commercial crew program requirements workshop

National Aeronautics and Space Administration

Commercial Crew Program

Requirements Workshop

Ed Mango

October 4, 2011

NASA Program Manager

Agenda

Welcome 1:30 pm

CCP Introduction Ed Mango

Commercial Crew Transportation Technical Requirements

Introduction Chris Gerace

Processes Jim Peters

Break 2:30 pm

ISS Certification and Services Requirements CCT-1130 Rob Bayt

ISS to COTS Interface Requirements SSP-50808 Kathy Lueders

Wrap-Up Brent Jett

2

CCP Approach

Goals: • Facilitate the development of a U.S. commercial crew

space transportation capability

• Stimulates U.S. space transportation industry and encourages the availability of space transportation services to NASA and others

Objectives: • Safe, reliable, and cost effective access to and from

low Earth orbit (LEO) and the International Space Station (ISS) by mid-decade

• Investing in U.S. aerospace industry crew transportation system (CTS) design and development

• Mature the design and certify U.S. CTS capabilities

3

2011 2012 2013 2014 2015 2016 2017 2018 2019 2020

Missions

Demo/Test Flights

Commercial Crew

Fiscal Year

Certification Critical Design Initial Design

State of the Program

CCDev2 is progressing well and on schedule.

Requirements are almost fully defined.

Congressional products have been delivered.

Insight/Oversight experiences are helping to mold future relationships.

Program Strategy is approved and being implemented.

IDC dRFP has been released.

4

CCP Strategic Path for Requirements

Remain streamlined in our technical and programmatic approaches

to Provider designs.

Evolve Insight processes for the non-traditional contract approach.

Assess certification, verification, and test demonstration approaches.

Priorities are unchanged:

• Develop a safe, reliable, and cost effective system(s).

• Provide a certified system for NASA crewed missions to the ISS.

• Spur the commercial capability of the developed systems.

5

Requirement Development Path

Initiated requirements development in Oct 2010.

Put out an RFI for feedback on Commercial Crew Transportation Technical Requirements (CCT-1100 series) Set in May 2011.

Assessed comments and updated requirements set.

Program has released a change request (CR) internally within CCP and ISS to review updated CCT-1100 series.

• Program released updated CCT-1100 series to Industry, along with draft RFP

• Comments due on Oct 14, 2011 to Rogelio Curiel

– [email protected]

6

CCP Requirements Process

Gather Feedback

7

Assess and Adjust

Execute Program

Phases

Implement

SSP 50808: ISS to Commercial Orbital Transportation Services Interface Requirements

Requirements to interface with the International Space Station.

CCT-REQ-1130: ISS Crew Transportation

Certification and Services Requirements

Requirements to transport NASA crew to the International Space Station.

CCT-STD-1140: Crew Transportation Technical Standards and Design Evaluation Criteria

Summary of expectations and criteria used in the evaluation of technical standards.

CCT-DRM-1110: Crew Transportation System Design Reference Missions

Summary of potential reference missions for the Crew Transportation System.

CCT-PLN-1120: Crew Transportation Technical Management Processes

Summary of technical management processes that support certification and expectations for evidence of compliance.

CCT-STD-1150: Crew Transportation Operations Standards

Summary of expectations for minimum criteria and practices for operations.

CCT-PLN-1100: Crew Transportation Plan

Program summary of roles, responsibilities, and interfaces between the Commercial Crew Program and Commercial Partners in the development of a certified Crew Transportation System.

CCP Acquisition Roadmap

8

`FY11 FY12 FY13 FY14 FY15 FY16 FY17FY10

Potential Initial ISS Missions Transitionto Services

Design and Early Development

Early Development, Demonstration & Flight Test Activities

Blue Origin

Boeing

Sierra Nevada

Space X

ULA

ATK

Blue OriginBoeingParagon

Sierra NevadaULA

DTEC Phase &

Initial ISS Missions

CCDev2 Element Design

Integrated Design Phase

CCDev1 Element Design

Development/Test/Evaluation/Certification

Human Space Flight Safety Tenets

Over the past forty plus years of human space flight, NASA has

learned some very painful lessons that have provided three

fundamental safety tenets that should be inherent in any human

space flight program’s architectural foundation:

• Strong in-line checks and balances

• Healthy tension between responsible organizations

• “Value Added” independent assessment

9

Safe Space Flight Architectural Foundation

10

Safety Risk Management Foundation

NASA Approval of Design Certification

NASA Insight of Commercial Provider

NASA Acceptance of Flight Readiness

NASA Approach to

Safe Human Space Flight to the ISS


Session 1:

1100 Series Implementation

Approach

Chris Gerace

SE&R

Implementation Approach

Implementation approach has been captured in the 1100 series

documentation

Addresses key areas:

• Program Insight/Oversight

• Certification Process Overview and Expectations

• Evaluation of Technical Standards

• Use of Operational Standards

• Processes and Technical Requirements

12


13



CCT-REQ-1130: ISS Crew Transportation

Certification and Services Requirements













Conveys NASA’s intent to facilitate the development of a U.S. commercial crew transportation capability initially to and from the ISS.

Provides the overview of the relationship between NASA and Commercial Providers in the areas of: • Insight/Oversight

• Certification

• Supporting Processes

14








CCT-REQ-1130 contains ISS destination services requirements and transportation services requirements.

SSP 50808 contains the interface requirements that apply during ISS integrated operations.

These two documents together provide the technical requirements for a NASA certification toward crew transportation services to the ISS.

15



CCT-REQ-1130: ISS Crew Transportation Certification and Services Requirements



Developed to provide guidance and expectations for standards

and practices.

Describe technical work products and practices that typically

demonstrate intended technical rigor, both in design and

operation.

16






Session 2:

Key Program Process Updates

Jim Peters SE&R

Overview

Key Process Updates

• Insight/Oversight

• Gap Evaluation Process

• Design Reference Mission Updates

• Safety Review Process

• Probabilistic Safety Analysis

• Standards Approval Process

CCT-REQ-1130 Technical Requirements and SSP 50808 ISS

Interface Control Document are covered separately.

18

Overview

Key Process Updates







19

Insight/Oversight Methodology (1 of 2)

Add Appendix D to CCT-PLN-1100 to describe the Partner Integration Team structure and workings

Insight:

• CCP’s emphasis for insight is to gain a detailed working-level understanding of the Commercial Provider’s approach and implementation of design, requirement flow-down, trades, risks, and processes leading to CTS certification with minimum effect to the Provider’s rhythm.

– CCP will work with the Commercial Provider to understand the NASA 1100 series and the Commercial Provider’s CTS technical and safety requirements verifications, processes and plans

– Partner Integration Teams will have insight into the Commercial Provider’s change process and will, with the appropriate Program oversight, assess any changes impacting the implementation of Program requirements and provide structured feedback

20

Insight/Oversight Methodology (2 of 2)

Oversight:

• CCP’s emphasis for oversight is to ensure safety of the crew and

accomplish ISS mission objectives.

• Oversight’s primary role is the technical leadership to understand

and facilitate recommendations leading to CTS certification.

– Provide a uniform understanding and management of certification

requirements and standards for all Commercial Providers

– Identify major problems (affecting certification) and provide resolution

recommendations to Program management

• CCP will maintain a two board structure, Program and Technical.

– Minimize overhead and provide an efficient review/feedback process

– These boards represent the Program Approval Authority

21

Overview

Key Process Updates







22

Gap Evaluation Process

Added Appendix E to CCT-PLN-1100 to describe the Gap Evaluation Process and feedback to the Commercial Provider throughout the life-cycle

The feedback is generated by comparing the Commercial Provider’s current state to NASA’s required end state and identifying gaps between the two

NASA will provide technical expertise to the Commercial Providers through feedback in two ways during the evaluation of milestones and certification progress:

• Official milestone review and approval at successful milestone completion

• Technical comments provided to assist the provider without issuing direction or requiring disposition

23

Overview

Key Process Updates







24

Design Reference Mission Updates

Key Updates in CCT-DRM-1110:

• DRM Updates that are synchronized with CCT-REQ-1130:

– Contingency Re-Rendezvous

– Port Relocation

– Safe Haven

– Fly Around

– Deorbit Waive-off

• Updated the following mission and system capabilities:

– Support multiple back-to-back launch opportunities in a two week period in order to accomplish a single mission

• Updated phasing time consistent with CCT-REQ-1130

– The CTS spacecraft will nominally be capable of transporting NASA crew to the ISS within 24 hours of launch

25

Overview

Key Process Updates







26

Safety Review Process

Updated the Safety Review Process in CCT-PLN-1120

• Describes NASA’s participation in Commercial Provider

processes and the integrated safety review

• Acknowledges the ISS Safety Review Process

• Describes approval and update process for hazard analyses

• Added Crew Survivability Assessment

An integrated safety review has been established prior to CDR

(or similar review) to establish the level of system risk

• This review supplements the standard safety reviews outlined in the

RFP

27

Safety Analysis Expectations

Safety analysis employs a suite of systems engineering tools used to characterize and control safety risk throughout the development and operation of a system.

• Hazard Analysis, FMEA/CIL, Probabilistic Safety Analysis (PSA), and other techniques work together to achieve this understanding and must be deployed early in the system’s engineering process to achieve the lowest risk within system constraints

• Hazard Reports and PSA products communicate safety risk and operational limitations to stakeholders

The Program is working to develop a plan for the safety approval of hazards to avoid duplication of CCP and ISS review boards.

28

Overview

Key Process Updates







29

Probabilistic Safety Analysis

The Agency established thresholds for LOC/LOM are specified

by the present release of CCT-REQ-1130.

Paragraph 4.2.1 in CCT-PLN-1120 discusses NASA’s

expectations for the content and methods used in the PSA.

Appendix E of CCT-PLN-1120 is offered as guidance for the

methodology used to verify that LOC/LOM requirements are

satisfied.

• Commercial Providers are expected to describe their methodology

in the Safety Plan and show how the analysis is used within their

development process to influence decisions surrounding risk.

30

Overview

Key Process Updates







31

Commercial Provider Standards Approval Process

The Commercial Provider may propose alternative standards for those designated as allowable in CCT-REQ-1130, Section 3.9

• CCT-STD-1140 will be utilized by NASA CCP in the evaluation criteria for acceptable alternate standards

• NASA will work with the Commercial Provider to agree on content

Alternative standards will be reviewed prior to the Integrated System Baseline Review (ISBR) and a baseline established at the CCP Program Control Board

• Once the alternate standards have been approved, this set will be used in the Commercial Provider’s CTS design evaluation

• Changes will be approved through the CCP board structure

32

Process Update Summary

Insight/Oversight process as it relates to safety has been established

The Gap Evaluation process is subject to change to support the contract phase of the Program

An integrated safety review has been established prior to the ISBR to baseline the level of system risk

Guidance on the PSA methodology has been provided • Clarity on LOC/LOM requirements verification is provided CCT-REQ-1130

Approval process for alternate standards has been established

Joint safety review processes with ISS are in work

33


Q&A


Session 3:

Significant Requirement Changes Since

Draft 3.0

Rob Bayt

SE&R

Requirement Changes Walkthrough

Goals:

• Establish strategy of changes

• Highlight important changes, additions and deletions since Draft 3.0

36

Requirement Validation Strategy (1 of 2)

Emphasis on the top-level function: ISS Crew Rotations

• Focus requirements on key capabilities

• Validate key performance parameters

• Eliminate overlap within the document and simplify verification

closure

Respond to feedback from industry

• Industry feedback drove re-evaluation across several requirements

37

Requirement Validation Strategy (2 of 2)

Levy requirements focused on crew safety and mission success

• Known design features that ensure safety

• Levied design standards as children to top-level needs, but look to

providers to propose methods for demonstrating compliance

Minimize overlap with ISS IRD

38

Summary from Industry Feedback

Significant changes include:

• Mission Duration

• Launch Probability

• LOC

• Manual Control

• Vehicle and Pad Egress

• Human Integration Requirements

Focus on maintaining Level II requirements

39

Requirements CR Statistics (1 of 2)

