Bremerton Safety Council
Camera Hazard List
Frank O’Neill
Safety Support
August 18, 2015
1
Corner Rafts/Science Rafts/Sensors
2
Corner Rafts/Science Rafts/Sensors
3
Corner Rafts/Science Rafts/Sensors
4
Corner Rafts/Science Rafts/Sensors
5
Corner Rafts/Science Rafts/Sensors
6
Corner Rafts/Science Rafts/Sensors
7
Corner Rafts/Science Rafts/Sensors
8
Corner Rafts/Science Rafts/Sensors
9
Corner Rafts/Science Rafts/Sensors
10
Corner Rafts/Science Rafts/Sensors
11
Corner Rafts/Science Rafts/Sensors
12
Corner Rafts/Science Rafts/Sensors
13
Corner Rafts/Science Rafts/Sensors
14
Corner Rafts/Science Rafts/Sensors
15
Corner Raft
16
Corner Rafts/Science Rafts/Sensors
17
Corner Rafts/Science Rafts/Sensors
18
Corner Rafts/Science Rafts/Sensors
19
Corner Rafts/Science Rafts/Sensors
20
Corner Rafts/Science Rafts/Sensors
21
Corner Rafts/Science Rafts/Sensors
22
Corner Rafts/Science Rafts/Sensors
23
Cryostat
24
Cryostat
25
Cryostat
26
Cryostat
27
Filter Exchange System
28
Filter Exchange System
29
Filter Exchange System
30
Filter Exchange System
31
Filter Exchange System
32
Filter Exchange System
33
Filter Exchange System
34
Filter Exchange System
35
Filter Exchange System
36
Filter Exchange System
37
Filter Exchange System
38
Filter Exchange System
39
Filter Exchange System
40
Filter Exchange System
41
Filter Exchange System
42
Filter Exchange System
43
Filter Exchange System
44
Filter Exchange System
45
Filter Exchange System
46
L3
47
L3
48
L3
49
L3
50
L3
51
L1/L2
52
L1/L2
53
L1/L2
54
L1/L2
55
L1/L2
56
57
Cryostat Final Design Review
Safety-Hazards
J. Langton
Subsystem Engineering Manager
June 9-10, 2015
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
58
Cryostat Hazard Analysis Report
•
•
•
The Camera has drafted a Hazard Analysis Report (LCA-0014)
– LCA -0014 explores and explains, in detail, the integrated camera and individual
subsystems design and function and identifies potential hazards.
The cryostat chapter of the HAR evaluates the associated hazards in detail.
– Cryostat HAR provides the cryostat physical description and function.
– Cryostat HAR evaluates each hazard area in detail and provides definition and
explanation of the related controls and mitigations.
Cryostat hazard areas:
– Thermal and Cryogenic
– Pressure and Vacuum
– Structural
– Electrical
– Control
– Environmental
– Fire
– Materials and Substances
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
59
Cryostat Hazard Analysis
•
•
The camera has a drafted a hazard lists (LCA-15 & O&SHA)
– Operating and support hazard analysis tabluate hazards associsted with camera
operations phase.
– Lists tabulate all of our identified hazards, plans to mitigate them, and plans to
verify that the mitigation is, in fact, operating as required.
– The Hazard List uses a semi-quantitative analysis to rank hazards by probability of
occurrence and severity of impact.
The cryostat system carries:
– A total of 24 hazards
– No “High” hazards
– 3 “Serious” hazards (unmitigated)
• Cryostat vacuum-pressure failure.
• Overpressure failure of cryostat.
• Asphyxiation due to release of refrigerant
– All hazards are medium and Low assessment after mitigation
• Why not all hazards mitigated to “low”?
• Because, with very few exceptions, the severity of a hazard cannot be reduced. Only the
probability of a hazard occurring can be addressed by mitigation and that sets a certain
lower bound for any specific hazard.
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
60
Hazard Definition & Assessment Methodology
Hazards can be defined as a failure of a component, system or function that could lead to personal injury
or damage to hardware.
Assessment
– Hazard
Hazards
are NOT risks.
Hazard Severity Classification
Potential Consequences
Injury: may cause death or permanently-disabling injury
Catastrophic Property damage: near-complete loss of camera system
Environment: irreversible severe environmental damage
Injury: severe injury, occupational illness, or permanent partial
disability
Property damage: major damage to system; loss of major
Critical
subsystem(s)
Class Description
Injury: minor first aid treatment; personal health not affected
4
Negligible
Property damage: more than normal wear and tear; easily recoverable
within scope of standard maintenance
4—Negligible
Property damage: minor damage to camera or subsystem,
recoverable with minimal impact on program
Environment: mitigatible environmental damage, where restoration
activities can be accomplished
3—Marginal
Injury: minor injury or occupational illness
Marginal
A—Frequent
1
3
7
13
B—Probable
2
5
9
16
C—Possible
4
6
11
18
D—Remote
8
10
14
19
12
15
17
20
Mishap Risk
Assessment
Value
Environment: significant reversible environmental damage
3
2—Critical
2
Severity
1—Catastrophic
1
Prboability
•
Environment: minimal environmental damage
E—Improbable
Hazard Probability Level
Frequency of
Level
Occurrence
Definition
Mishap Risk Categories
Risk Assessment
Value
Description
Will occur several times in the life of the Camera
1-5
High
Possible
Likely to occur sometime in the life of the Camera
6-9
Serious
D
Remote
Unlikely but possible to occur in the life of the Camera
10-17
Medium
E
Improbable
So unlikely, it can be assumed occurrence may not be experienced
18-20
Low
A
Frequent
Likely to occur often in the life of the Camera
B
Probable
C
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
61
Cryostat Hazard List
What’s the failure & mode?
