Frequently Asked Questions
About Rocket Engine Reliability Programs
Kevin Silke Lockheed Martin Astronautics Denver
Tyrone Jackson The Aerospace Corporation El Segundo
Key Words: Reliability program; Lessons learned; Reliability assessment; FMEA; Fishbone
analysis; Fault tree analysis
SUMMARY & CONCLUSIONS
The objective of the Atlas Reliability
Enhancement Program (AREP) was to improve the
Reliability of the Atlas IIA Launch Vehicle without
degrading its performance. This objective was
achieved by developing an electronically enhanced
rocket engine, the Pratt & Whitney (P&W) RLlOE-1,
for the Centaur Upper Stage. Less than three years
after AREP began, the USAF terminated the program
halfway through the test phase of the second
developmental engine. Even though the program
endedbefore a single RLlOE-1 engine was shipped, a
legacy of lessons learned were indwelled in the
experiences of the individuals who participated in the
program.
AREP was the first DoD launch vehicle
program to operate under the new Acquisition Reform
Initiative, which went into effect in June 1994. Under
Acquisition Reform, acquisition processes are
supposed to be based on measurable performance
criteria. However, not every organization that
participates in the development of a new system knows
how to define a measurable performance criterion.
That was the challenge facing Lockheed Martin
Astronautics (LMA) when it came time to implement
a process to manage AREP Reliability risk. Knowing
what LMA did for AREP provides insight for others
wishing to define a performance-based Reliability
Program.
This paper is based on a technical report
written by The Aerospace Corporation. The
information in this paper is structured in a manner that
facilitates communicating valuable lessons learned that
are comprehensible to the novice and useful to the
expert. The most frequently asked questions regarding
the AREP Reliability Program are listed in
chronological order. Following each question is an
explanation of the pertinent analytical methods and
results.
0-7803-5143-6/99/$10.000 1999 IEEE
1999 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium
1. INTRODUCTION
The need for the Atlas Reliability
Enhancement Program (AREP) was identified in 199 1,
following two consecutive mission failures of the
Centaur Upper Stage rocket engine. Although the root
causes of the two failures were positively identified and
permanently "fixed", the incidents initiated a series of
studies by the USAF, The Aerospace Corporation,
LMA, and P&W into ways of enhancing confidence in
the success of Atlas missions.
In February 1993, AREP was first started
when the USAF Space and Missile Systems Center
(SMC) awarded a contract to LMA to improve the
performance and Reliability of Atlas IIA. At that time,
the AREP objective was to enhance thirteen launch
vehicle (LN) subsystems, including five functions of
the RLlOA-4-1 Centaur engine. But budgetw
constraints forced an early suspension of the program.
LMA, the USAF and Aerospace worked out a prudent
plan for conducting a series of studies to identify an
optimal approach for downsizing the program. The
studies showed that a significant reduction in the loss
rate of the Centaur engine would achieve the greatest
improvement in the Reliability of the L/V.
Specifically, the studies identified the ignition,
control, and chill-down subsystems as the engine
functions that could be enhanced to provide the
greatest improvement in L N Reliability. These three
engine functions became known as the three AREP
Initiatives, which would characterize what was
designated the UlOE-1 engine (Reference 1).
In October 1994, the AREP contract was
rewritten to comply with the new Acquisition Reform
Initiative, and the program was started-up a second
time. Under acquisition reform, the L/V supplier,
LMA, had the freedom to choose the methodology fix
managing program risk. LMA chose to streamline
program risk management with measurable progress
criteria. That criteria included timely response to
questions that The Aerospace Corporation frequently
asks programs that are similar to AREP. These
343
fiequently asked questions facilitated the Customer’s
understanding of the capabilities and effectiveness of
the AREP risk management activities. By
streamlining the AREP risk management process,
LMA was able to dispense with many of the
formalities in past LIV Reliability Programs, such as
requiring the Customer to approve the Reliability
Program Plan, Reliability predictions, FMEA, and
critical items list.
2 . FREQUENTLY ASKED QUESTIONS
2.1 How was the Reliability Program Integrated with
the Systems Engineering Process?
The AREP Reliability Program was
functionally an integral part of the AREP Systems
Engineering Integration Team and each RLlOE-1
Component Product Development Team. LMA
designated a Lead Reliability Engineer as the point of
contact (POC) to support all of the AREP teams.
Typical tasks performed by this POC included flowing
down quantitative Reliability requirements, defining
design Reliability guidelines, managing the
integration of Reliability engineering tasks within the
AREP Systems Engineering Process, identifying and
