Pm595 risk management| Risk Assessment| For the International Space Station| | Casey Potter | 12/4/2011| This document will provide a risk assessment, with the use of FTA, for the International Space Station. | Table of Contents I. Introduction………………………………………………………………………………………………………………………… 2 II. Sources of Project Risk in Construction……………………………………………………………………………….. 3 A. Timeline…………………………………………………………………………………………………………………. 3 B. Costs………………………………………………………………………………………………………………………. 4 C. International Collaboration……………………………………………………………………………………. 5 D.
Infrastructure and Complexity of Project……………………………………………………………….. 6 III. Systems to Address in Construction Project Risks………………………………………………………………. 7 A. Technology and Integration……………………………………………………………………………………. 7 B. People……………………………………………………………………………………………………………………. 7 C. Testing and Verification…………………………………………………………………………………………. 8 IV. Catastrophic Failure Fault Tree………………………………………………………………………………………….. 8 A. Catastrophic Failure Fault Tree……………………………………………………………………………. 10 V. Discussion of Catastrophic Failure Fault Tree……………………………………………………………………. 1 A. Reduced Risks………………………………………………………………………………………………………. 11 B. Mitigated Risks…………………………………………………………………………………………………….. 11 C. Avoided Risks……………………………………………………………………………………………………….. 12 VI. Smaller Risk Fault Trees……………………………………………………………………………………………………. 13 A. Fault Tree Two: Risk of Collision…………………………………………………………………………… 13 B. Discussion of Fault Tree Two……………………………………………………………………………….. 14 C. Fault Tree Three: Fire…………………………………………………………………………………………… 15 D. Discussion of Fault Tree Three……………………………………………………………………………… 16 VII.
Summary…………………………………………………………………………………………………………………………… 17 VIII. Work Cited………………………………………………………………………………………………………………………… 18 I. Introduction One of the most challenging aspects of a project is meeting requirements and milestones for schedule, cost, and scope. As the chosen contractor for the International Space Station (ISS), which can be viewed as one of the largest and complex project of our time, an aggressive risk analysis must be implemented. The ISS is an ongoing mission that incorporates changing technological advances along with multiple designs of hardware, software and structural systems.
The project design, development and construction started in the year of 1980, with operations continuing until 2016 and beyond (Bacon, J. Boyle, J. , and Stockman, B. 1982. Page 3). The complexity, testing and verification process, length, changes in regulation and personnel, politics, international relationships, and government funding, presents a mind boggling amount of risk to consider for the project. Because of the many factors involved with this intense and world changing project, the cost of failure is extremely high. This project differs from any ordinary project; it gives us space exploration and combines our countries together.
It is the “largest single international engineering project in history and has direct participants of 16 nations, 88 launches and 160 space walks” (Jenkins, M. 2000. Page 3). NASA depends heavily on the contractors it chooses and the services range from the technical support of the station’s integrations to the vehicle operations for space flights. “The contractors are the source of data and expertise that are critical in ensuring mission safety and success. Their timely participation is the essential to meeting mission schedules” (Safety Task Force. 2007.
Page 1). High level risk management must be in place and must meet all procedures and guidelines set out by NASA, the Safety Task force, Governments, International Partners and all contractors involved. “Several authors describe that the nature of risk management and the challenges generated by its theoretical and practice have been in a state of evolution for the past 10 years” (Benta, D. , Podean, I. M. , Mirecean, C. 2011, page 147), just like the ISS project. NASA has implemented a strict process and several safety teams and departments to manage risk.
In order to achieve safety and reduce risk to crew and the station, several processes have been addressed and applied to minimize problems with the design, test, productions and operation of the ISS. Three key elements are reviewed by ISS Independent Safety Task Force and basic system design requirements must address three levels of risk (Bacon, J. Boyle, J. , and Stockman, B. 1982. Page 28): 1. Two-failure tolerant to catastrophic hazard ??? systems must be designed so that no two failures, or two operator errors or a combination of both cause fatal injury or loss of ISS 2.
One-failure tolerant to critical hazards- systems must be designed so that no single failure or single operator error can cause a non-disabling personal injury or major loss of ISS element 3. Design for minimum risk ??? hazards are controlled by safety properties rather than the failure tolerant criteria The Safety Task Force will ultimately review and identify all threats and hazards that could cause the catastrophic failure, deconstruction, health and safety risks of personnel, and abandonment of the ISS. However, this report will present a risk assessment from us, as a chosen contractor for the ISS project.
