Probabilistic Risk Assessment (PRA)Mathew Samuel

NASA/GSFC/MEI(301) 286-6475

Mathew.V.Samuel.1@gsfc.nasa.gov

Mission Success Criteria & PRA Activities

Full & Minimum Mission Success Criteria

Reliability Block Diagrams

Master Logic Diagram

Fault Tree Analysis

Failure Modes & Effects Analysis

4 Scientific Objectives

17 Measurements Required

11 Groups of Imagers & Sensors

Reliability Predictions

PRA Activities

Level 1 Science Requirements

DesignFull & Minimum Mission

Success Criteria

- What can go wrong?

- How likely is it?

- What are the consequences?

• For Minimum Mission Success, Both Spacecraft are Required During the First 240 Days and Either Spacecraft is Required From 240 – 820 Days

• For Full Mission Success, Both Spacecraft are Required From 0 – 820 Days

Level 1 Science Requirements

Full Mission (0-820 days)/Minimum Mission (0-240 days) Reliability Block Diagram (RBD)

IMPACT Items in Gray

A – AheadB – Behind

Full Mission (0-820 days)/Minimum Mission (0-240 days)

Measurements F, G

IMPACT Items in Gray

A – AheadB – Behind

Full Mission (0-820 days)/Minimum Mission (0-240 days)

Measurements H, I

IMPACT Items in Gray

A – AheadB – Behind

Full Mission (0-820 days)/Minimum Mission (0-240 days)

Measurement J

IMPACT Items in Gray

A – AheadB – Behind

Full Mission (0-820 days)/Minimum Mission (0-240 days)

Measurement K

IMPACT Items in Gray

A – AheadB – Behind

Minimum Mission RBD (240-820 days)

IMPACT Items in Gray

A – AheadB – Behind

Mission Master Logic Diagram

Gate1

Loss of STEREO Mission

Gate15COR2, HI1 Combination

M:2:4

Gate16COR2, HI2 Combination

M:2:4

Gate17HI1, HI2 Combination

M:2:4

Gate18HI2, SWAVES Combination

M:2:4

Gate19HI1, SWAVES Combination

M:2:4

Gate20HI1, HI2 Combination

M:2:4

Gate21STE-U/D, SEP Combination

M:2:4

Gate22SWAVES Combination

Gate23SWEA, PLASTIC Combination

M:2:4

Gate24SWAVES Combination

Gate27SWAVES Combination

Gate28MAG Combination

Gate25SWEA, PLASTIC Combination

M:2:4

Gate26HI2 Combination

Gate12COR1, EUVI Combination

M:2:4

Gate13COR1, COR2 Combination

M:2:4

Gate14EUVI, COR2 Combination

M:2:4

Gate2

Loss of Mission (0-240 days min/0-820 days full)

Gate4Failure to Obtain Measurement 1A

Gate5Failure to Obtain Measurements 1B, 2C1, 2D1, 2E1

Gate6Failure to Obtain Measurements 2C2, 2D2, 2E2

Gate7Failure to Obtain Measurements 2C3, 2D3, 2E3

Gate8Failure to Obtain Measurements F, G

Gate10Failure to Obtain Measurement J

Gate29COR1 - A

Gate31EUVI - A

Gate33COR2 - A

Gate35HI1 - A

Gate37HI2 - A

Gate39STE-U/D - A

Gate41SEP - A

Gate43SWEA - A

Gate45PLASTIC - A

Gate47SWAVES - A

Gate49MAG - A

Gate51SEB

Can't Exceed 30C

Gate58IDPU Data Controller Board

Gate53STE-U - A

Gate54STE-D - A

Gate55SEP Common Electronics

Gate57SWEA/STE-D I/F Card

+28VSpacecraft

+28VSpacecraft

Gate60LVPS/STE-D Bias

Gate56

LVPS (UCB)