assessing Reliability-related risks, and providing input
to component and system design reviews.
2.2 How were the Reliability Requirements DeJined?
The AREP contract contained a single
Reliability requirement, which was, “The Reliability
of the vehicle shall be improved without degrading
performance.” This provided a general goal and
direction for the program, allowing trade studies of the
possible options to define the specific direction using
cost-effectiveness measures. Based on pre-AREP
estimates of achievable improvements to the
Reliability of the RLlOA-4-1 engine, a goal was
established by the AREP Reliability Program to
reduce the failure rate of the RL 1OE- 1 engine by 7 1%.
2.3 How was the Reliability Program Planned?
The AREP contract did not require that a
formal Reliability Program Plan be written. In lieu of
a formal plan, LMA convened a
Govemment/Contractor Reliability Working Group to
define the process for allocating and predicting
Reliability for the RLlOE-1 engine. The working
group defined the Reliability Program as the series of
tasks that were required to accomplish the following
objectives:
1. Calculate the demonstrated Reliability of the
Atlas IIA based on launch experience up to December
1993. This provided a “real world” baseline against
344 1999 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium
which to estimate the Reliability impacts of the launch
vehicle I engine changes.
2. Adjust the Reliability predictions for Atlas
IIA to reflect the flow-down of its demonstrated
Reliability, by using a factor derived fi-om the
logarithmic ratio of the demonstrated to predicted
Reliability for the baseline launch vehicle.
3. Reduce the expected demonstrated loss rate
for the baseline RLlOA-4-1 engine by 71% and use
that value for the allocated loss rate goal of the RLlOE-
1 engine.
4. Construct a bottom-up Reliability model for
the RLlOE-1 engine, and determine the optimal
approach for modifying the design of the baseline
engine to achieve the allocated loss rate goal for the
RL 1OE- 1 engine.
5. Calculate the relative improvement in design
Reliability of the RLlOE-1 engine compared to the
baseline RLIOA-4-1 engine.
6. Compare the RLlOE-1 engine predicted loss
rate to the allocation loss rate goal to determine if the
Reliability Program goal was met. The objective of
process steps 1 through 6 was to produce an integrated
AREP Reliability model.
7. Apply proven techniques for managing the life
cycle Reliability risk of the RLlOE-1 engine.
8. Analyze the RLIOE-1 engine test data,
bottom-up Reliability model, and failure mode
mitigation methods to verify that life cycle Reliability
risk is adequately managed.
Even though LMA was not required by the
Air Force to document an AREP Reliability Program
Plan, LMA and P&W coordinated the creation of an
RL10E-1 Rocket Engine Reliability Program Plan.
This primelsubcontractor program plan was based on
the concepts found in MIL-STD-1543A. This resulted
in the following list of tasks and guidelines:
a. Redundant designs and applicable design and
safety margins were to be applied to new or modified
components to the greatest extent feasible.
b. The component suppliers were to perform part
stress derating analysis and part stress failure rate
predictions.
c. Component- and subsystem-specific historical
flight and ground test data was to be used for
calculating failure rates whenever possible. This
provided the most realistic estimates of component and
subsystem reliabilities.
d. Failure mode assessments were to be performed as
early as possible, with full cooperation fiom design
engineers, to ensure the mitigation of potential failure
modes and that new and modified components would
operate properly with all of the unchanged subsystems.
e. Test data would be used to veri@ the accuracy of
the predictions and ensure that the program goal had
been achieved.
E Relevant Technical Performance Measurements
(TPMs) would be used to monitor the progress of the
Reliability Program.
2.4 What Rationale was Used to Select the Analytical
and Empirical Methods?
The rationale for selecting an analytical or
empirical method for use in the AREP Reliability
Program, fiom among the many methods available in
the field of Reliability Engineering, was based on the
relative usefulness of their outputs in achieving one or
more Reliability Program requirements or goals. Each
of the methods that were selected either supported
quantifying the expected-demonstrated Reliability
(e.g., MIL-HDBK-189 Duane Reliability Growth
Model; and MIL-HDBK-217 failure rate models) or
supported qualifying the mitigated design risk (e.g.,
MIL-STD-1629A Failure Mode, Effects and Criticality
Analysis; and Fault Tree Analysis). Together, the
selected methods provided high confidence in the
assessment of the RL1OE- 1 engine’s design Reliability
and its impact on the Reliability of the Atlas IIA
launch vehicle. The selected methods are addressed in
greater detail in the following sections.
2.5 What Methods were Used to Estimate the
Demonstrated Reliability?
To estimate the demonstrated Reliability af
Atlas IIA at the vehicle, subsystem, and assembly
levels, LMA applied the Duane Reliability Growth