The report will review a catastrophic risk that will lead to the destruction of the ISS, along with smaller risks, and presented risk fault trees and explanations. II. Sources of Project Risk in Construction Large scale and complex projects have been implemented, succeed, and failed throughout the years. Many sources and reasons can be attributed to why or why not they have succeeded. Risk management or lack of, can be one of those attributes. It has been written; “risk management is a critical success factor for delivering projects in predefined cost, time and quality” (Benta, D. Podean, I. M. , Mirecean, C. 2011. Page 142). However, when you are dealing with a project like the ISS, how do you predetermine the cost and time when the project spans over three decades? Many sources of construction risk must be identified. The following sections will first review the sources of timeline, costs, international collaboration, and complexity of project. Next, the review sources of risk with systems that need to be addressed during the construction and then the fault tree analysis. A. Timeline
The schedule of the project is a major factor of gauging on whether a project has been successful or not. For many projects, the time it takes to get to the marketplace is critical to meet product supply and demand. Most projects are measured in weeks, months, and sometimes years. A typical jetliner can take up to five years to complete (Jenkins, M. 2000. Page 4). However when it comes to the schedule of the ISS, the development cycle can be measured in decades. The preliminary design work has been initiated in the 1980s and the project is set to continue well into the year 2016 (Bacon, J.
Boyle, J. , and Stockman, B. 1982. Page 3). The timeline only in this project presents many risk factors. The changing years will not only affect technology, old and new, but the personnel working on the project. There will be firings, retiring, and new hires and training, which will be disccuss more in this report. Government and politics will also change affecting the budget and amount of money that is resourced to the project. Technology is always changing and when a project has a long development cycle, one of the biggest risk is the obsolescence of that technology.
Adding to that, the ISS is one of the first projects of its time. Not only will the project have to keep up with changing technology, new technology will also have to be created. This is a risk that cannot be avoided and must be mitigated. Time will continue on and the project must cope with the technology challenges if it wants to survive. A major advantage of this project is that it does incorporate 16 different nations. That will allow for collaboration of each countries technological advance. While working together, new technologies can be discovered.
A good example; because of the lack of computer and technology information in the beginning development of the ISS, NASA had to accelerate its information technology systems and developed a full email and web focused data exchange system (Boyle, J. , Bacon, J. , and Stockman, B. 1982. Page vi). Even though the timeline presents a major risk to the completion of the project, the major advantage is the amount of technology advancement that will be created and given to our world, ultimately giving us space exploration. B. Costs
The biggest critical factor of the ISS project is the overall cost. Along with maintaining the timeline, NASA is very concerned about the budget because overruns are not tolerated by Congress. As the space station continues to evolve, so do the cost estimates. “The existing estimate had doubled since the program inception and much of the cost and schedule growth was due to poor original estimates, requirements definition, capability creep, and program changes” all which are typical for cost increases in a large and complex project.
The program budget was paying for a large number of NASA staff and support contractors. The flat-funding concept by Congress did not match the system’s engineering life cycle and prevented NASA from optimizing the development and construction (Boyle, J. , Bacon, J. , and Stockman, B. 1982. Page 67). Modifications and changes in scope are needed to keep up with the changing technology and these results in the budget estimating several times higher than the original budget. As Congress changes, so does the budget that is devoted to the space program.
In 1993 the Clinton Administration set up a panel to review the space station and set a design that would fit within the available budget (Boyle, J. , Bacon, J. , and Stockman, B. 1982, Page iv). With the new ISS implementation, which will include major contributions by the Russians, costs will continue to grow along with the schedule delays. As the year’s progress and due to delays from redesigning and re-scoping, the funding Congress provides is subjected to cancellation votes. NASA and its contractors will reduce this risk by continuing to look for ways to lower costs, along with completing the station.
C. International Collaboration Russia became a major contributing international partner to the ISS, along with 15 other countries. The original program strategy was for the United States to be in more control of the space program and having no international partner on the critical path. However, the Russians have provided the first two major integrated models of the ISS, which are leading the critical path of the project (Boyle, J. , Bacon, J. , and Stockman, B. 1982. Page v). This presents a risk for the US as they will not have as much control over the project as originally planned.
