NORMA (S) OBJETO DE PRONUNCIAMIENTO

The ISS Program has demonstrated that it follows through with well-thought-out design, test and verification, and acceptance test processes for hardware and software development to prevent design flaws that could result in fatal systems or hardware failures. Processes are also in place to monitor the on-orbit systems to detect and address critical system

performance issues.

Design Specification Methodology

The functional and design requirements for the ISS in its Assembly Complete configuration are specified in ISS Program document SSP 41000, “System Specification for the International Space Station.” Top-level ISS system requirements form the foundation for the functional flow- down of performance and design requirements to the more detailed, lower-level segment specifications. Manufacturing requirements such as materials and process requirements or EEE parts selection are invoked as applicable documents in the system and segment specifications.

The system specification specifies that the methods for controlling critical and catastrophic hazards are failure tolerance and design for minimum risk. As discussed in Section 3, major requirements are (1) the design must be two failure tolerant to catastrophic hazard, (2) the design must be one failure tolerant to critical hazard, and (3) “design for minimum risk” is applied to areas where hazards are controlled by safety-related properties and/or the charac- teristics of the design rather than by failure-tolerance criteria. These requirements ensure that the failure tolerance applied to system design ensures that a credible failure does not invalidate the safety-related properties of the design.

Testing and Verification Methodology

The overall objective of the ISS verification program is to ensure that as-built hardware and software meet the Program’s specified technical requirements. Due to the special chal- lenges of assembling and integrating the ISS in space, additional emphasis has been given to integrated physical testing and verification of the modules. The closure (verification) of all specification requirements is accomplished with a bottom-up approach from the implement- ation level to the system level. The basic verification approach involves testing at the lowest levels to assure complete specification compliance prior to the shipment of the element or component. In addition, the verification approach certifies that the elements or components will successfully interface with the planned on-orbit assembly stage; interface with all sub- sequent stage assemblies; and fulfill its contribution to final on-orbit configuration per- formance. Finally, the verification program confirms that elements and components comply with ISS Program specification requirements and function properly as integrated units.

The Program’s integrated verification and testing philosophy has evolved over time. Initially, the primary method employed to satisfy the ISS system- and segment-level spec- ifications was verification by analysis. As the hardware was developed and the need to verify physical and software interfaces was defined, specific risk-reduction processes and activities were approved for critical interfaces. These included (a) the five-step integrated verification process, (b) the physical verification integration process, and (c) the MEIT sequence. The five-step integrated verification process is a defined and systematic process applied to all of the Program’s requirements that assigns technical and organizational responsibility for the requirement, stage applicability, verification planning, and closure tracking requirements. This process is one of the foundations of the ISS Program’s stage certifications. The physical verification integration process is a method of verifying the physical interfaces of elements by measuring and verifying the actual flight hardware interfaces, performing analyses to ensure the elements will successfully mate on orbit, and performing verification of inter-module flight electrical and data cabling and all fluid connections between elements. The MEIT process was developed to reduce risks across multiple elements prior to launch. MEIT focuses on distributed systems and interface operability and functionality under nominal redundancy management schemes and critical operating scenarios. The test configuration is the flight hardware being readied for launch configured as close to the on-orbit configuration as possible and a high-fidelity simulation of the systems already on orbit. MEIT verifies that there is subsystem functionality across element interfaces and performs a limited hardware and software test with the latest flight software release.

Hardware and Software Acceptance Process

The ISS Program hardware and software is accepted at the ORU, element, and stage level through a series of reviews and audits that verifies that the design meets the requirements, that the as-built hardware meets the design, that the integrated elements and/or assemblies meet the stage verifications, and that the elements and hardware are processed per their pre- launch requirements. The process is mature and well documented and has been applied to the NASA and IP elements.

On-Orbit System Monitoring

The on-orbit vehicle is distributed by system and, as such, is operated and monitored by an integrated group of engineering and operations systems experts. The type of support and expertise is determined by the specific skills required during a particular timeframe (e.g., additional structural expertise will be available during on-orbit assembly of two struc- tural elements). The Flight Control Room (FCR), which is operated by the Mission Operations Directorate, provides real-time on-orbit vehicle monitoring and support. All of the operations overseen by the FCR are governed by engineering-approved Flight Rules and operating procedures. The ISS MER, which is operated by the ISS Program and staffed by subsystem engineering per- sonnel, complements the FCR by providing near-real-time data monitoring, trending analysis, and anomaly resolution support. The MER contains engineering system experts who support operations personnel for significant on-orbit activities; monitors on-orbit vehicle performance during normal business hours and at other times as required; and addresses anomalies to mini- mize impacts to the crew, the vehicle, and continued operations. Finally, the system teams, which are staffed by specific system experts, provide ongoing sustaining engineering of the vehicle including preparation for Shuttle flight or EVA operations, complete resolution and recurrence control for anomalies, and performing long-term system performance trending. The ISS Program demonstrated that there are established documented processes and procedures in place for all time phases of vehicle operation and monitoring.

One of the challenges of the ISS Program is that the NASA system teams must integrate with their IP counterparts as well as among themselves. This provides a level of complexity to on-orbit operations previously not experienced for human space flight. More importantly, it provides NASA critical expertise that is needed for the safety of future ISS operations and has implications for future international human space flight endeavors. The NASA team has been working with Russia and Canada for more than six years and has established integrated flight operations processes and management forums. These processes and agreements are documented in joint protocols; Flight Rules; multilateral documents; contracts; MOUs; and the charters for Multilateral Control Boards including the ISS Mission Management Team, the Space Station Control Board, and multilateral Vehicle, Program Integration, Avionics and Software, and Mission Integrated Operations Control Boards. In addition at the system- sustaining level, critical multilateral system engineering teams are being in preparation for activation of the JEM and the ESA Columbus module. These agreements show that the ISS Program understands the breadth and depth of international cooperation and the coordina- tion required to sustain and operate an international vehicle.

4.1.7 Extravehicular activity