Model (Reference 2) along with standard reliability
predictions. For the vehicle-level estimate, a
conventional Duane model was built. Based on 13
mission failures in 80 Atladcentaur flights, as of the
selected program cutoff date of December 1994, the
demonstrated Reliability of Atlas IIA was calculated to
be 92.1%. For the subsystem and assembly level
estimates, a demonstrated-to-actual ratio of 6.3 13 was
calculated fiom the logarithmic ratio between the
Duane model and the vehicle Reliability prediction
model. This ratio allowed the “marriage” of
demonstrated and predicted Reliability data, and
realistic allocation of the vehicle-level demonstrated
Reliability to the subsystems and assemblies,
including the RLl OA-4-1 engine. The flowed-down
demonstrated Reliability of the RL lOA-4- 1 engine was
0.9884.
1999 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium
P&W used an independent methodology to
assess the demonstrated reliability of the RLIOA-4-1
engine. They calculated the RL 1OA-4-1 mission loss
rate based on 2 failures in 166 Atlas and Titan engine
missions, with an engine mission being defined as one
engine operating over two burns. Using the binomial
distribution, and applying a 90% confidence bound,
P&W yielded a demonstrated Reliability of 0.9683.
They calculated the corresponding mission loss rate,
using the following formula:
13. Baseline = - In (0.9683)
= 3.221 losses p e r 100 missions
2.6 What Methods were Used to Estimate the Relative
Improvement in Design Reliability?
P&W estimated the RLlOE-1 engine mission
loss rate to be 0.924 (down from 3.221). But LMA
needed a relative Reliability improvement factor for the
engine to apply to their Duane Reliability model for
Atlas IIA. This engine Reliability improvement factor
was calculated by taking the ratio of the RLlOE-1 and
RLlOA-4 mission critical loss rates, per the formula:
%FR = [ x 100%
where:
%F R = % reduction in AREP engine mission
loss rate
Ep = Baseline engine demonstrated mission
loss rate
EA = AREP engine expected demonstrated
mission loss rate
Substituting the appropriate values into the
above formula yields:
%FR = ( 3*223.;2y24) x 100% = 71%
Therefore, the RL 10E-1 engine met its design
Reliability goal because its mission critical loss rate
was 71% lower than that of the RLlOA-4-1 engine.
To determine the relative improvement in the
AREP vehicle Reliability compared to that of the
baseline Atlas IIA vehicle, the Reliability prediction
process in Figure 1 was applied. The objective of this
process was to produce an integrated AREP Reliability
model to quantify the difference between the design
reliabilities of the RLlOA-4-1 and RLlOE-1 rocket
engines along with the changes in the vehicle
subsystem predictions. Folding P&W’s engine-level
345
Reliability assessment into the vehicle-level
Reliability model, LMA estimated that the RLlOE-1
engine would reduce Atlas IIA mission failure
probability by relatively 21%. LMA Reliability
estimates also showed that the goals for all three
AREP Initiatives had been met.
2.1 What Methods were Used to Assess the Potential
Failure Modes?
Several methods were brought to bear in
assessing the design risks. For the RLlOE-1 engine,
P&W performed the standard Failure Mode and Effects
Analysis (FMEA) process illustrated in Figure 2 ,
which is based on MIL-STD-1629A (Reference 3).
The objective of the FMEA was to identify and
evaluate each mission critical failure mode of the
engine, so as to influence its design Reliability and
mitigate or eliminate the potential failure modes. All
of the credible failure modes of each new AREP
component design were analyzed to determine the
consequences of those failures on the engine system
operation. The analysis identified failure mode
detection methods and compensating features to
prevent, minimize or control failure effects. The
Compensating features included design features, special
inspections, tests, controls, instructions, operational
corrective actions (e.g., replacement, reconfiguration,
repair or preventive maintenance), or other provisions.
For the overall Atlas IIA vehicle, LMA
performed an in-house developed type of failure mode
assessment known as a Fishbone Analysis. The
Fishbone Analysis approach combines the top-down,
deductive process of a Fault Tree Analysis (FTA) in
identifying the potential failure modes with the
compensating feature identification of the FMEA
process. The failure modes are documented using
compact Cause and Effect diagrams (hence, the name
“Fishbone” Analysis, as the example in Figure 3
illustrates) rather than Fault Trees, as nothing more
complex than an “OR” gate is required for these
diagrams. The compensating features are documented
on separate Disposition Forms which relate back to the
fishbone diagram through the indentured numbering
scheme, providing unique ID numbers for all of the
fishbone diagram elements. LMA has found the
Fishbone Analysis process to be advantageous in
capturing system interaction and integration effects,
which is why the RLlOE-1 engine was included in
this assessment as well, referring back the P&W
FMEA for engine component compensating features
and documenting separate dispositions for system
issues.