The MIR was the first occupied Soviet Space station in 1986 which has remained in orbit for 15 years. Even though NASA had little to do with the creation of the MIR, it did allow for the beginning of US research of micro-gravity and gain experience in spacewalks, allowing testing and research of new equipment, and critical lessons about day to day operations in space thus leading to valuable sources of data (Boyle, J. , Bacon, J. , and Stockman, B. 1982. Page vi). However, there is a major cultural difference between the US and Russian astronauts, engineers, managers, and all involved in the project.
The US ISS team has to integrate with the former Soviet bureaucracy’s and their engineering processes. As for safety and the two fault system, the US provides a system and the Russians will provide the second system. This allows for two systems and if one fails, the other is treated as a backup. However, information is power for the Russians and sharing of the system documentation is difficult and presents a major risk for the US. The Russians have provided already build systems that are integrated into the newly developed US systems.
Not only is the documentation difficult to obtain, the language difference also presents a challenge as the Russians have difficulty understanding and learning the US engineering methods, and vice versa (Boyle, J. , Bacon, J. , and Stockman, B. 1982. Page v). The past economic challenges of the former Soviet era can also present a risk for the US. In the “mid-1990’s in Russia, the Russian space industry was encouraged to seek ‘off-budget’ resources which evolved into unique payment scenarios where cosmonauts were compensated for specific mission tasks” (Boyle, J. , Bacon, J. , and Stockman, B. 982. Page 11). This can cause differences in motivations for project plans and operations, as the US is mostly government funded. The communication barriers along with ineffective communication can cause major problems in any project. However, early identification of risks allows minimization and reduces the negative effects it will have on the project (Benta, D. , Podean, I. M. , Mirecean, C. 2011. Page 147). Mitigation of the communication barriers is needed and the risk of poor communication will decrease as the team progresses and works together and simplifies the system process.
Simplifying processes or difficult topics with language and communication, that is not as technical or precise, will help with the communication barrier. Along with increasing the face to face meetings to allow for prevention of miscommunications. Even though complexes are far apart, traveling for face-to-face meetings will have to be accounted for in the budget. D. Infrastructure and Complexity of Project The ISS is an on orbit assembly process with each subsystem having its own unique and functional performance requirement.
Each subsystem must be able to support human activity to support the extreme environment of space. The subsystems are also built, designed and deployed by each of the sixteen nations involved in the project. Parts are also delivered and installed by complex space vehicles. The infrastructure needed to support the program offices, engineering staffs, production facilities, and integration, testing facilities and launch vehicles is enormous and presents a multibillion dollar investment worldwide (Boyle, J. , Bacon, J. , and Stockman, B. 1982. Page 23).
The most complex infrastructure elements of the project are the launch vehicles. Because of the numerous launches that will take place during the course of the project, the risk assessment of the cost and risks associated with the launch vehicles, launches, design and implementation is very difficult (Jenkins, M. 2000. Page 8). Focusing on different design options, minimizing the additional and development of the infrastructure requirements will be a key component to reducing costs and the risks associated with the complex infrastructure of the project.
Avoiding redesigning of infrastructures or creating new designs and adding minor improvements instead will help reduce this risk. III. Systems to Address in Construction Project Risk A. Technology and Integration Along with the complexity of the project and the added length that will affect the extinct technology, the integration of several subsystems and the technology from each system presents a risk. Each subsystem is designed and created by one of the sixteen nations and contractors involved in the project. Then each system is launched and integrated in orbit.
This presents a risk if there are issues with that integration due to the distance of space and the supplies available in orbit. Also, “If the designer and systems engineer choose technologies that are already in use, they may become obsolete by the time the system is deployed or during its early life. Choosing cutting edge or unproven technologies also risks delays and cost increases as the technology matures” (Boyle, J. , Bacon, J. , and Stockman, B. 1982. Page 51). The contributions from the international partners requires more of an integrated testing, assembly and operation of those subsystems.
This can lead to schedule impacts, fluctuating budgets, and development changes. This risk can’t be avoided or prevented, there are several countries and contractors involved, this risk can only be mitigated. Better communication of teams and documents, along with on time delivery, quality materials and testing of systems will help mitigate this risk. B. People Because of the length of the ISS project, or any project that has a long timeline, a risk to consider is the ability to maintain and recruit the workforce. The complexity of the project and tight budgets also adds difficultly to maintaining excellent engineers.
