Viewing page 19 of 172

This transcription has been completed. Contact us with corrections.

panel include interpreting safety requirements, conducting safety reviews, and assessing payload compliance with NASA Handbook (NHB) 1700.7A.

There is a potential for the appearance of a conflict of interest with the present panel organization. This is caused by its chairman coming from the same organization responsible for integrating payloads. It has been suggested that the Safety, Reliability, and Quality Assurance (SR&QA) Office co-chair the panel with the present chairman to remove the potential conflict. There is no evidence that payload safety has been compromised to date as a result of the current organization.

Generally, the current payload safety process is adequate. A number of past problems have highlighted issues that should be worked. Though the process is rigorous, it occasionally identifies problems for resolution later than desired. This can be due to late changes in the payload design or late inputs from the payload developer. A problem with ARABSAT caused by dealing with a third party rather than the payload contractor has been procedurally corrected for future flights. The Payload Safety Panel will always deal directly with the prime payload contractor.

Payload safety documentation needs to be updated. The requirements documents NHB 1700.7 and JSC-18798 contain some conflicting statements. One such inconsistancy [[inconsistency]] concerns conducting safety reviews at the contractor's facilities. There is currently no formal statement that authorizes NASA to audit a payload developer to assure compliance with NSTS payload safety requirements.

The Centaur upper stage is the most complicated payload to be integrated into the Orbiter to date. The payload safety process for Centaur, as a result, has been unique and more troublesome than for any other payload.

The Lewis Research Center is responsible for the Centaur vehicle and support equipment. JSC is responsible for integration of the Centaur and support equipment into the Orbiter. Integration of a pressure stabilized cryogenic upper stage into the STS is, without doubt, the most demanding payload integration activity undertaken by the STS. The potential for a catastrophic hazard is present until the Centaur is deployed from the Orbiter. The control of hazards associated with launch aborts with the Centaur onboard the Orbiter drives many of the demanding hardware and software requirements.

Several areas of concern still exist with respect to the Centaur design and/or integration into the STS in that potentially serious single point failures continue to be identified in the present timeframe that were not identified by the Centaur program through the normal safety process. The normal payload safety process was inadequate in that it allowed single point failures to remain undetected until within months of the planned launch.

-57-