Baseline Atlas
Reliability Model

Scaled Baseline Atlas

Reliability Model

Baseline Engine Failure

P&W Assessed Engine Rate and Startup Failure
Improvement Percentage
Probability Reduced by
(71%)
Improvement Percentage
I 1 I

Figure 1. AREP Reliability Modeling Process

346 1999 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium

 i
System Definition
Performance Inputs To Other Tasks
4
Functional models Change System Safety Analysis
Process and test plans Critical Items List
Drawings Software Hazard Analysis
.-.,.-. -- -- -- -- ,--, -.-,-,--,-.-..- Supportability Analysis
Quality Planning
FMECA Planning Determine Potential
1 Failure Modes Demonstration Testing
Risk Management
Groundrules/Assumptions Failure mode models
t

FMECA Database
Methods

L.,_._.__..__ ______
F a i l u r e M --,.-._..._._.,-.-__
o d e A n d Effects Analysis --.i
Figure 2. FMEA Process Flow

FishboneNo: B I -D S March 1996 Originator: M Malinowskl

&T ...Due to Centaur Propulsion Subsystem Failure of Turbopump Due to ...
B.l.l
Improper thermal Turbine lack of
conditioning prior adequate power of adequate
to MES 1 due to4
.I Incorrect TCV
whedulc
.Z Incorrect CDV .ZPump mal
schedule duetoCDV

1 B.1.6 / B.1.4
. I Leak B torch
igniter suppiy port J
Improper thermal Gedrhox inability Oxidizer pump
conditioning prior to transmit power back of adequate
to MESZ due to... a head rise due to...