A lot of the positions have been contracted out to reduce costs. “As the government and engineering positions decline, the remaining personnel have less opportunity to start at the bottom and do detailed engineering over a full career. ” Increasingly the administrative and management responsibilities leave them little opportunity to exceed with their engineering skills, and the positions are being given to contractors (Boyle, J. , Bacon, J. , and Stockman, B. 1982. Page 21). The length of the project also gives way to employees leaving for other opportunities.
Due to the length and changing budget, this risk can’t be avoided; it can only be planned for. In order to mitigate this risk, maintaining a high level of experienced personnel by implementing strategic level planning and execution of workforce planning, along with mitigating the budget to minimize layoffs. C. Test and Verification Process Considering the infrastructure and complexity of the ISS project, the test and verification process is just as difficult to attempt. NASA, international partners, and contractors are all responsible for verification and safety of all flight hardware, vehicles, systems and processes. Even though many of the technologies or prototypes were tested on the ground, the effects of microgravity, radiation, and human factors could not easily be reproduced with the desired duration and accuracy” (Stockman, B. Boyle, J. Bacon, J. Page 51). Many of the modules are developed in different countries and delivered right before launches. To save cost, NASA began what was coined as “Ship and Shoot” which meant the modules or systems were delivered as late as possible to the launch site to prevent extensive testing.
They were then checked for internal operation and then “shot” into orbit where they would be installed (Boyle, J. , Bacon, J. , and Stockman, B. 1982. Page 61). Modules are not delivered in time to be tested and installed in order to prevent more schedule delays. Preventing this risk would be the best plan and in order to do so, systems and models need to be available prior to launch for some process of testing to prevent and limit in orbit installation and testing. “Transportation issues alone are complex and made more so by budget constraints and limitations on what can be brought into space.
An engineering challenge for the ISS and each of its systems is accounting for the initial deployment assembly and possible repairs of major components” (Stockman, B. Boyle, J. Bacon, J. Page 68). IV. Catastrophic Failure Fault Tree As review in the prior sentences, the complexity, length, changes in regulation and personnel, politics and government funding, presents a large amount of risk to consider for the project. In order for NASA to keep the ISS project alive and after accidents such as the Challenger and Apollo, NASA has to implement aggressive risk analysis.
Currently they use a proven risk assessment method of Probabilistic Risk Assessment (PRA) and Fault Tree Analysis (FTA) to reduce technology and program risks that will arise in projects. The technique of fault tree analysis “is one of the most important logic and probabilistic techniques used in PRA and system reliability assessments today. In safety applications, this methodology helps engineers and managers systematically and efficiently uncover and prioritize safety improvements” (Vesely, W. 2002). The FTA technique can analyze different states of a system from a safety standpoint.
Those states can then be further analyzed in context of environment and operations and show realistic ways to prevent the top event from occurring (Vesely, W. 2002. Page 2). Fault trees are visual and potential causes of failures can be easily seen. The ISS is a collaboration of engineers and managers from all over the world. Language, culture, and logistics present barriers when working together. The visual aspect of FTA can help removes these barriers and allows focus on risk discovery and mitigation. A main risk for catastrophic failure to the ISS is micrometeoroid and orbital debris (MMOD).
For a normal aircraft carrier, engineers perform risk analysis of bird strikes or other objects that might hit the aircraft while it is in flight or taking off on the run way. The aircraft is defended by the foreign objects with material strength protection and engines that can tolerate the foreign objects. However, for space vehicles and crews working in space, even the smallest object carriers an extremely large amount of kinetic energy that travels at high velocities. Each piece of micrometeoroid, space debris, or tiny particle can have hazardous energy levels (Bacon, J. Boyle, J. , and Stockman, B. 1982. Page 60).