311 requirements released in Draft 3.0

292 requirements released for Draft 4.0 CR

19 new requirements

38 requirements have been deleted

• 22 were un-validated – either too prescriptive or need could not be

identified

• 16 were consolidated into other requirements (tables vs. individual

requirements)

40

Requirements CR Statistics (2 of 2)

Requirements have been modified

• 73 editorial changes – numbering, typo’s, updated reference

• 28 requirements have been modified to increase specificity

• 19 requirements have been re-worded for clarity and readability

• 15 requirements had updated performance values

• 7 requirements were re-validated and the TBCs were removed

• 5 requirements improved rationale

41

Numbers in [ ] on subsequent charts are requirements IDs

found in the spreadsheet and at the end of the requirement in

the published document. They are preceded by R.CTS. in both

locations.

42

Mission Capabilities

Contingencies

Safety

Human Integration

Spacecraft Operations and Durations

Changes in Key Capabilities:

Elaborated CONOPS in CCT-DRM-1110

to drive requirement validation

Overall mission duration estimates are

reduced from ~86 hours to ~73 hours

• Protecting for 24 hours rendezvous delay

that includes two additional docking

attempts beyond nominal

• Perform port relocation or ISS Fly around

only if no contingency was utilized on initial

docking

• Protect safe haven

• Protect de-orbit waive-off

43

Requirement

Paragraph Required Operations Hours

3.4.2.1 Liftoff thru docking 24

Hatch close to

landing

No

Dedicated

Time

Allocation

Required

3.5.1.4 Postlanding 2

3.4.2.3 24 hr Docking Delay 24

3.4.2.2 - Contingency

Docking

3.1.5.2 - Port Relocation

3.1.5.3 - Flyaround

3.4.2.5 Safe Haven 6

3.4.2.5 - Safe Haven with

ISS Power (18)

3.4.2.4 De-orbit Waive-off 12

No

min

al

Co

nti

ng

en

cy

No

Dedicated

Time

Allocation

Required

Spacecraft Operations and Durations (1 of 2)

Shifted focus from Consumables to Capabilities

• Verify complete system capability from liftoff to docking in 24 hours

[078]

– 24 hours is a “design point” to accommodate ISS phasing

– Rationale addresses Industry recommendation to allow

operational flexibility in mission-to-mission rendezvous timeline

44

Spacecraft Operations and Durations (2 of 2)


• Nominal landings must be CONUS [015]

– Required to support expedited crew return to NASA facilities for baseline

data collection

– Includes waters within U.S. boundary

• Support de-orbit delay of at least 12 hours [081]

– Provides more than 1 flight control shift to investigate anomalies

– Does not preclude returning to the ISS

• Ensure specific contingency landings are to supported sites [337]

[338]

– Protect enough endurance and maintain a strategy such that a failure to

mate

– Protect enough endurance and maintain a strategy for de-orbit delay

45



Safe Haven now protects for at least 6 hours of standalone

capability while docked [082]

• 6 hours with no power from ISS provides time for ISS Operations to

restore power to vehicle

• Protects for decision making time to determine whether to evacuate

or shelter-in-place

• Additional 18 hours of safe haven required if RNDZ delay was not

used and power was restored

46



Rendezvous in ambient lighting conditions [026]

• Relaxed requirement allowing docking on planned orbit

• System can meet requirement through any rendezvous strategy

that arrives on that orbit but avoids sensor lighting restrictions

(including hold points)

Flyaround capability is now a “shall” statement [028]

• Certify capability of flying in close enough proximity to the station

and executing maneuvers to provide inspections

– Emphasis on trajectory control for flyaround, not imagery inspection

– Will not require protecting additional consumables for this capability

47

Pre-Flight CONOPS (1 of 2)

Requirement updates for pre and post-flight are in work. But,

they are currently being updated with this concept of operations

in mind.