+28V S/C

Gate59IDPU LVPS/STE-U Bias

Gate61IDPU STE-U DIB Card

Gate63IDPU MAG Front-End

Gate62MAG Heater Supply

+28VSpacecraft

Gate68SIT - A

Gate28Antenna Ex

Gate29Antenna Ey

Gate30Antenna Ez

M:2:3

Event59EMC

Ex BrakeEx DADEx SMA ReleaseEx Trap Door

Ey BrakeEy DADEy SMA ReleaseEy Trap Door

Ez BrakeEz DADEz SMA ReleaseEz Trap Door

Gate30COR1 - B

Gate34COR2 - B

Gate36HI1 - B

Gate38HI2 - B

Gate44SWEA - B

Gate46PLASTIC - B

Gate48SWAVES - B

Gate50MAG - B

Event11MEB EUVI Mechanism Card

Event9SCIP CEB COR1 CCD Driver

Event10MEB COR Mechanism Card

Event13SCIP CEB EUVI CCD Driver

Gate52Guide Telescope

Event3

Housekeeping Card

Event4

Spacewire Card

Event5

Power Supply Card

Event7

Backplane

Event14

SCIP CEB Power ConverterEvent12

SCIP CEB COR2 CCD Driver

Event15

SCIP CEB Camera Interface Card

Event17

HI CEB HI-1 CCD Driver

Event16HI Baffle Cover Assembly

Event18

HI CEB HI-2 CCD Driver

Event19

HI CEB Power Converter

Event20HI CEB Camera Interface Card

Event26S/C-IDPU 1553 Bus

Event25BOOM

Event24SSD Bias

Event22

SEP MISC CPU, SRAM,EEPROM Event23

Analog/Post-Regulator

Event21

I/F to IMPACT DPU

Event32

PAC HV Power Supply

Event33

MCP HV Power Supply

Event31S-Channel PS

Event34

Event Selection

Event36

ClassifierEvent37

IDPU Interface

Event35

Instrument Control

Gate76

Gate72TOF SWS Function

Event39

TOF SWS

Event40

SSD HV Power Supply

Event41

TAC PWA 1Gate73

Anode 1 & Anode 2

Gate74TOF WAP Function

Event44

TOF WAP

Gate75Anode 3 & Anode 4

Gate71TOF SWS & TOF WAP Functions

Event29Defl. Sweep PS 1 Defl. Sweep PS 2

Event30

Gate70ESA Sweep PSs

Event27ESA SWEEP PS 1

Event28ESA SWEEP PS 2

Gate77

LVC Box

+28VSpacecraft

Gate40STE-U/D - B

Gate64SEPT-NS - A

Gate65SEPT-E - A

Gate66LET - A Gate67

HET - A

Gate79Sensor

Event604 (+4 redundant) photodiode pramps

Gate80EUVI Assembly

Event61EUVI Door Assembly

Event62EUVI Op. Heaters & Thermistors

Event63EUVI FPS PZTs

Event64EUVI Tel. Mechanisms (3)

Event65EUVI Focal Plane Assembly

Event66

EUVI Decontamination Heater

Gate81COR1 Assembly

Event67COR1 Op. Heaters & Thermistors

Event68COR1 Focal Plane Assembly

Event69COR1 Decontamination Heater

Event70COR1 Tel. Mechanisms (2)

Event71COR1 Door Assembly

Event72COR2 Door Assembly

Event74COR2 Tel. Mechanisms (2)

Event75COR2 Focal Plane Assembly

Event76COR2 Decontamination Heater

Event77HI1 Op. Heaters & Thermistors

Event78HI1 Focal Plane Assembly

Event79HI1 Decontamination Heater

Gate84HI2 Assembly

Gate83HI1 Assembly

Event80HI2 Op. Heaters & Thermistors

Event81HI2 Focal Plane Assembly

Event82HI2 Decontamination Heater

+28VSpacecraft

Gate85

Power Interface Card

Gate82COR2 Assembly

Event73COR2 Op. Heaters & Thermistors

Event84

Door Open During Thruster Firings

Event85

Door Open During Thruster Firings

Gate42SEP - B

Gate3

Loss of Mission (240-820 days min)

Gate86HVPSs

Softwaremay turn onHVPSs atwrong time

FMEA:500.1 -500.4,500.6

Event1

1553 Card

Gate87

Software

Event8

Computer fails to boot;s/w component failure

Reload of Software

IEEE 1553 code stored inmultiple locations (BootSUROM and EEPROM)

permitting reload of software

FMEA:207.1

FMEA:207.2

Interpolation and modelingof time error

FMEA:207.3

Event86

IEEE I/F to S/C intermittent;s/w component failure

Event87

Time error, fails to collect imagedata synchronously with other s/c;

s/w component failure

Event83

Door Open During Thruster Firings

Gate32EUVI - B

Gate69Deflection Sweep PSs

Event2

RAD750 Processor Card

Event50Ez Preamp

Event49Ey Preamp

Event48Ex Preamp

Gate27Antennae Assembly

Highvoltage arc-over due to

part orinsulation

breakdown

Gate11Failure to Obtain Measurement K

Gate9Failure to Obtain Measurements H, I

Anode 1Anode 2

Event45

TAC PWA 2

Anode 3Anode 4

Event51HFR Board

Event58Backplane

Event90LFR

Event92TDS Analog Bay

Event52TDS Board

RAMROMDPU-DSP I/F

Gate92DSP Board

RAMROM

Gate93CPU

Gate78Main Electronics Box

1553Burst RAMDPU-DSP I/F

Gate94I/O Board

+28VSpacecraft

Gate57DC-DC Power Converter

EventSpacecraft - A

EventSpacecraft - B

IMPACT Items in Gray

White Box - Failure PropagationRed Colored Box - Single Point FailureYellow Colored Box - Graceful DegradationGreen Colored Box - Redundancy Failure within InstrumentYellow Outline Box - Ground Contingency ProcedureBlue Outline Box - Onboard Fault Detection & Correction

