Appendix J to Part 417 - Ground Safety Analysis Report
14:4.0.2.9.10.7.24.1.25 : Appendix J
Appendix J to Part 417 - Ground Safety Analysis Report J417.1
General
(a) This appendix provides the content and format requirements
for a ground safety analysis report. A launch operator must perform
a ground safety analysis as required by subpart E of part 417 and
document the analysis in a ground safety analysis report that
satisfies this appendix, as required by § 417.402(d).
(b) A ground safety analysis report must contain hazard analyses
that describe each hazard control, and describe a launch operator's
hardware, software, and operations so that the FAA can assess the
adequacy of the hazard analysis. A launch operator must document
each hazard analysis on hazard analysis forms as required by §
J417.3(d) and file each system and operation descriptions as a
separate volume of the report.
(c) A ground safety analysis report must include a table of
contents and provide definitions of any acronyms and unique terms
used in the report.
(d) A launch operator's ground safety analysis report may
reference other documents filed with the FAA that contain the
information required by this appendix.
J417.3 Ground safety analysis report chapters
(a) Introduction. A ground safety analysis report must
include an introductory chapter that describes all administrative
matters, such as purpose, scope, safety certification of personnel
who performed any part of the analysis, and each special interest
issue, such as a high-risk situation or potential non-compliance
with any applicable FAA requirement.
(b) Launch vehicle and operations summary. A ground
safety analysis report must include a chapter that provides general
safety information about the vehicle and operations, including the
payload and flight termination system. This chapter must serve as
an executive summary of detailed information contained within the
report.
(c) Systems, subsystems, and operations information. A
ground safety analysis report must include a chapter that provides
detailed safety information about each launch vehicle system,
subsystem and operation and each associated interface. The data in
this chapter must include the following:
(1) Introduction. A launch operator's ground safety
analysis report must contain an introduction to its systems,
subsystems, and operations information that serves as a roadmap and
checklist to ensure all applicable items are covered. All flight
and ground hardware must be identified with a reference to where
the items are discussed in the document. All interfacing hardware
and operations must be identified with a reference to where the
items are discussed in the document. The introduction must identify
interfaces between systems and operations and the boundaries that
describe a system or operation.
(2) Subsystem description. For each hardware system
identified in a ground safety analysis report as falling under one
of the hazardous systems listed in paragraphs (c)(3), (c)(4) and
(c)(5) of this section, the report must identify each of the
hardware system's subsystems. A ground safety analysis report must
describe each hazardous subsystem using the following format:
(i) General description including nomenclature, function, and a
pictorial overview;
(ii) Technical operating description including text and figures
describing how a subsystem works and any safety features and fault
tolerance levels;
(iii) Each safety critical parameter, including those that
demonstrate established system safety approaches that are not
evident in the technical operating description or figures, such as
factors of safety for structures and pressure vessels;
(iv) Each major component, including any part of a subsystem
that must be technically described in order to understand the
subsystem hazards. For a complex subsystem such as a propulsion
subsystem, the ground safety analysis report must provide a
majority of the detail of the subsystem including any figures at
the major component level such as tanks, engines and vents. The
presentation of figures in the report must progress in detail from
broad overviews to narrowly focused figures. Each figure must have
supporting text that explains what the figure is intended to
illustrate;
(v) Ground operations and interfaces including interfaces with
other launch vehicle and launch site subsystems. A ground safety
analysis report must identify a launch operator's and launch site
operator's hazard controls for all operations that are potentially
hazardous to the public. The report must contain facility figures
that illustrate where hazardous operations take place and must
identify all areas where controlled access is employed as a hazard
control; and
(vi) Hazard analysis summary of subsystem hazards that
identifies each specific hazard and the threat to public safety.
This summary must provide cross-references to the hazard analysis
form required by paragraph (d) of this section and indicate the
nature of the control, such as design margin, fault tolerance, or
procedure.
(3) Flight hardware. For each stage of a launch vehicle,
a ground safety analysis report must identify all flight hardware
systems, using the following sectional format:
(i) Structural and mechanical systems;
(ii) Ordnance systems;
(iii) Propulsion and pressure systems;
(iv) Electrical and non-ionizing radiation systems; and
(v) Ionizing radiation sources and systems.
(4) Ground hardware. A ground safety analysis report must
identify the launch operator's and launch site operator's ground
hardware, including launch site and ground support equipment, that
contains hazardous energy or materials, or that can affect flight
hardware that contains hazardous energy or materials. A launch
operator must identify all ground hardware by using the following
sectional format:
(i) Structural and mechanical ground support and checkout
systems;
(ii) Ordnance ground support and checkout systems;
(iii) Propulsion and pressure ground support and checkout
systems;
(iv) Electrical and non-ionizing radiation ground support and
checkout systems;
(v) Ionizing radiation ground support and checkout systems;
(vi) Hazardous materials; and
(vii) Support and checkout systems and any other safety
equipment used to monitor or control a potential hazard not
otherwise addressed above.
(5) Flight safety system. A ground safety analysis report
must describe each hazard of inadvertent actuation of the launch
operator's flight safety system, potential damage to the flight
safety system during ground operations, and each hazard control
that the launch operator will implement.
(6) Hazardous materials. A ground safety analysis report
must:
(i) Identify each hazardous material used in all the launch
operator's flight and ground systems, including the quantity and
location of each material;
(ii) Contain a summary of the launch operator's approach for
protecting the public from toxic plumes, including the toxic
concentration thresholds used to control public exposure and a
description of any related local agreements;
(iii) Describe any toxic plume model used to protect public
safety and contain any algorithms used by the model; and
(iv) Include the products of the launch operator's toxic release
hazard analysis for launch processing as defined by section
I417.7(m) of appendix I of this part for each launch that involves
the use of any toxic propellants.
(d) Hazard analysis. A ground safety analysis report must
include a chapter containing a hazard analysis of the launch
vehicle and launch vehicle processing and interfaces. The hazard
analysis must identify each hazard and all hazard controls that the
launch operator will implement. A ground safety analysis report
must contain the results of the launch operator's hazard analysis
of each system, subsystem, and operation using a standardized
format that includes the items listed on the example hazard
analysis form provided in figure J417-1 and that satisfies the
following:
(1) Introduction. A ground safety analysis report must
contain an introduction that serves as a roadmap and checklist to
the launch operator's hazard analysis forms. A launch operator must
identify all flight hardware, ground hardware, interfacing
hardware, and operations with a reference to where the items are
discussed in the ground safety analysis report. The introduction
must explain how a launch operator presents its hazard analysis in
terms of hazard identification numbers as identified in figure
J417-1.
(2) Analysis. A launch operator may present each hazard
on a separate form or consolidate hazards of a specific system,
subsystem, component, or operation onto a single form. There must
be at least one form for each hazardous subsystem and each
hazardous subsystem operation. A launch operator must state which
approach it has chosen in the introduction to the hazard analysis
section. A launch operator must track each identified hazard
control separately.
(3) Numbering. A launch operator must number each hazard
analysis form with the applicable system or subsystem identified. A
launch operator must number each line item on a hazard analysis
form with numbers and letters provided for multiple entries against
an individual line item. A line item consists of a hardware or
operation description and a hazard.
(4) Hazard analysis data. A hazard analysis form must
contain or reference all information necessary to understand the
relationship of a system, subsystem, component, or operation with a
hazard cause, control, and verification.
(e) Hazard analysis supporting data. A ground safety
analysis report must include data that supports the hazard
analysis. If such data does not fit onto the hazard analysis form,
a launch operator must provide the data in a supporting data
chapter. This chapter must contain a table of contents and may
reference other documents that contain supporting data.