NASA is responsible for USOS Crew

• Health Stabilization Program (HSP)

• Medical Care and Assessments

• Baseline Data Collection

NASA is responsible for supporting facilities for these

responsibilities

48

Pre-Flight CONOPS (2 of 2)

Commercial Provider is responsible for comparable HSP for

any other crewmembers

Commercial Provider designates time for USOS crew suit-up

and ingress on launch day

Commercial Provider provides transportation to spacecraft

49

Post-Flight CONOPS (1 of 2)

Designated Primary Landing Site and Alternate Landing Site

• Recovery forces are on station

NASA transports eight NASA support personnel to a

Commercial Provider-designated staging area

Commercial Provider transports eight NASA support personnel

from staging area to landing site

Commercial Provider sets up medical area (tent)

50

Post-Flight CONOPS (2 of 2)

Commercial Provider extracts USOS crew within 1 hour of

landing, with NASA medical oversight

Commercial Provider removes ISS time-critical cargo

NASA provides post-flight medical care and science

Commercial Provider transports USOS crew, NASA-support

personnel and cargo to NASA-designated staging area at the

conclusion of the on-site medical care

51

Emergency Scenarios Requiring Rescue (1 of 2)

There a handful of scenarios that would require immediate mission

termination without the ability to return to a supported site:

• Ascent abort

• Sudden Cabin Depressurization

• Propellant leak

In the event of an emergency return, the vehicle must protect the

crew, and have provisions for 24 hours after landing

• Emergency Survival Kit [094]

• 24 hours of breathable atmosphere [093] (controlled access to outside air

possible)

• Potable water [211]

• Visual Aids for Search & Rescue [088]

52

Emergency Scenarios Requiring Rescue (2 of 2)

Once an emergency return is declared, recovery becomes a

rescue

• Commercial Provider rescue services vs. U.S. Government rescue

under evaluation

• Commercial Provider responsible for spacecraft recovery

Pre-declared scenarios in the requirements (failure to mate and

de-orbit waive-off), will not be considered “rescue”

• Required to loiter in orbit and return to a supported landing site

• Provider responsible for recovery of crew at supported sites

53

Capabilities at Landing (1 of 2)

Affirmed need to recover and remove crew from the spacecraft

within 1 hour of a landing at supported landing sites. [097]

Affirmed need of 2 hour post-landing safe haven that provides

the same environment as during flight. [090]

For recovery beyond 2 hours, spacecraft shall provide a

breathable atmosphere to allow the crew to remain in the

spacecraft for 24 hours after landing. [093]

• Modified from a generic provide for deconditioned crew survival

54

Capabilities at Landing (2 of 2)

Post landing provisions:

• Two-way voice communications between the crew and the CVCC until recovery forces have removed the crew from the vehicle. [095]

• Two-way voice communication between the crew and the recovery forces until recovery forces have removed the crew from the spacecraft. [353]

Refined need for recovery in 4 hours of landing within 400 nm of the designated primary landing site. [098]

Responsibility for crew rescue after abort [099] and emergency de-orbit [100] is under evaluation

• Requirements will be removed for rescue, and pending outcome of assessment will either be provided or contracted as part of the SOW

55

Launch Probability (1 of 2)

Overall goal is to have high confidence of reaching ISS within ~

2 weeks

Docking at L+24 hours provides a phase window that allows for

back-to-back launch opportunities [078] • Likely multiple pairs in this two week window

• Back-to-back launch days consistent with Range scheduling

operations

Vehicle must provide next day turn around if launch is scrubbed

due to an external constraint (e.g., the Range goes “red”) [023]

56

Launch Probability (2 of 2)

To achieve high confidence, an 80% launch probability is

required [022] • Constraint now begins with tanking and ends with the launch

window close

• Vehicle design limits and operational limitations due to weather are

an internal constraint and must be accommodated within the 80%

probability

• External constraint, such as range weather or abort rescue is

exempted from 80%

New Requirement [350]:

• The CTS shall comply with NPR 8715.5A, Range Flight

Safety Program.