The following section will show and review the catastrophic failure fault tree caused by MMOD damage or penetration to the ISS or its crew. Details will then be discussed on how to reduce, mitigate or avoid the risks involved with the MMOD. A. Catastrophic Failure Fault Tree: Catastrophic Failure Caused by MMOD Damage or Penetration -to Crew or Space Station Catastrophic Failure Caused by MMOD Damage or Penetration -to Crew or Space Station OR OR And And (2)Penetration to ISS or Vehicle ??? leak causing depressurization (2)Penetration to ISS or Vehicle ??? leak causing depressurization And And ii) Repair failure (ii) Repair failure (b)Disconnect from ISS (b)Disconnect from ISS (a)Suit Penetration (a)Suit Penetration OR OR (1)MMOD impact to crew member during space walk (1)MMOD impact to crew member during space walk (3)Damage to critical hardware ??? failure of redundancy systems (3)Damage to critical hardware ??? failure of redundancy systems (i)Repair failure (i)Repair failure (ii) System(s) unreachable (ii) System(s) unreachable OR OR (a)Cabin Leak ??? ISS abandonment (a)Cabin Leak ??? ISS abandonment (3)Unreachable by Space walk or vehicle (3)Unreachable by Space walk or vehicle OR OR (1)Lack of parts/tools 1)Lack of parts/tools (2)Lack of skills/training (2)Lack of skills/training OR OR (i)Isolation failure (i)Isolation failure (c)Ground Control failure (c)Ground Control failure (a)Primary system failure (American) (a)Primary system failure (American) (b)Vehicle Leak ???no escape route for Crew (b)Vehicle Leak ???no escape route for Crew (b)Secondary System failure (Russian) (b)Secondary System failure (Russian) V. Discussion of Catastrophic Fault Tree A. Reduced Risks: (2)Penetration to ISS or Vehicle ??? leak causing depressurization in the event that MMOD penetrates the outer shell of the ISS or a transport vehicle.
The leak will cause loss of cabin pressure or pressure inside vehicle causing abandonment of the ISS or a vehicle failure. Vehicles are also used as escape routes for crew. Loss of both the ISS and vehicle will be catastrophic for the program and the crew onboard. (a) Cabin leak ??? MMOD penetration of outer shell and causing a leak within the cabin or (b) within a vehicle that cannot be: (i) Isolated- the area where the leak occurs cannot be sealed off to preventing further depressurization, causing failure. (ii)Repaired- the area cannot be repaired in-orbit with supplies, parts or lack thereof.
The impact of MMOD to either the ISS or vehicle can be reduced by the ISS moving to different positions in orbit. With the use of radar and tracking, MMOD can be predetermined and reduce the impact to the ISS or crew. Using more protective shields on the outer shells will also reduce the impact of MMODs. Due to debris inevitably being in space from various forms, this risk cannot be 100% avoided. B. Mitigated Risks (3)Damage to critical hardware ??? failure of redundancy systems as part of the safety requirements of the ISS and two part failure.
The critical hardware will have redundancy systems for backup. (a) Primary systems failure (American): the first system to fail due to MMOD impact. Depressurization will cause loss of critical airflow which is used to cool hardware systems or impact damages power supply and other critical components. (b) Secondary system failure (Russian): the backup system supplied by international partners which is a redundant system. This system must also be damaged by the MMOD along with the primary system to cause failure. (c) Ground control system: the systems that are being control by crew on the ground.
Their systems must ultimately fail in controlling what is damaged by the MMOD in the first two systems in orbit. (i) Repair failure: the system(s) damaged by MMOD impact cannot be repaired in orbit. (ii) System(s) unreachable: the system(s) damaged by MMOD cannot be repaired due to being unreachable by crew in orbit or by ground crew. (1) Lack of tools: the in orbit crew does not have the necessary tools or parts to repair the damaged system(s) in time to prevent failure. (2) Lack of skills/training: the crew onboard cannot repair the system(s) damaged due to not knowing how or having the skills to repair in time. (3) Unreachable y spacewalk or vehicle: the system(s) damaged cannot be reached by crew on ground or onboard to repair in time, causing failure. This risk must be mitigated. This risk does have redundancy systems in place to prevent catastrophic failure and there are many factors that must fail and meet the one and two fault failure risk guidelines. However, there are many systems and subsystems onboard that could be impacted and cause ultimate and catastrophic failure. C. Avoided Risks (1)MMOD impact to crew member during spacewalk is the risk is presented that MMOD impact can hit a crewmember when they are working outside of the ISS. a) Suit penetration: as crew members work outside of the ISS there is risk the MMOD may hit a crewmember and penetrate the suit, causing loss of breathing capabilities or injuries. (b) Disconnect from ISS: as crewmembers work outside the ISS and are attached to the ISS, there is risk that MMOD can hit crew members and disconnect them from ISS. The crew member cannot be recovered in time and is lost in space, causing a catastrophic failure. The risk to crew members being hit by MMOD must be avoided. The loss or injury of any crew member is catastrophic.