Figure 3. Example Fishbone Diagram

1999 PROCEEDINGS Annual RELlABlLllY and MAINTAINABILITY Symposium 347

 Identify Fault Detection and Accomodation (FDA)
Validate €TA by ensuring all failure modes identified
as redundant in the fault tree have effective detection
and accomodation methods (and inverse, for all single
point failures)
Identify failure signatures (combinationsof software
variables) used to initiate each detection and
accommodation method
I Ensure there are no conflicts among failure signatures
andor outputs for detection and accomodation methods
Figure 4. Fault Detection & Accommodation Assessment Approach
There was one additional analysis used to
assess the design risks. The RLlOE-1 electronic
controller utilized a significant degree of redundancy in
its design, which required software to detect the
failures and reconfigure the system operation to
accommodate those failures. Thus a Fault Tree
Analysis resulted, fiom concern about the lack of a
formal method to verify that the Fault Detection &
Accommodation (FDA) software for the engine
controller could manage the fvst and second
occurrences of faults within the RLIOE-1 engine. The
FTA was used to identify all of the failure modes for
which accommodation was possible. Several steps
were then taken, as outlined in Figure 4, to review the
FDA methods to ensure that all of these failure modes
were adequately addressed and that there would be no
conflicts among the detection and accommodation
methods.
2.8 What were the Sources of Reliability Design
Risk?
P&W performed an exhaustive study to
identify the sources of reliability design risk for the
lU1OA-4-1 engine. Three functions were found to
348 1999 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium
Ensure all FDA modules in
Software Design Document
(SDD) are referenced by
I . percentages
contribute most to the incidence of engine ignition
failure: the Ignition System, the non-actuating parts cf
the valves, particularly the Pre-launch Cool-down
Check Valve (PLCDV), and the actuating parts of the
valves with associated plumbing lines. Having
identified the apparent weakness of the RLIOA-4-1,
P&W defined a design for the FUlOE-1 that
incorporated an improved ignition system, new
Electromechanical Actuators (EMA’s) controlled by an
engine mounted Digital Electronic Rocket Engine
Controller (DEREC), and a simpler Propellant Flow
System. However, an objective examination of the
possible common cause failure modes shows that the
U 1OE- 1 engine is
relative likelihood of failure of the E
not always lower than that of the RLlOA-4-1 engine.
Table 1 compares the relative likelihood of RL10E-1
engine failure, due to common cause failure modes,
with that of the RLlOA-4-1 engine.
Should any of these common cause failure
modes occur prior to or during launch of the Atlas IIA,
a mission critical failure might be the outcome. This
list was used in evaluating all of the failure mode
analyses to ensure that the possibility of common
cause failure modes had been addressed and mitigated.
 program compared to the RL10E-1 Reliability
Table 1. Relative Likelihood of RL 1OE- 1 and requirement.
RL 1OA-4- 1 Engine Failure
2.10 How was Reliability Risk Management Progress
Measured and Monitored?
Cause Failure Compared To
The difference between the demonstrated
failure rate of the baseline engine and the predicted
Contamination electrical parts failure rate of the RLlOE-1 was the only Technical
Performance Measurement (TPM) criterion used f a
Higher - DEREC monitoring the progress of the AREP Reliability
Mistimed Command controlled actuator timing
Program. The expected demonstrated Reliability f a
Lower - Fewer the AREP engine was calculated iteratively with the
Fluid Leakage plumbing lines progress of the design definition to measure the degree
Lower - Fewer of success achieved at meeting the Reliability
Fluid Blockage plumbing lines requirements. Figure 5 shows the profile of the
Higher - More calculated percentages of design Reliability
electrical Parts improvement for the RLlOE-1 engine. The rather
Excessive Vibration significant reduction in the delta Reliability
No change - Battery improvement of the engine fiom 4.27% to 1.67%
Over-Powered assembly unchanged between SRR and PDR resulted kom the downsizing
No change - Battery of the AREP objectives.
Under-Powered assembly unchanged
Lower - EMA The AREP Reliability Program TPM was
Over-Pressure controlled actuators defined such that analytical progress could be
Lower - EMA confirmed and potentially deficient areas that could
jeopardize meeting the Reliability requirement could
Under-Pressure controlled actuators
be identified. In retrospect, there were other TPMs
Higher - More heat that could have been used to track AREP Reliability
Over-Temperature sensitive electrical parts Program progress, such as, comparing the number of
Lower - Less cold implemented critical item dispositions versus the total
Under-Temperatwe sensitive plumbing lines number recommended, or comparing the number of
failure modes exercised by test versus the total number
2.9 How were the Reliability Predictions Verified? identified.