57

Manual Control (1 of 2)

Fundamental element of crew survival

Crew can bypass the automated guidance to interface directly with the flight control system to affect any flight path within the capability of the flight control system

If there is no active control of the spacecraft, such as when under passive parachutes, this requirement would not apply

Requirement no longer applies while integrated with the launch vehicle

• Industry feedback and internal assessments highlighted the difficulty of certifying existing systems for this capability

• Requirement begins at separation of the spacecraft from the launch vehicle [128]

58

Manual Control (2 of 2)

Reference verification has been enhanced to include a human-

in-the-loop assessment:

• Analysis shows vehicle is controllable and stable for dispersed

human inputs

• Test with a GN&C simulation integrated with a pilot-in-the-loop test

facility, with flight-like controls, displays, and out-the-window scenes

for all piloting scenarios

• Include system and environment dispersions

• Test should show the pilot actions do not violate structural, thermal,

performance margins, and the budgeted timeline for these tasks for

all relevant flight phases

59

Communications

Updated Comm. Coverage to provide [114]

• 90% communications coverage (voice and telemetry) during the ascent

• 65% during the entry flight phase

Modified redundant two-way comm. to provide single failure tolerant two-way voice comm [113]

Added a similar requirement for single failure tolerant command and telemetry communication [353]

Deleted requirement for dissimilar Communications [115]

Added a requirement to support intra-cabin communications [342]

60

NASA Provided Equipment (1 or 2)

Had a number of duplications between functions required and

supplies provided

Consolidated all NASA-supplied materials into a single table

[336]

• Environmental Health Kit

• Food and Utensils

• Contamination Cleanup Kit

• Crew Personal Dosimeters

• Medical Kit

• ISS Crew Provisions

61

NASA Provided Equipment (2 or 2)

Attributes described in table

• All supplies should be accessible in a time commensurate with their

need (med kit in time to treat injury, food within meal times)

• Mass, volume, and dimensioning provided

• Make-up of kits described in rationale

Provider responsible for any other supplies required to meet

capabilities [005]

62

Ground System Requirements (1 of 2)

Modified

The GSE shall be designed and operated to prevent

invalidation of the flight hardware certification. [314]

• Encompasses all applicability of GSE, not just those that seem to

be centered on protecting institutional assets as in NASA-STD-

5005 C, Standard for the Design and Fabrication of Ground

Support Equipment

• Focus on applicability to certification and not invalidating

certification rather than focusing on meeting intent of institutional

requirements

63

Ground System Requirements (2 of 2)

The CTS shall capture direct and indirect effects of all pre-launch natural and induced environments that could result in exceedances of the integrated space vehicle design limits. [074]

• [314] ensure process and operations preclude invalidation of certification

• [074] measures operations to provide proof limits were maintained

The CTS shall provide high resolution time-synchronized motion and still imagery during critical mission phases to support performance assessment, anomaly resolution, and mishap investigation. [072]

• More specific on the conditions imagery is necessary, and the end use of imagery

64

65


Contingencies

Safety

Human Integration

Aborts (1 of 2)

Launch Aborts

For ascent, the most comprehensive requirement for driving system

robustness is:

• Provide continuous autonomous launch abort capability from lift-off

through spacecraft separation with a 95% probability of success with at

least 90% confidence in the event of a loss of thrust or loss of attitude

control. [058]

• Protecting for these two cases presents a good risk posture for other

cases, such as, uncontained booster failure.

Increased level of detail in verification to indicate key analyses and

assessments that indicate a successful abort

• Verification addresses 10 second intervals throughout powered flight

66

Aborts (2 of 2)

Launch Aborts (cont.)

Deleted abort effectiveness due to overlap with pLOC

requirement

Removed TBC on 99.5% Abort Reliability; Begins at the

initiation of the abort system [059]

Early mission termination:

Tightened need for spacecraft to be able to autonomously

target/de-orbit/land beginning at any separation from the launch

vehicle [086]

67

Emergency Systems (1 of 2)

Emergency Entry Systems:

Requirement for systems analogous to ascent abort, but for

entry [096]

Relaxed requirement for specific cases of loss of attitude/flight

path control/landing system

Clarified the verification by incorporating Crew Survivability

Assessment, defined in CCT-PLN-1120, that examines all

critical systems during entry phase and determines the most

effective deployment of emergency systems

68

Emergency Systems (2 of 2)

Pressure Suits:

Current requirement for protection against rapid

depressurization invokes Appendix O if a pressure suit is to be

used

Requirement updates in work to be consistent with mission

functions and durations

69

Vehicle and Pad Egress (1 of 2)