Hazard assessment before protection
How are you protecting
against the failure?
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
How are you assuring
protections work?
Hazard assessment after
protection
62
Cryostat Hazards Detail
•
Cryostat hazards are loosely grouped as follows:
Personnel injury due to unplanned release or venting of gases or fluids.
Mechanical failure—failure of a component due to improper system design or usage.
Control or operations failure—damage due to incorrect operation or loss of transducer.
Hazard Description
Mitigation
Verification
#021-Asphyxiation due to release of refrigerant
1-provide ventilation of room suffcient to remove
limiited refrigerant quantity of system charge
2-employ oxygen deficiency monitor in utility
room
1-test ventilation system for adequate
(as designed) performance for air
change rate
2-Test ODM periodically, verify alarm
set point.
3-Ensure training is adequate and
retraining frequency is consistent with
needs.
#001-Failure of a vacuum seal in the cryostat
leads to uncontrolled venting of the cryostat,
possibly introducing contaminants and water
vapor into the cryostat which could damage the
detectors
1-Use double O-ring seals with an intermediate
vacuum groove at all bolted joints. Failure of one
seal can be detected.
2-use of all metal seals wherever possible
3-ensure all valve are normally closed / fail to safe
configuration
4-ensure redundant valve for all critical locations,
5- implement control system with valve
sequencing ensuring proper operation
6-test and verification of vacuum control system
with double check function confirmation to
ensure no unintended vent.
1-Test vacuum-tightness of each of the
double O-ring seals
2-design reviews of system to ensure
proper component selection
#010-Cryo or Cold Plate exceed their max
operating limits
1-design hardware to survive maximum possible
temperature with heaters on / refrig lower
cooling capacity
2- Temp sensors on Cryo and Cold plates provide
feedback; over-temp switches cut power to
heaters and RCM power supplies
1-Test montiring feedback control and
over-temp switches
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
63
Hazard Mitigations and Verification
•
•
There are 6 ways to mitigate a hazard
– Eliminate hazard: Remove the hazard altogether
– Control hazard: Change design/manufacturing
plans to reduce risk of mishap
– Safety feature: Incorporate passive or static
interveners to prevent a mishap
– Safety device: Add active device or monitor to
interrupt mishap sequence
– Warning device: Incorporate monitors and
warning of incipient mishap
– Procedure, training: Invoke special procedures,
PPE, dedicated equipment
And 5 ways to verify those mitigations:
– Test: Functional test of installed system verifies
mitigation functions correctly
– Inspection: Visual inspection or measurement
verifies mitigation is applied as-req'd
– Process control: Control parts/mat'l selection;
qual/proof test; fab/ass'y process controls
– Audit: Check of in situ mitigations verifies that
they are being used
– Review: Review or analysis of mitigation plans
indicates that they will reduce hazard level
Cryostat Mitigation Strategy
4
9
0
5
1
4
23
11
1
5
3
3
23
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
Eliminate hazard
Control hazard
Safety feature
Safety device
Warning device
Procedure, training
Total
Cryostat Verification Method
Test
Inspection
Process control
Audit
Review
Total
64
Cryostat Hazard Reports
•
•
•
•
•
•
The Camera Safety officer reviews the hazard analysis. Specific hazards identified as “High”
or “Serious,” or with causes that are particularly complex are flagged and Hazard Reports
completed.
LCA-10742 reports on the cryostat housing hazard of structural failure due to overpressure.
The reports details the hazard:
– ...If these gas supplies are not properly engineered and operated there could be a
hazard buildup of pressure in the cryostat vacuum ….
The controls / actions:
– 1-Design cryostat for overpressure loads with recommended safety factors
– 2-Include burst disk and / or pressure relief valve on cryostat vacuum system
– 3-Restrict……..
The effects:
– 1-ensure if an over pressure condition develops the structural integrity……..
– 2- ensure if fault or failure occurs and uncontrolled supply of gas…..
– 3-ensure that the total pressure……
The verifications required:
– 1-Proof test cryostat to maximum expected overpressure……..
– 2-Proof test pressure relief valve………
– 3-Verify that burst disk……….
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
65
Summary
•
Affect on CD-2 readiness
– We have identified mitigations for all 18 hazards.
– The mitigations reduce hazard assessments to the lowest level achievable.
– Verifications requirements for mitigations established and documented.
•
Hazard reports and assessments have been reviewed and updated in preparation
for FDR
Cryostat hazard definition and assessment is mature.
Mitigations are identified and integrated into the project execution and / or system
designs.
Hazard assessments and mitigations consistent with CD-3 readiness.
•
•
•
LSST CRYOSTAT FDR • SLAC, Menlo Park, CA • June 9-10, 2015
66
End of Presentation