Although full development testing of the
RLlOE-1 engine had not been completed when the
program ended, the tests were highly successfbl in
verifying reliable engine operation with the M1
authority, digital electronic control and fewer valves.
The RL10E-1 engine was scheduled for 134 test firing
during four phases of development testing. Only two
phases of the development test were completed.
However, most of the measurable enhancement features
of the engine were verified by test.
For verification of the numerical Reliability
requirement, a Bayesian Analysis Method was used to
combine the test data with the Reliability model
results to ensure that the program goal was still
achieved. Since this was a development test program,
this required defining criteria on the relevance of any
test failures to a flight configuration. To this end, a
Pre-Test Declaration was written defining the
conditions that would make a failure non-relevant.
Although the test program was not completed, this
verification would have effectively required that the test
program be completed without any relevant failures
charged to the engine given the relatively small test
2.1 1 What Criteria did The Aerospace Corporation Use
to Evaluate the AREP Reliability Program?
Acquisition Reform was a brand new concept
when AREP started in 1994. There were no prior
success stories to refer to for guidance in evaluating the
program. Each member of The Aerospace Corporation
evaluation team had to apply an evaluation criterion
that did not direct the activities of LMA. The one
consensus fact was that AREP was a Demonstration
and Validation Phase Rocket Engine Program. The
evaluation criterion that was applied to the AREP
Reliability Program was derived from the then recently
released Rome Laboratory technical report, “A Quality
Process Approach to Electronics System Reliability”
(Reference 4). This report describes evaluation criteria
that are based on the assessment of process control
indicators and the degree to which they are
implemented as part of the supplier’s way of doing
business. For AREP, the identification of process
control indicators was combined with an experience-
based conjecture that relates process quality levels with

1999 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium 349

the types and phases of risk mitigation activities to
arrive at the evaluation criteria in Table 2.
3. CONCLUSION
Based on the evaluation criterion that was
applied by the Aerospace Corporation, the AREP
Reliability Program had a quality factor rating of 1.0,
which is the highest rating for a Demonstration and
Validation Phase Rocket Engine Reliability Program.
Such a high quality factor translates into a high level
of confidence in the analytical and deterministic results
produced by the program. This can only be achieved
through careful planning and tracking of the Reliability
Program activities. Although AREP was terminated
prior to verifying the flight Reliability of the RL10E-1
rocket engine, LMA and P&W did show that
Acquisition Reform was indeed a value-added concept
that could be implemented with the highest quality
results.

Table 2. AREP Reliability Program Evaluation Criteria.

DEMONSTRATION& VALIDATION PHASE

RELIABILITYANALYSIS & RISK REDUCTION
EVALUATION CRITERIA

Reliability predictions are based on Customer's experience with the performance of existing comparable equipment. All
key system reliability parameters (e.g., life, fatigue, false alarm rate, etc.) are defined. Clear engineering rationale is
provided for all expected improvements. Definitionof design/applicationcriteria is complete. Lessons learned data are
available (e.g., derating, environmental sensitivity, manufacturing process, etc.). Expected operating environment
including maintenance is defined and is traceable to Customer's mission description. Reliability models are based on
FMEA, which is conducted along with other fault/failure analysis methods to identify critical itemdparameters and
functionallhardware failure modes. Processing of critical items is tracked and proper disposition of each item's risk is
verified. Analyses are updated with design change data and development test results. Fault detection and
accommodation approaches are defined and related to critical parameters and functions.

Reliability predictions are based on comparisons to current performance of existing comparable equipment. One or two
key system reliability parameters (e.g., life, fatigue, false alarm rate, etc.) are not defined. Clear engineering rationale is
provided for all expected improvements. Definition of design/applicationcriteria is complete. Lessons learned data are
available (e.g., derating, environmental sensitivity, manufacturing process, etc.). Expected operating environment
including maintenance is defined and traceable to Customer's mission description. Reliability models are based on
FMEA, which is conducted along with other faulWailure analysis methods to identify critical items and
functionaVhardwarefailure modes. Processing Of critical items is tracked but proper disposition of each item's risk is
not verified. Analyses are updated with design change data and development test results. Fault detection and
accommodation approaches are defined but not related to critical parameters and functions.

Reliability predictions are based on comparisons to current performance of existing comparable equipment. Several
key reliability parameters are not defined and engineering rationale for expected improvements is weak. Definition of
design/application criteria is complete. Lessons learned data are available (e.g., derating, environmental sensitivity,
manufacturing process, etc.). Expected operating environment including maintenance is defined and traceable to
Customer's mission description. Reliability models are based on FMEA, which is conducted to identify critical items
and functional failure modes. Processing of critical items is not tracked. Analyses are updated with design change data
but not all development test results are included. Fault detection and accommodation approaches are partially defined
and not relatedto critical parameters and functions.

