1PFP IPDR 2010/6/14 - 16

Particles and Fields Package (PFP)Instrument Preliminary Design Review

Safety and Mission Assurance

Jorg Fischer, PFP SMA Manager

2PFP IPDR 2010/6/14 - 16

PFP QA Organization

Quality AssuranceQuality Assurance

Build ConfigurationVerification

Build ConfigurationVerification

ESD Control ESD Control

PFP SMA Manager

PFP SMA Manager

SafetySafety

ConfigurationManagementConfigurationManagement

Documentation and Records

Documentation and Records

PMPCB, FRB, MRBPMPCB, FRB, MRB

Training andCertification

Training andCertification

Personnel Safety

Personnel Safety

Flight HardwareSafety

Flight HardwareSafety

Lab InspectionsLab Inspections

ContaminationControl

ContaminationControl

Support Flight H/W& S/W QA Testing

Support Flight H/W& S/W QA Testing

Quality AssuranceEngineer Team

Quality AssuranceEngineer Team

PFP Project

ManagerLASP SMA ManagerLASP SMA Manager

CESR SMA Manager

CESR SMA Manager

GSFC SMA Manager

GSFC SMA Manager

Inspections, AuditsInspections, Audits

Support lessonsLearned

3PFP IPDR 2010/6/14 - 16

Responsibilities of Mission Assurance

• Non-Conformance Control – PFR Reporting and Review• Material: Selection, Procurement, Traceability Controls• Calibration Control• ESD Control• Configuration Management and Data Control• Manufacturing and Test Control• Internal and External Auditing• Contamination Control • Software Assurance• In-process Inspections, Test Monitoring• Integration Test Readiness Review / Test Witness• Verification and Environmental Test Review• Final Acceptance Data Package• Training and Lessons Learned

4PFP IPDR 2010/6/14 - 16

Mission Assurance Implementation Plans

Mission Assurance Implementation Plans (MAIP) Status

SSL, LASP, CESR have submitted a MAIP indicating how SSL will implement the MAVEN Mission Assurance Requirements– SSL: MAVEN_PF_QA_002– LASP/LPW: MAVEN-RSS-PLAN-0038– CESR/SWEA: SWEA-PL-32100-CESR-001-GEN– GSFC/MAG: pending– Result of many iterations between Project SMA & PFP– In review at Project– Includes a compliance verification matrix, deliverables list

5PFP IPDR 2010/6/14 - 16

SMA Requirements and Documentation

1. GENERAL1.1. Basis and Scope of the Plan1.1.1. CESR1.2. General Requirements1.3. Use of Previously Designed,

Fabricated, or Flown Hardware1.4. Flow-Down of MA Requirements1.5. Surveillance1.6. SR&QA Verification1.7. Status Reporting1.8. Applicable Documents (Appendix A)2. ASSURANCE REVIEW

REQUIREMENTS2.1. General Requirements2.2. GSFC Flight Assurance Review

Requirements2.3. Flight Assurance Review Program3. PERFORMANCE VERIFICATION

REQUIREMENTS3.1. General Requirements3.2. Documentation Requirements3.2.1. Verification Matrix3.2.2. Verification Test Plan3.2.3. Verification Test Procedures3.2.4. Verification Test Report3.3. Demonstration of Failure-Free

Operation3.4. Comprehensive Performance Test4. SAFETY4.1. General4.2. System Description and Safety

Assessment Report4.2.1. Preliminary Safety Assessment4.3. Procedure Approval4.4. Safety Noncompliance Requests4.5. Safety Working Group Meetings4.6. Safety Data Package, Launch Site

Safety Plan, and Orbital Debris Assessment

4.7. Mishaps4.8. Assessments

5.1. PARTS SELECTION5.1.1. EEE Parts Identification List5.2. Other Parts5.2.1. Magnetic Devices5.2.2. Plastic Encapsulated Microcircuits (PEMs)5.2.3. Units and Subassemblies5.2.4. Field Programmable Devices5.2.5. PIND Testing5.2.6. Destructive Physical Analyses (DPA)5.3. Ceramic Capacitors5.4. Derating5.5. Radiation Tolerance5.6. Alerts5.7. Parts Age Control5.8. Parts Control Board6. MATERIALS AND PROCESSES CONTROL

