Pt. 417, App. J
Appendix J to Part 417—Ground Safety Analysis Report
J417.1 General
(a) This appendix provides the content and format requirements for a ground safety analysis report. A launch operator must perform a ground safety analysis as required by subpart E of part 417 and document the analysis in a ground safety analysis report that satisfies this appendix, as required by § 417.402(d).
(b) A ground safety analysis report must contain hazard analyses that describe each hazard control, and describe a launch operator's hardware, software, and operations so that the FAA can assess the adequacy of the hazard analysis. A launch operator must document each hazard analysis on hazard analysis forms as required by § J417.3(d) and file each system and operation descriptions as a separate volume of the report.
(c) A ground safety analysis report must include a table of contents and provide definitions of any acronyms and unique terms used in the report.
(d) A launch operator's ground safety analysis report may reference other documents filed with the FAA that contain the information required by this appendix.
J417.3 Ground safety analysis report chapters
(a) Introduction. A ground safety analysis report must include an introductory chapter that describes all administrative matters, such as purpose, scope, safety certification of personnel who performed any part of the analysis, and each special interest issue, such as a high-risk situation or potential non-compliance with any applicable FAA requirement.
(b) Launch vehicle and operations summary. A ground safety analysis report must include a chapter that provides general safety information about the vehicle and operations, including the payload and flight termination system. This chapter must serve as an executive summary of detailed information contained within the report.
(c) Systems, subsystems, and operations information. A ground safety analysis report must include a chapter that provides detailed safety information about each launch vehicle system, subsystem and operation and each associated interface. The data in this chapter must include the following:
(1) Introduction. A launch operator's ground safety analysis report must contain an introduction to its systems, subsystems, and operations information that serves as a roadmap and checklist to ensure all applicable items are covered. All flight and ground hardware must be identified with a reference to where the items are discussed in the document. All interfacing hardware and operations must be identified with a reference to where the items are discussed in the document. The introduction must identify interfaces between systems and operations and the boundaries that describe a system or operation.
(2) Subsystem description. For each hardware system identified in a ground safety analysis report as falling under one of the hazardous systems listed in paragraphs (c)(3), (c)(4) and (c)(5) of this section, the report must identify each of the hardware system's subsystems. A ground safety analysis report must describe each hazardous subsystem using the following format:
(i) General description including nomenclature, function, and a pictorial overview;
(ii) Technical operating description including text and figures describing how a subsystem works and any safety features and fault tolerance levels;
(iii) Each safety critical parameter, including those that demonstrate established system safety approaches that are not evident in the technical operating description or figures, such as factors of safety for structures and pressure vessels;
(iv) Each major component, including any part of a subsystem that must be technically described in order to understand the subsystem hazards. For a complex subsystem such as a propulsion subsystem, the ground safety analysis report must provide a majority of the detail of the subsystem including any figures at the major component level such as tanks, engines and vents. The presentation of figures in the report must progress in detail from broad overviews to narrowly focused figures. Each figure must have supporting text that explains what the figure is intended to illustrate;
(v) Ground operations and interfaces including interfaces with other launch vehicle and launch site subsystems. A ground safety analysis report must identify a launch operator's and launch site operator's hazard controls for all operations that are potentially hazardous to the public. The report must contain facility figures that illustrate where hazardous operations take place and must identify all areas where controlled access is employed as a hazard control; and
(vi) Hazard analysis summary of subsystem hazards that identifies each specific hazard and the threat to public safety. This summary must provide cross-references to the hazard analysis form required by paragraph (d) of this section and indicate the nature of the control, such as design margin, fault tolerance, or procedure.
(3) Flight hardware. For each stage of a launch vehicle, a ground safety analysis report must identify all flight hardware systems, using the following sectional format:
(i) Structural and mechanical systems;
(ii) Ordnance systems;
(iii) Propulsion and pressure systems;
(iv) Electrical and non-ionizing radiation systems; and
(v) Ionizing radiation sources and systems.
(4) Ground hardware. A ground safety analysis report must identify the launch operator's and launch site operator's ground hardware, including launch site and ground support equipment, that contains hazardous energy or materials, or that can affect flight hardware that contains hazardous energy or materials. A launch operator must identify all ground hardware by using the following sectional format:
(i) Structural and mechanical ground support and checkout systems;
(ii) Ordnance ground support and checkout systems;
(iii) Propulsion and pressure ground support and checkout systems;
(iv) Electrical and non-ionizing radiation ground support and checkout systems;
(v) Ionizing radiation ground support and checkout systems;
(vi) Hazardous materials; and
(vii) Support and checkout systems and any other safety equipment used to monitor or control a potential hazard not otherwise addressed above.
(5) Flight safety system. A ground safety analysis report must describe each hazard of inadvertent actuation of the launch operator's flight safety system, potential damage to the flight safety system during ground operations, and each hazard control that the launch operator will implement.
(6) Hazardous materials. A ground safety analysis report must:
(i) Identify each hazardous material used in all the launch operator's flight and ground systems, including the quantity and location of each material;
(ii) Contain a summary of the launch operator's approach for protecting the public from toxic plumes, including the toxic concentration thresholds used to control public exposure and a description of any related local agreements;
(iii) Describe any toxic plume model used to protect public safety and contain any algorithms used by the model; and
(iv) Include the products of the launch operator's toxic release hazard analysis for launch processing as defined by section I417.7(m) of appendix I of this part for each launch that involves the use of any toxic propellants.
(d) Hazard analysis. A ground safety analysis report must include a chapter containing a hazard analysis of the launch vehicle and launch vehicle processing and interfaces. The hazard analysis must identify each hazard and all hazard controls that the launch operator will implement. A ground safety analysis report must contain the results of the launch operator's hazard analysis of each system, subsystem, and operation using a standardized format that includes the items listed on the example hazard analysis form provided in figure J417-1 and that satisfies the following:
(1) Introduction. A ground safety analysis report must contain an introduction that serves as a roadmap and checklist to the launch operator's hazard analysis forms. A launch operator must identify all flight hardware, ground hardware, interfacing hardware, and operations with a reference to where the items are discussed in the ground safety analysis report. The introduction must explain how a launch operator presents its hazard analysis in terms of hazard identification numbers as identified in figure J417-1.
(2) Analysis. A launch operator may present each hazard on a separate form or consolidate hazards of a specific system, subsystem, component, or operation onto a single form. There must be at least one form for each hazardous subsystem and each hazardous subsystem operation. A launch operator must state which approach it has chosen in the introduction to the hazard analysis section. A launch operator must track each identified hazard control separately.
(3) Numbering. A launch operator must number each hazard analysis form with the applicable system or subsystem identified. A launch operator must number each line item on a hazard analysis form with numbers and letters provided for multiple entries against an individual line item. A line item consists of a hardware or operation description and a hazard.
(4) Hazard analysis data. A hazard analysis form must contain or reference all information necessary to understand the relationship of a system, subsystem, component, or operation with a hazard cause, control, and verification.
(e) Hazard analysis supporting data. A ground safety analysis report must include data that supports the hazard analysis. If such data does not fit onto the hazard analysis form, a launch operator must provide the data in a supporting data chapter. This chapter must contain a table of contents and may reference other documents that contain supporting data.