There are very limited supplies on board the ISS to treat injuries and the time to transport the member back to ground support is lengthy. Tracking of MMOD by radar, moving ISS to different positions and working outside the ISS only when MMOD is not present is a risk management plan to avoid impact to crew members. VI. Smaller Risk Fault Trees The following information will provide fault tree analysis on risks that can lead up to a catastrophic failure of the ISS. A. Fault Tree Two: Risk of Collisions Remote vehicle collides with docking station Remote vehicle collides with docking station 1)Failure of vehicle’s automatic system (1)Failure of vehicle’s automatic system And And (2)Failure of Manual override of system by crew (2)Failure of Manual override of system by crew A A A A (a)Vehicle doesn’t monitor any critical controls. Failure of self-monitoring system (a)Vehicle doesn’t monitor any critical controls. Failure of self-monitoring system (b)Vehicle doesn’t adjust to docking station movements. Failure of repositioning (b)Vehicle doesn’t adjust to docking station movements. Failure of repositioning Or Or Or Or (b)Ground station manual override failure b)Ground station manual override failure Or Or (i)Manual operation failure due to Hardware/Software malfunction (i)Manual operation failure due to Hardware/Software malfunction (i)ISS or ground crew is not properly trained. Operator error (i)ISS or ground crew is not properly trained. Operator error (1)Loss of power (1)Loss of power (1)Vehicle distance is out of specification (1)Vehicle distance is out of specification (ii)Failure in sensors (ii)Failure in sensors (i)Failure in motors (i)Failure in motors (a)ISS crew manual override failure (a)ISS crew manual override failure (i)Failure in software program i)Failure in software program B. Discussion of Fault Tree Two Fault Tree Two is a risk assessment involving remote vehicles that will be docking to the ISS. There is a high possibility of collision when cargo and personnel from arriving space vehicles will need to be loaded/unloaded or elements moved around for installation and assembly of the ISS. Collision of the docking vehicles is a high probability risk with consequences that can affect safety, cost and the ISS’s continued schedule. NASA has implemented a strict process and several safety teams and departments to manage risk.
In order to achieve safety and reduce risk to crew and the station, several processes have been addressed and applied to minimize problems with the design, test, productions and operation of the ISS. All space vehicles are designed with automated and manual control systems. In order for a collision failure to take place the automated docking and the manual docking must fail, allowing for the safeguard of two independent systems. The above fault tree is designed to show the failures of the automated system on the left side and the failures of the manual system on the right.
The following list will provide details on each of the smaller risks involved to cause the top event of collision. (1) Failure of vehicle’s automatic system: the main automated system must fail in order for collision to occur. The vehicles are designed to be automated and with complex systems. a. The vehicle’s automation system must have monitoring capabilities which will monitor all critical aspects of the vehicle. If monitoring fails, collision can occur. (i) Software failure can cause failure of the monitoring system. 1. Power failure can cause failure of monitoring system. . Vehicle doesn’t automatically adjust to the position of the docking station. The docking station is in constant movement and the vehicle must be able to track and reposition itself. (ii) Failure of motors could cause the vehicle repositioning to fail. (iii) Failure of sensors could cause the vehicle to not reposition or reposition incorrectly, causing failure. 2. If the vehicles original calculated position is out of specification, failure can occur. (2) Failure of manual override by crew and ground control: each vehicle is designed to be controlled and monitored by the crew.
