La NASA ha rilasciato il documento che elenca i requisiti richiesti ai mezzi delle Società che intendono partecipare alla gara per il contratto di fornitura di servizi di trasporto di equipaggio in LEO.
Mentre la maggior parte dei requisiti, soprattutto di costruzione e sicurezza fanno riferimento a standard già pubblicati da diversi enti e sono stati presi “in toto” richiedendone la completa rispondenza altri sono stati richiesti “ad hoc” dalla NASA per questo tipo di attività.
Fra quelli fondamentali e critici ci sono sicuramente i valori di LOC (Loss of Crew) e LOM (Loss of Mission) statistici che vengono richiesti per una missione di 210 giorni in orbita agganciati alla ISS. I valori massimi accettabili sono rispettivamente di 1 su 1000 per la fase di ascesa e 1 su 1000 per quella di rientro per il LOC e 1 su 55 per il LOM (1 su 200 per Orion più lanciatore) facendo ricadere un rientro anticipato in questa casistica e considerando per tali valori il complesso capsula più lanciatore.
Molti altri requisiti di sicurezza, seppur in maniera generica, sono elencati nel documento pubblicato a partire dalle ridondanze, le analisi di rischio, i sistemi di emergenza e le modalità di avaria analizzate. Per quanto riguarda i requisiti tecnici e di certificazione dei sistemi invece il documento riporta a Standard NASA e di altri enti già pubblicati e in utilizzo.
A titolo di consultazione si riportano qui di seguito gli estratti dei soli requisiti di sicurezza imposti per la certificazione:
[i]The CCTS shall provide the capability to sustain a safe, habitable environment for the crew.
The CCTS shall safely execute the Loss of Crew (LOC) requirements specific to the NASA Design Reference Mission (DRM). The Programs shall determine and document the LOC risk when DRMs are specified.
The CCTS shall limit the Loss of Mission (LOM) risk for the specified NASA DRMs. The Programs shall determine and document the LOM risk when DRMs are specified.
The CCTS shall provide failure tolerance to catastrophic events, with the specific level of failure tolerance (one, two, or more) and implementation (similar or dissimilar redundancy) derived from an integrated design and safety analysis.
The CCTS shall provide the appropriate failure tolerance capability defined in 5.2.4 without the use of emergency equipment and systems.
For an ISS DRM, the CCTS shall comply with requirements for failuretolerance during ISS proximity operations and the ISS docked phase as defined in SSP 50808 Section 3.3.11.1.
The CCTS shall be designed to tolerate inadvertent operator action (minimum of one inadvertent action), as identified by a human error analysis, without causing a catastrophic event.
The CCTS shall tolerate inadvertent operator action in the presence of any single system failure.
The CCTS shall provide the capability to mitigate the hazardous behavior of critical software where the hazardous behavior would result in a catastrophic event.
The CCTS shall provide the capability to detect and annunciate faults that affect critical systems, subsystems, and/or crew health.
The CCTS shall provide the capability to isolate and/or recover from faults identified during system development that would result in a catastrophic event.
The CCTS shall provide the capability to utilize health and status data (including system performance data) of critical systems and subsystems to facilitate anomaly resolution during and after the mission.
The CCTS shall provide the capability for autonomous operation of system and subsystem functions, which, if lost, would result in a catastrophic event.
The CCTS shall provide the capability for the crew to readily access equipment involved in the response to emergency situations and the capability to gain access to equipment needed for follow-up/recovery operations.
The crewed CCTS shall provide the capability for the crew to monitor, operate, and control the crewed space system and subsystems, where:
a. The capability is necessary to execute the mission; or
b. The capability would prevent a catastrophic event; or
c. The capability would prevent an abort.
The crewed CCTS shall provide the capability for the crew to manually override higher level software control/automation (such as automated abort initiation, configuration change, and mode change) when the transition to manual control of the system will not cause a catastrophic event.
The CCTS shall provide the capability for humans to remotely monitor, operate, and control the crewed system elements and subsystems, where:
a. The remote capability is necessary to execute the mission; or
b. The remote capability would prevent a catastrophic event; or
c. The remote capability would prevent an abort.
The crewed CCTS shall provide the capability for the crew to manually control the flight path and attitude of their spacecraft, with the following exception: during the atmospheric portion of Earth ascent when structural and thermal margins have been determined to negate the benefits of manual control.
The crewed CCTS shall exhibit Level 1 handling qualities (Handling Qualities Rating (HQR) 1, 2 and 3), as defined by the Cooper-Harper Rating Scale, during manual control of the spacecraft’s flight path and attitude.
The CCTS shall provide the capability for the crew to monitor, operate, and control an uncrewed spacecraft during proximity operations, where:
a. The capability is necessary to execute the mission; or
b. The capability would prevent a catastrophic event; or
c. The capability would prevent an abort.
The crewed CCTS shall provide the capability for direct voice communication between crewed spacecraft (2 or more) during proximity operations.
The CCTS shall provide the capability for unassisted crew emergency egress to a safe haven during prelaunch activities.
The CCTS shall provide abort capability from the launch pad until orbit insertion to protect for the following ascent failure scenarios (minimum list):
a. Complete loss of ascent thrust/propulsion.
b. Loss of attitude or flight path control.
c. Catastrophic event on pad or in flight
The crewed CCTS shall monitor the ascent launch vehicle performance and automatically initiate an abort when an impending catastrophic failure is detected.
The CCTS shall provide the capability for the crew to initiate the ascent abort sequence.
The CCTS shall provide the capability for the ground control to initiate the ascent abort sequence.
If a range safety destruct system is incorporated into the design, the CCTS shall automatically initiate the ascent abort sequence when range safety destruct commands are received onboard, with an adequate time delay prior to destruction of the launch vehicle to allow a successful abort.
The crewed CCTS shall provide the capability to autonomously abort the mission from orbit by targeting and performing de-orbits to a safe landing.
The crewed CCTS shall provide the capability for unassisted crew emergency egress after landing.
The crewed CCTS shall provide a safe haven capability for the crew inside the spacecraft after landing until the arrival of the landing recovery team or rescue forces.
The CCTS shall provide recovery forces with the location of the spacecraft after return to Earth.[/i]
Per la lettura completa del documento: http://www.nasa.gov/pdf/504982main_CCTSCR_Dec-08_Basic_Web.pdf
Fonte: NASA