Industry raised concerns that Pad Egress targets were too

closely linked to the prior architecture concepts

Refocused on the Needs

Separated the evacuation of the crew from the vehicle and the

pad into two requirements

• 90 second requirement to egress the entire crew from the

spacecraft [087]

• Pad Egress of ground and flight crew in a time consistent with the

hazard analysis and the controls in place at the pad [066]

70

Vehicle and Pad Egress (2 of 2)

Child requirements, levied as meet the intent

• 30 second requirement for hatch opening from the inside-out [168]

• 60 second requirement for hatch opening from the outside-in [169]

Require Provisions for Assisted Vehicle Egress [344]

• Verification focuses on Translation Paths and Mobility aids for the

Ground, Recovery, and Flight Crew

71


Contingencies

Safety

Human Integration

72

Probability of Loss of Crew

Overall pLOC has not changed since Draft 3.0, and it still flows

from Agency-level requirements

The decomposition of pLOC to Ascent and entry has been

consolidated [030]:

• FROM: 1 in 1000 for Ascent and 1 in 1000 on Entry

• TO: 1 in 500 combined for Ascent and Entry

Offers flexibility in optimizing combined probability

Updated proposed verification to reference CCT-PLN-1120

Probabilistic Risk Assessment Guidelines to address

uncertainty in verification standards raised by industry

73

Failure Tolerance to Catastrophic Events

Requires failure tolerance to the control of catastrophic hazards be derived from hazard/risk analysis [034]

Specific Minimums:

• Minimum of single failure tolerance to any control of a catastrophic hazard

• Dual failure tolerance or single failure tolerance with dissimilar redundancy for systems that provide the guidance, navigation, and flight path/trajectory control functions for the de-orbit burn, entry, and landing phases of the mission

• Failure of aerodynamic control effectors and parachutes are excepted from the dual failure tolerance requirement

• ISS 50808 IRD requires dual fault tolerance to catastrophic hazards within Approach Ellipsoid

• Rationale updated to ensure failure tolerance is applied to the system level inclusive of hardware, software and operations.

74


Contingencies

Safety

Human Integration

75

Human Integration Requirements (1 of 4)

Section 3.10, Human Health and Performance articulates the

limitations of the human, which must become design

constraints on the CTS

In many cases, there are proven design features that ensure

the safety and effectiveness of the human interface

3.10 retains requirements that:

• Fundamentally shape the vehicle architecture

• Demonstrate the human interface is safe and effective

76


Design features that are derived from these requirements have

been moved to Appendix Q, and invoked as “meet the intent”

[343]

• Parent-child traceability matrix shows which features support which

capabilities

• Appendix Q are still shall statements, but can be met by:

– Allocating “as is”

– Tailoring

– Tailoring the parent requirement to demonstrate child has been

accomplished

• NASA still requires evidence these features were addressed

77


Added two new requirements to provide broader coverage of human interface:

Provide crew interfaces to support crew performance with minimal errors [335] • Drives human-in-the-loop usage of the interface

• Demonstrates the interface complexity is not error inducing

Control critical hazards [341] • Need a global assessment of injury potential to ground and flight crews

• Drives assessment of all points of crew interaction

• Critical Hazard defined as a condition that may cause a severe injury or occupational illness, loss of mission, or major property damage to facilities, systems, or flight hardware

• Mechanical Hazards, Touch temperature, Impulse Noise - Head, Electric Shock become “Meet the Intent” Shall’s

78


Deleted requirement for operable by deconditioned crew [197]

• Loads in Appendix E are already de-rated to accommodated

deconditioned crew

• Only need to verify actuation loads in Appendix E

Modified Body Waste Management to reduce diarrhea

collection by 50%

79

Habitable Environment

Deleted broad requirement for a safe habitable environment

• Created new requirement for control of critical hazards

• Focused on definition of a habitable environment in terms of atmospheric parameters [346]

Deleted separate requirement for pressure relief [155]

Removed operating set-points and limited crew control only to what was needed

• Only require crew control of temperature and ventilation [157]

