1.背景
图片来源: [1]
NASA在其官网上公开了这份“Commercial Crew Transportation Capability (CCtCap) contracts”的部分内容。鉴于航天技术的敏感性,该公开版本中许多地方(如价格等)已被NASA涂黑屏蔽了,因此许多具体的细节我们不得而知。但至少可以管中窥豹,看看在这样一个大型的项目中,NASA对于SpaceX大致有哪些安全性方面的合同要求。
须为航天员提供安全的工作环境。
系统需满足由NASA的设计参考任务(Design Reference Mission,DRM)计算出的机组损失(Loss of Crew,LOC)指标。
系统应具备对灾难性事件的容错能力,而无需使用应急设备和系统。
系统的设计应能够承受操作员的无意误操作(至少一项),而不会引起灾难性事件。
系统应能承受在任何单个系统故障发生时,操作员的无意误操作。
系统应具有减轻安全关键软件的危险后果的能力。
系统应具有检测关键系统、子系统和/或机组故障状态的能力。
系统须提供故障隔离和/或故障恢复。
系统必须能利用关键系统和子系统的健康状态数据,来解决任务期间和任务之后的异常。
系统必须提供系统和子系统的自主操作功能。
上述14条要求详见[2]。英文原文如下:
5.2.1 The CCTS shall provide the capability to sustain a safe, habitable environment for the crew.
5.2.2 The CCTS shall safely execute the Loss of Crew (LOC) requirements specific to the NASA Design Reference Mission (DRM). The Programs shall determine and document the LOC risk when DRMs are specified.
5.2.3 The CCTS shall limit the Loss of Mission (LOM) risk for the specified NASA DRMs. The Programs shall determine and document the LOM risk when DRMs are specified.
5.2.4 The CCTS shall provide failure tolerance to catastrophic events, with the specific level of failure tolerance (one, two, or more) and implementation (similar or dissimilar redundancy) derived from an integrated design and safety analysis.
5.2.5 The CCTS shall provide the appropriate failure tolerance capability defined in 5.2.4 without the use of emergency equipment and systems.
5.2.6 For an ISS DRM, the CCTS shall comply with requirements for failure tolerance during ISS proximity operations and the ISS docked phase as defined in SSP 50808 Section 3.3.11.1.
5.2.7 The CCTS shall be designed to tolerate inadvertent operator action (minimum of one inadvertent action), as identified by a human error analysis, without causing a catastrophic event.
5.2.8 The CCTS shall tolerate inadvertent operator action in the presence of any single system failure.
5.2.9 The CCTS shall provide the capability to mitigate the hazardous behavior of critical software where the hazardous behavior would result in a catastrophic event.
5.2.10 The CCTS shall provide the capability to detect and annunciate faults that affect critical systems, subsystems, and/or crew health.
5.2.11 The CCTS shall provide the capability to isolate and/or recover from faults identified during system development that would result in a catastrophic event.
5.2.12 The CCTS shall provide the capability to utilize health and status data (including system performance data) of critical systems and subsystems to facilitate anomaly resolution during and after the mission.
5.2.13 The CCTS shall provide the capability for autonomous operation of system and subsystem functions, which, if lost, would result in a catastrophic event.
5.2.14 The CCTS shall provide the capability for the crew to readily access equipment involved in the response to emergency situations and the capability to gain access to equipment needed for follow-up/recovery operations.
Risk Management(附件的第三部分Appendix J-03的1.2.4章节)
Safety and Mission Assurance(附件的第三部分Appendix J-03的1.2.5章节)
本节提到的各项工作要求,相信大家都并不陌生,包括:FMECA、Hazard analysis、Probability safety analysis和Software safety analysis。
此外,通过Attachment J-03的Appendix A, Milestone Acceptance Criteria and Payment Schedule,我们至少能看到的相关交付物包括:Human Error Analysis,Integrated Probabilistic Safety Analysis,Hazard Report Status,Fault Tolerance Assessment。
如前所述,根据合同附件的第三部分Appendix J-03,NASA要求SpaceX 符合CCT-PLN-1120,以满足CCT-REQ-1130和SSP 50808的要求。CCT-PLN-1120是Crew Transportation Technical Management Processes,CCT-REQ-1130是Crew Transportation and Services Requirements,SSP 50808是ISS Visiting Vehicle Requirements。它们属于NASA对于Commercial Crew Program的供应商要求标准。这些标准的关系如下图所示。
指标要求:这里对各个安全性指标进行了量化。
如何验证:
通过公开检索到的NASA与SpaceX的公开合同,可以大致看到:
NASA对于SpaceX的安全性指标包括:Loss of Crew (LOC),Loss of Mission (LOM)等。
NASA对于SpaceX的安全性工作要求至少包括FMECA,Hazard Analysis,Probability safety analysis,Software safety analysis, Human Error Analysis,Fault Tolerance Analysis等。
本文所探讨的仅仅只是冰山一角。没有涉及NASA对于SpaceX的其它各种要求,例如功能需求、设计、测试、试验等各种重要因素,仅仅孤立、片面地着眼于公开合同中的部分安全性相关要求。感兴趣的朋友可通过文末的参考资料进一步探究。
已完成
数据加载中