REQUIREMENTS6.1. Selection Requirements6.1.1. Compliant Materials6.1.2. Noncompliant Materials6.1.3. Conventional Applications6.1.4. Nonconventional Applications6.1.5. Inorganic and Metallic Materials6.1.6. Non-metallic Materials6.1.7. Fasteners6.1.8. Lubricants6.1.9. Consideration in Process Selection6.1.10.Shelf Life Controlled Items6.1.11.Magnetics Compatibility6.2. Documentation6.3. GIDEP Alerts6.4. Materials and Process Control Board7. DESIGN ASSURANCE AND RELIABILITY7.1. Requirements7.2. Implementation7.3. Failure Modes and Effects Analysis7.4. Limited Life Items7.5. Trending7.6. Parts Stress Analysis7.7. Worst Case Analyses

8. QUALITY ASSURANCE REQUIREMENTS8.1. Support of Design Reviews8.2. Configuration Management8.3. Identification and Traceability8.4. Procurement Controls8.4.1. Purchased Raw Materials8.4.2. Age Control and Limited-Life Products8.4.3. Inspection and Test Records8.4.4. Purchase Order Review8.4.5. Re-submission of Non-conforming Materials8.5. Receiving Inspection8.6. Fabrication Control8.6.1. Manufacturing Certification Log8.6.2. Workmanship8.6.3. Process Control8.6.4. Reuse of Parts and Materials8.6.5. Retention of Test Samples and Removed Parts8.7. ESD Control8.8. Non-conformance Control8.8.1. Discrepancies8.8.2. Failures8.8.3. Alert Information8.9. Inspections and Tests8.9.1. Inspection and Test Records8.9.2. Printed Wiring Boards Inspections and Tests8.10. Metrology8.11. Handling, Storage, Marking, Shipping...8.11.1. Handling8.11.2. Shipping8.12. Government Property Control8.13. End Item Acceptance8.14. Ground Support Equipment9. CONTAMINATION CONTROL9.1. Project Requirements9.2. PFP Concerns9.3. Control Plan9.4. PFP Requirements on S/C I&T and Ops10. SOFTWARE ASSURANCEGeneral, Software Development, Documentation,

Software Design Reviews, Configuration Management

6PFP IPDR 2010/6/14 - 16

PFP MAR Checklist

MAR compliance checked and approved MAVEN_PF_QA_001

7PFP IPDR 2010/6/14 - 16

Requirements and Safety

• Flow-Down of MAIP Requirements– SSL, LASP, CESR, GSFC

• Deviations– Materials and Processes requirements, Section 6 of MAIP– Compliance deviations are documented in the MAR checklist

• System Safety– Personnel, facility, and mission safety have been considered.– The Safety Plan has been generated and is in review MAVEN_PF_QA_005B_Safety Plan and MAIP section 4– The safety plan identifies all requirements, planned tailoring

approaches, intended non-compliances, and safety data submittals have been identified.

– There are no safety compliance issues.

8PFP IPDR 2010/6/14 - 16

Suppliers and Alerts

• Suppliers– SSL procures all active EEE flight parts from GSFC– SSL procures passive EEE parts directly from the manufacturer or

through authorized distributors.– SSL requires full traceability on all flight procurements.– Program requirements are flowed through procurement documentation.

Where necessary, procurement documentation may include source control documents (SCDs) and engineering documentation.

• GIDEP Status– SSL will respond to GSFC GIDEP evaluation requests– There are no current GIDEP impacts – no parts on MAVEN are currently

impacted by any Alert or Advisory.– Other Memos and Alerts will be Incorporated, for example: “The use of

brominated polyimide is unacceptable” (Polyimide board material)

9PFP IPDR 2010/6/14 - 16

Alerts Status DB

Alerts Status DB

10PFP IPDR 2010/6/14 - 16

Contamination and ESD Control

Contamination Control– Class 100,00 cleanrooms available– Contamination requirements and preliminary control plans have

been defined, MAIP section 9.– Laminar Flow Benches available– Nitrogen available (Oxygen Sensors fixed and portable)

ESD Control– ESD Control Procedure meets ANSI/ESD S20.20 requirements– SSL_QA_0003 ESD Control Plan– All applicable personnel trained and certified by RMV

Technology: Robert J. Vermillion, CPP-Lifetime Fellow, Certified ESD & Product Safety Engineer.

– Training certifications required for flight work

11PFP IPDR 2010/6/14 - 16

Calibration, Parts and Materials Control

Calibration Control– Calibration Data base– All tools used for PFP flight are under Calibration Control– Blanket PO for the MAVEN– ANSI/NCSL Z540

Receiving Inspection and EEE parts storage SMA implements parts and materials control

– Incoming Inspections (two)– Bonded Flight parts storage– All Flight parts are in a data base– Packaging and shipping provisions to maintain low contamination

exposure and ESD control during transport.