When automation fails, manual override must be occurring to prevent collision. If the manual override of the vehicle fails, collision takes place. c. The ISS crew must be able to override the automated vehicle to prevent collision. d. The ground crew must also be able to override the automated system, if the ISS crew and ground crew cannot control the vehicle, collision will occur. (iv) If crew is not properly trained to handle manual operation, collision can occur. (v) If hardware or software of the system fails, manual operation cannot take place, causing collision. C. Fault Tree Three: Fire Fire onboard ISS Fire onboard ISS
Andd Andd (1)Extinguishers failure (1)Extinguishers failure (4)Flammable material left on hot surface (4)Flammable material left on hot surface (2)Failure of heat ; smoke detectors (2)Failure of heat ; smoke detectors (3)Overheat of electronics (3)Overheat of electronics Or Or Andd Andd (a)Human error/improper training (a)Human error/improper training (a)Poor quality of other manufacturer equipment (a)Poor quality of other manufacturer equipment (a)Wrong/old specification for space or use (a)Wrong/old specification for space or use (a)Complacency of alarms and failure to react (a)Complacency of alarms and failure to react b)No extinguisher in area (b)No extinguisher in area (b) Defective alarm system. Hardware/software failure (b) Defective alarm system. Hardware/software failure D. Discussion of Fault Tree Three Fault Tree Three represents the risk of fire onboard the ISS. Although space provides an unlikely environment for catastrophic fire circumstances, small fires are possible and present a dangerous risk to safety of the crew and damage of equipment. When assessing risk for the space station, “a key consideration is the remoteness of the ISS relative to traditional systems and the inability to rapidly provide additional support” (Vesely, W. 002. Page 82). Even though the probability of fire in space is low, the consequences are very high if one does occur. The FTA shows events that are preventable and will allow for several fire contingency plans that will keep costs low and the risk event even lower. (1) Extinguisher failure: fire onboard the ISS can occur and cause major damage or injure crew members if the response to the fire is use of a fire extinguisher and this attempt fails, allowing for the fire to worsen. a. If the fire extinguisher is old or not the correct type for space, then fire can cause damage or injury. . If there are no fire extinguishers in the area then the fire can’t be contained and damage or injury can occur. (2) Failure of heat & smoke detection system: failure of the detection system can allow for the fire to become catastrophic and uncontained. c. A risk to the alarm system is complacency of crew members ignoring the alarms and allowing fire to worsen. d. Alarm systems may become defective and fail when actual fire presents itself. Hardware and software interfaces may be the cause. 3) Overheating of electronics: the ISS is a complex station composed of separate systems and their subsystems. Functioning electronics exert heat and the risk is fire from overheating. e. Poor quality of electronic components used in systems and subsystems can cause the overheating. (4) Flammable material left on hot surface: when the electronics produce heat, there is a possibility of material being left on top of the hot surface, igniting fires. f. Crew members may not be aware or properly training of what materials are flammable and may leave on hot surfaces unintentionally.
VII. Summary The ISS project is one of the most complex projects of its time, especially in terms of the three major factors in a project: time, budget and scope. The ISS project spans over several decades and because of this the scope and budget changes. With each change, risk management must be applied. The project presents many risks and the risks explained in this report are risks that can be catastrophic or lead to a catastrophic failure. These risks must be identified and managed. Smaller risks must not be discounted, as smaller risks can lead to larger problems.
The use of fault trees helps to identify those smaller risks. Fault Tree Analysis is one of the main methods for risk assessment in technological projects, especially one as advanced as the assembly of the International Space Station. FTA allows for a logical, reliable and visual study and analysis of risk for any project. The use of this technique reduces the probability of risks taking place and also has several other benefits. The FTA can promote proactivity and allow for prevention to take place before the top event risk happens.
The visual aspect of the FTA also allows for maximization of resources by allowing engineers and managers to visually see the project in its entirety. NASA is a leader in technology and one of its objectives is to build a “repertoire of expertise in proven methods to reduce technological and programmatic risk, FTA is one of the most important logic and probabilistic techniques used in system reliability assessments today” (Vesely, W 2002). Proper application of FTA can give an organization peace of mind when they apply the techniques to their project’s risk assessment. The risk management rocess can also be simplified by using the FTA techniques. The assembly of the ISS and the space project’s continued success provides proof of FTA and risk management’s successful application. VIII. Work Cited Benta, D. , Podean, I. M. , Mirecean, C. 2011. Best Practices for Risk Management in Complex Projects. Informatica Economica. Vol 15 Issue 2, pages 142-152. Boyle, J. , Bacon, J. , and Stockman, B. 1982. International Space Station Systems Engineering Case Study. Air Force Center for Systems Engineering. Retrieved from website: http://www. hq. nasa. gov/ Jenks, M. 2000.
Systems engineering challenges of the international space station. Reports on leading-edge engineering from the 2000 symposium on frontiers in engineering. Pages 3 -8. Retrieved from website: http://www. nap. edu/catalog/10063. html Independent Safety Task Force. 2007. Final report of the International space station. Nasa Headquarters. Retrieved from website: http://www. Nasa. gov Vesely, W et al. , Fault Tree Handbook with Aerospace Applications. 2002. NASA Office of Safety and Mission Assurance. Retrieved from website: http://www. hq. nasa. gov/office/codeq/doctree/fthb. pdf