with little system impact • On-going

More Related