12PFP IPDR 2010/6/14 - 16

Workmanship

Manufacturing, Assembly, and Quality Control of Electronic System will be in compliance to the most recent version of the following technical standards:

NASA-STD-8739.1 Workmanship Standards for Staking and Conformal Coating of Printed Wiring Boards and Electronic Assemblies NASA-STD-8739.2 Workmanship Standard for Surface Mount Technology NASA-STD-8739.3 Soldered Electrical Connections NASA-STD-8739.4 Crimping, Interconnecting Cables, Harness, and Wiring ANSI/ESD 20.20 Electrostatic Discharge Control

13PFP IPDR 2010/6/14 - 16

Training and Certification

Training and Certification DB

14PFP IPDR 2010/6/14 - 16

EEE parts and Materials

• Parts selection, de-rating, screening, and qualification test criteria are defined

EEE Parts per GSFC-311-INST-002 add1, Level 2– Parts derating, Parts age control, Parts control board– Radiation tolerance per MAIP section 5.5– Alerts– Tests, Test Data & EIDP– Photos

Materials and Processes Controls– Hazardous materials requirements– Vacuum outgassing requirements– Approved Materials & Processes lists– Limited Life items List– Alerts, Shelf Life Controls– Material Certs

15PFP IPDR 2010/6/14 - 16

EEE parts and Materials

• EEE Parts DB

16PFP IPDR 2010/6/14 - 16

EEE parts and Materials

Materials List DB

17PFP IPDR 2010/6/14 - 16

Inspections and Audits

Audits and Mandatory Inspection Points

Audits Vendor Audits, Compliance Audits (Safety, ESD, Configuration

Control, Traceability, Non-Conformance, Calibration), Interface with External Audits, Assembly Traveler data package at each inspection point

Inspections Incoming/Receiving, Flight Kits, Pre-cap, Calibration, Acceptance

and Environmental Test, Software, Interface with External Inspections, Printed Wiring Assemblies, Polymerics, Cables, Harnesses, and Wirinig.

18PFP IPDR 2010/6/14 - 16

Non-conformance Control

Non-conformance Reporting Methods

- Non-Conformance – Problem Failure Report (PFR)- Dispositions include: scrap, rework, return to supplier,

refer to MRB- Processing of Repair or Rework

- Material Review Board (MRB) - PFP MRB - Customer participation and approval required- Dispositions include scrap, rework, return to supplier, repair

by standard or non-standard procedures, use-as-is, request for waiver

19PFP IPDR 2010/6/14 - 16

PFP PFR Process

20PFP IPDR 2010/6/14 - 16

Fault Tree Analysis

• MAVEN_PF_QA_004 Fault Tree Analysis submitted to Project

• Fault Tree based on ‘Instrument Resiliency’ analysis by PI (which flows out of Level 1 requirements)

• Mixture of redundancy (PFDPU, MAG) and the ability to meet mission objectives with backup measurements from other instruments leads to few critical faults

• STATIC is the only component whose failure would result in loss of a mission objective

21PFP IPDR 2010/6/14 - 16

PFP Fault Tree

Loss of MAVEN MissionObjective

Loss of PFDPUCommon Elements

DCBBoardFails

REG BoardFails

Loss ofMAG

MAGSensor

fails

MAGHarness

Fails

MAGHeaterFails

MAGElectronics

Fails

MAGConverter

Fails

Loss ofSEP

Loss ofSWIA

Loss ofSWEA

Loss ofLPW

Loss ofSTATIC

Loss ofNGIMS

White Box - Failure PropagationRed Colored Box - Single Point FailureGreen Colored Box - Redundancy FailureYellow Colored Box - Graceful Degradation

TransferGate

ANDGate

ORGate

Loss of SEPMeasurement

Loss of SWIMeasurement

Loss of SWEMeasurement

Loss of LPMeasurement

SEPSensorFails

SEPElectronics

Fails

SEPHarness

Fails

SEPConverter

Fails

SEP has 2 detectors with separateelectronics and harness, but commonconverter. Loss of one of the twochains results in degradation, but notloss of SEP measurement

SWIAAnalyzer

Fails

SWIA DoorActuator

Fails

SWIA MCPFails

SWIAAttenuator

Fails

SWIASweep

HVPS Fails

SWIADigital Fails

SWIAConverter

Fails

SWIA MCPHVPS Fails

SWIAAnode Fails

SWIAPreamps

Fail

SWIAHarness

Fails

SWEAAnalyzer

Fails

SWEADoor Act.

