Deja Vu with Overlooked Safety-Critical Item Verification

摘要

Fifteen years ago, Contractor A performed a Failure Mode, Effects, and Criticality (FMECA) on an unnamed defense satellite system and identified several System Safety Criticality 1 and 2 single point failure modes (SPFMs). One of the ground rules of this FMECA was to accept all SPFMs with a probability of occurrence that is less than 0.001, i.e. one in one-thousand. After the program was into its fifth year, a Government auditor asked the contractor how was the reliability of each SPFM verified. The contractor could not answer that question because no Critical Item Control Plan had been included in the Quality Assurance section of the Statement of Work (SOW). Now fast forward to the present time. Contractor B performed a FMECA on an unnamed defense satellite system and identified several System Safety Criticality 1 and 2 structural failure modes. One of the ground rules of this FMECA was to accept all structural failure modes that meet the design-to safety margin requirements. However, when a Government auditor reviewed the contractor’s Hazard Tracking System, none of the hazard reports included evidence that the durability of safety-critical structural items had been verified. These two examples of overlooked safety-critical item verification occurred fifteen years apart, but they have the same root cause – a lack of understanding of the essential interactions between FMECA and Hazard Analysis. This paper compares three different FMECA standards to determine how their results would differ if applied in the same high-criticality mission US defense system acquisition program. In this study, the selection of applicable FMECA activities is based on the typical tailoring of the SMC-S-013, Section 5.2.2 (ref. 1). SMC-S-013 is one of the standards on the Space and Missile Systems Center (SMC) Mandatory Documents List for SMC Acquisitions, which is required on every SMC satellite acquisition contract. The second FMECA standard included in this study is the AIAA Standard S-102.2.4-2015, Capability-based Product Failure Modes, Effects, and Criticality Analysis (FMECA) Requirements (ref. 2). S-102.2.4-2015 is a commercial standard that defines a structured process for tailoring the contractor’s FMECA process so the overall effort is commensurate with the safety-criticality of the system. Finally, the third FMECA standard included in this study is MIL-STD-1543B, Task 204 and Task 208 (ref. 3), which was used in SMC Acquisitions from 1988 until the Acquisition Reform era started in 1998.