80

Parameter Nominal Minimum Nominal Maximum

3.10.11.1a Cabin Pressure 96.6 kPa (14.2 psia) 103 kPa (14.9 psi)

3.10.11.1b Cabin PPO2 19.5 kPa (2.9 psi) 22.7 kPa (3.3 psi)

3.10.11.1c

Cabin Depress/

Repress Rates No Minimum

Depress: 890 pa/sec

(7.75 psi/min)

Repress: 800 Pa/sec

(6.96 psi/min)

3.10.11.1d Cabin PPCO2 No Minimum 4.0 mmHg (0.077 psi)

3.10.11.1e

Cabin

Temperature 18 °C (64.4 °F) 27 °C (80.6 °F)

3.10.11.1f

Cabin Relative

Humidity 25% 75%

3.10.11.1g

Cabin Velocities

for Mixing

4.6 m/min (15

ft/min) [bulk]

2.13 m/min (7

ft/min) [Min]

36.6 m/min (120

ft/min) [bulk]

60.96 m/min (200

ft/min)[Max]

3.10.11.1h

Cabin

Particulate

Concentration No Minimum

<1 mg/m3 for 0.5 mm

to 10 mm

<3 mg/m3 for 10 mm

to 100 mm

Programmatic Requirements

Deleted Vehicle Performance Management control plan [075]

• Developed a broader set of standards for Margin Management

detailed in CCT-PLN-1120

Eliminated Requirement to Mitigate Hazardous behavior of

software [049]

• Good feedback from industry highlighting difficulty in verification

81


Q&A


Session 4:

SSP 50808 ISS to Commercial Orbital

Transportation Services (COTS) Interface

Requirements Document (IRD)

Kathryn Lueders

ISS Transportation Integration Office

Overview

Provide status of CR 12733, Revise SSP 50808 Revision B,

International Space Station (ISS) to Commercial Orbital

Transportation Services (COTS) Interface Requirements

Document (IRD), to Revision C

Highlight major changes/updates and provide a plan to

baseline SSP 50808 IRD

84

Current Integration Summary

Post IRD release in May – Completed • Tech Authority Standards Reconciliation [Agreement on “shall meet

the intent of” or by alternate standards]

• Added requirement that the vendor MCC or the onboard crew will assess before and after every onboard targeted burn that the vehicle is on a safe trajectory [3.3.2.2.7]

• Updated EVA and IVA requirements for clarity and consistency with JSC-65829 [3.3.8.1.2]

Post IRD release in September – Completed • Incorporation of revised docking interface NASA Docking System

versus International Docking Adapter [3.1.1.3.1]

• New requirement to be certified to dock at all USOS Docking Ports [3.3.7.5.2.4]

• New requirement for Docking Port Relocation [3.3.7.5.2.5]

85

Current Integration Summary

Post IRD release in September – Completed

• New requirement for Safe Haven (Power availability)

[3.2.2.4.1.3(C)]

• Contingency Free Drift (Docking anomaly) [3.3.3.1]

• Common Communications for Visiting Vehicles (C2V2) Updates

[3.3.7.1.2.4]

• Updates to Location Coding [3.3.2.2.12]

• Modification to Safe Without Services Requirement [3.3.11.1.5]

• Added new paragraph to define MCC-H Mission Authority during

vehicle approach [3.1]

• Updated to Emergency Intravehicular Activity Egress Requirement

[3.3.11.1.3.3]

86

Forward Work

Baseline SSP 50808 Rev C on 10/11/2011

NODE 2 ECLSS Design modifications to incorporate active IMV

supply to multiple docking ports (Zenith and Forward)

Assessing NODE 3 NADIR as a second docking port

87


Q&A


Requirements Workshop

Wrap-Up

Brent Jett

NASA Deputy Program Manager

Summary

Reviewed requirement changes since May Requirements Workshop

Many of the changes were due to feedback we received from Industry

Requesting feedback on this new set of CCT Technical Requirements

• Forward all comments to Rogelio Curiel at:

– [email protected]

• For more information on the CCP, visit:

– http://commercialcrew.nasa.gov

90

ISS is Waiting

91

commercial crew program requirements workshop

Documents