Fails

SWEAMCP Fails

SWEASweep

HVPS Fails

SWEADigital Fails

SWEAConverter

Fails

SWEAMCP HVPS

Fails

SWEAAnode Fails

SWEAPreamps

Fail

SWEAHarness

Fails

LPWDeployment

Fails

LPW Dep.Act. Fails

LPWHarness

Fails

LPWPreamp

Fails

LPW BoomUnit Fails

LPW BEBFails

LPW DFBFails

LPWConverter

Fails

LPW Has two booms. Loss of oneboom results in degradation but notloss of LPW measurement

PFDPU Backplane connectorsdesigned so that no open or short toan adjacent pin will result in the lossof more than one instrument

SEPSurvivalHeater

SWIASurvivalHeater

SWEASurvivalHeater

LPW DepHeaterFails

Loss of EUVMeasurement

Loss ofEUV

EUVDetector

Fails

EUV DoorFails

STATICAnalyzer

Fails

STATIC DoorActuator Fails

STATICMCP Fails

STATICAttenuator

Fails

STATICSweep

HVPS Fails

STATICDigital Fails

STATICConverter

Fails

STATICMCP HVPS

Fails

STATICAnode Fails

STATICAccel HV

Fails

STATICPreamp

Fails

STATICSurvivalHeater

STATICTDC Fails

No PF failureresults in loss of allMAVEN missionobjectives

22PFP IPDR 2010/6/14 - 16

PFP FMEA

• MAVEN_PF_QA_007 FMEA / CIL/ CICP submitted to Project

• Component-level FMEA performed on PFP, concentrating on the interfaces

• A total of 78 failure mechanisms were analyzed• No Criticality 1 failure modes found• Several criticality level 2R failure modes• Only STATIC had 2 critical failures modes

– STATIC was analyzed down to the subsystem level– An additional 22 failure modes were analyzed– Puts STATIC is on the Critical Items List for PFP

• A second STATIC was considered, but there were insufficient project resources to accommodate it

23PFP IPDR 2010/6/14 - 16

FMEA Criticality Definitions

Category Severity Description 1 Catastrophic Failure modes that could result in serious injury, loss of

life (flight or ground personnel), or loss of launch vehicle. 1R Failure modes of identical or equivalent redundant hardware items that

could result in Category 1 effects if all failed. 1S Failure in a safety or hazard monitoring system that could cause the

system to fail to detect a hazardous condition or fail to operate during such condition and lead to Category 1 consequences.

2 Critical Failure modes that could result in loss of one or more mission objectives as defined by the GSFC project office.

2R Failure modes of identical or equivalent redundant hardware items that could result in Category 2 effects if all failed

3 Significant Failure modes that could cause degradation to mission objectives

4 Minor failure modes that could result in insignificant or no loss to mission objectives.

24PFP IPDR 2010/6/14 - 16

FMEA Worksheet

MAVEN_PF_QA_006A_FEMA

25PFP IPDR 2010/6/14 - 16

Preliminary Hazard Analysis (PHA)

• MAVEN_PF_QA_009, PFP Preliminary Hazard Analysis submitted to Project

• High Voltage Hazard– SWEA, SWIA, STATIC have significant HV (up to 15kV)– Not a personnel safety issue (no exposed HV)– Can damage the instrument if HV powered on in Air– Green-tag enable plugs prevent accidental power-on

• Radiation Sources– Used for SEP CPT– Small hand-help low activity sources– Handled by trained and qualified personnel– Not used at launch site

• Non-explosive Actuators (NEA)– Use spacecraft pyro system to limit risk of accidental actuation– SWEA, SWIA, STATIC covers – risk of instrument contamination if

opened inadvertently on the ground– LPW – risk of damage to instrument, some small risk of harm to

personnel if deployed inadvertently on the ground– Red-tag safety pin prevents accidental deployment

26PFP IPDR 2010/6/14 - 16

Mission Assurance Summary

Experienced Personnel provide oversight and technical support across all elements of PFP Project

Mission Assurance Requirements are well defined and comprehensive.

These are traditional requirements for SSL Missions and they are understood.

Systems with experienced personnel are in place and operating.

The Mission Assurance team

is ready to support MAVEN PFP