Reliability predictions have limited relevance to current performance of existing comparable equipment. Only a few key
reliability parameters are defined and engineering rational for expected improvements is weak. Definition of
design/application criteria is incomplete. Lessons learned data are partially available (e.g., derating, environmental
sensitivity, etc.) Expected operating environment including maintenance is not traceable to Customer's mission
description. Reliability models ate not based on FMEA, which is conducted to identify critical functional failure modes.
Analyses are updatedwith incompletedesign change data, and developmenttest results are not included. Fault detection
and accommodationapproachesare not defined.

Reliability predictions have no relevance to current performance of existing comparable equipment. No key reliability
parametersand design/application criteria are defined. Lessons learned data are not available. Expected environment
including maintenance is not traceable to Customer's mission description. FMEA or similar analyses not conducted to
i d e n t i critical functional failure modes. Analyses are not updated with design change data or development test results.

350 1999 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium

 UpdatedAnalysis As
Necessary To Support
I Analysis Analysis Analysis Design Changes Anticipated
Updates
i L b 1

’ = 4.27
%

I
’ *% 1.58

%
’ = 1.55
Demonstrate
-
SRR PDR CDR Qualification AREP Milestones
Time +
Figure 5 . Technical Performance Measurement for AREP Reliability

REFERENCES Kevin Silke (Presenting Author)

Lockheed Martin Astronautics
1. W. M. Van Lerberghe, J. L. Emdee, R. R. Foust, P.O. Box 179
“Enhanced Reliability Features of the RLlOE- 1 Engine”, Mail Stop B2100
Proceedings 1997 International Astronautical Federation Denver, CO 80201
Symposium.
2. Department of Defense, “Reliability Growth Phone: (303) 977-9577
Management,” MIL-HDBK-189, Washington D.C., 1981, pp. 33- Fax: (303) 977-4373
42 & 72. E-mail: Kevin.Silke@LMCO.com
3. Department of Defense, “Procedures for Performing a
Failure Mode, Effects and Criticality Analysis,” MIL-STD- 1629A, Mr. Kevin Silke is the Lead Reliability Engineer for the Atlas
Washington D.C., 1980. Program at Lockheed Martin Astronautics. Previously, he worked
4. RL-TR-93-209, “A Quality Process Approach To for General Dynamics and Safety Factor Associates, Inc. He has
Electronic System Reliability: handbook Procedure,” Rome over ten years experience in Reliability Engineering and Risk
Laboratory, November 1993.
Analysis and has degrees in Electrical Engineering and Business
Management. He has spent his entire professional career in
BIOGRAPHIES Reliability and Risk Assessment of spacecraft, launch vehicles, and
NASA operated high-energy ground research facilities. His
Tyrone Jackson (Correspondence Author) technical skills include creation of software for specialized
The Aerospace Corporation solutions to Reliability and statistical problems. His risk assessment
2350 E. El Segundo Blvd. talents include Reliability modeling and Reliability data analysis,
M41987 fault tree analysis, event sequence analysis, failure/success
El Segundo, CA 90245-4691
database development, common cause failure analysis, Bayesian
Phone: (310) 336-6170 data analysis, Failure Mode and Effects Analysis, uncertainty
Fax: (310) 336-6914 analysis, and Monte Carlo Analysis.
E-mail: Tyrone.Jackson@aero.org
As a member of the technical staff in the Reliability and Quality
Department of The Aerospace Corporation, Mr. Tyrone Jackson is
responsible for evaluating contractors’ Reliability analyses and
advising system program offices on cost-effective management of
Reliability Engineering activities. He has almost twenty years
experience in Reliability Engineering applications and research.
Previously, he has worked for Hughes Aircraft Company, TRW,
and General Dynamics. At each of these companies, he initiated
procedures to integrate Reliability Engineering with the System
Engineering Process. He has developed a number of Reliability
software tools, and has published several papers on Reliability
analysis and management techniques. Mr. Jackson received a
BSEE degree from the Illinois Institute of Technology in 1980. H e
is a member of the IEEE Los Angeles Chapter and has served on
AIAA and SAE G-11 subcommittees.

1999 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium 351