IMPACT Master Logic Diagram

OR Gate

AND Gate

Basic Event

Undeveloped Event

White Box - Failure PropagationRed Colored Box - Single Point FailureYellow Colored Box - Graceful DegradationGreen Colored Box - Redundancy Failure within InstrumentYellow Outline Box - Ground Contingency ProcedureBlue Outline Box - Onboard Fault Detection & Correction

Gate39STE-U/D - A

Gate41SEP - A

Gate43SWEA - A

Can't Exceed 30C

Gate58IDPU Data Controller Board

Gate53STE-U - A

Gate54STE-D - A

Gate55SEP Common Electronics

Gate57SWEA/STE-D I/F Card

+28VSpacecraft

+28VSpacecraft

Gate60LVPS/STE-D Bias

Gate56

LVPS (UCB)

+28V S/C

Gate59IDPU LVPS/STE-U Bias

Gate61IDPU STE-U DIB Card

Gate63IDPU MAG Front-End

Gate62MAG Heater Supply

+28VSpacecraft

Gate68SIT - A

Event26S/C-IDPU 1553 Bus

Event25BOOM

Event24SSD Bias

Event22

SEP MISC CPU, SRAM,EEPROM Event23

Analog/Post-Regulator

Event21

I/F to IMPACT DPU

Gate64SEPT-NS - A

Gate65SEPT-E - A

Gate66LET - A Gate67

HET - A

Gate86HVPSs

Softwaremay turn onHVPSs atwrong time

FMEA:500.1 -500.4,500.6

Highvoltage arc-over due to

part orinsulation

breakdown

Gate49MAG - A

IMPACT FMEA

Analysis Results (1 of 3)

• Reliability Block Diagrams– IMPACT has backups to obtain measurements for the mission

• SWAVES, PLASTIC, and SECCHI – HI2

– Combination failures of SWAVES and either IDPU DCB or IDPU LVPS will lead to the loss of measurements F, G, H, I and K

– Combination failures of SWAVES and any of the following IMPACT items will lead to the loss of measurement K: MAG, IDPU Front-End Electronics Card, IDPU MAG Heater Supply Card, IDPU DCB, IDPU LVPS, or the BOOM

– Enables the calculation of mission reliability

• Reliability Predictions– Identify reliability drivers based on failure rate calculations

• Reliability drivers to be provided at the Observatory CDR

• Graceful degradation elements turn out to be robust due to backups

– Reliability predictions used in other PRA activities for the mission

Analysis Results (2 of 3)

• Master Logic Diagram (MLD)– Top-down, identification of what causes mission failures and categorized into Single Point

Failures (SPF), graceful degradation failures and redundancy failures. MLD includes non-parts related causes (those not evaluated by RBDs, FTAs and reliability predictions, like operator/software and environment).

• IMPACT provides graceful degradation modes for the mission• BOOM could be a SPF, if partially deployed

– MAG, STE-D, SWEA cannot provide accurate data– Could cause pointing accuracy degradation which affects SECCHI instruments– Analysis being performed with Boom partially deployed

• No operator induced failures identified• Considered time critical contingency procedures and on-board autonomy rules necessary to save

instrument after first failure– Turning instrument off if a “Blabbermouth” condition occurs

• Fault Tree Analysis (FTA)– Minimal cut set analysis identifies and ranks single & combination failures along with

probabilities for loss of mission• Confirm failures identified in RBD and Master Logic Diagram • Confirm likelihood of failures by ranking from the highest contribution to unreliability to the

lowest

Analysis Results (3 of 3)

• Failure Modes and Effects Analysis (FMEA)– Bottom-up analysis of postulated failures and their consequences

• Cross checked MLD and causes of failures with FMEA consequence of lower level failures

• Considered propagation of failures from instrument to spacecraft – Power - Spacecraft fuse blows

– Data - Corrupt 1553 bus, consider protection from “Blabbermouth” on the bus

– Cross-checked spacecraft I/F ICD and FMEA causes

• Summary– Any design changes or recommendations? None

– Be sure that we don’t have a latent design or manufacturing problem

Risk Mitigations

• Moving Surfaces (BOOM, Covers)– Instruments have backups– Design margin, redundancy, peer reviews, testing

• Software and Operations– Software is reloadable, should not result in mission loss– Software and operational plan, peer reviews, testing

• Parts Applications– Parts stress analysis per PPL21/MIL-STD-975, peer reviews, testing

• Understanding of Environment– Analysis with single common environment spec, peer reviews, testing

• Workmanship– Inspection to NASA-STD-8739 or equivalent, material and process control, PCB

coupons, testing

• Random Failures– Grade 2 parts, simplicity, robust design with graceful degradation, redundancy, peer

reviews, testing