A methodology to quantify some IVHM requirements during RLV conceptual design

Based on high level safety and cost requirements, system architects and subsystem engineers are called upon to provide requirements at a lower level during the conceptual design phase of a reusable launch vehicle (RLV). This paper describes an event tree based methodology for quantitatively assessing the limits of some of the lower-level integrated vehicle health management (IVHM) requirements during RLV conceptual design. The metrics assessed in the paper are fault detection coverage, false alarm probability, fault isolation capability, probability of IVHM failing to detect a fault, and safety allocation. The fault detection and isolation metrics were assessed based on their applicability with respect to cost and safety in the mission and turnaround phase of the RLV operations. The paper shows that the mission-phase requirement for IVHM fault detection coverage for a subsystem is large (more stringent) when IVHM needs to make the subsystem safer, the failure remediation probability is small, and the subsystem is already reliable. The requirement on IVHM false alarm rate in the mission phase is small (more stringent) when the subsystem is reliable, IVHM needs to make the subsystem safer, and IVHM should cause fewer false aborts. The paper concludes by stressing the use of appropriate system analysis and optimization in allocating IVHM requirements to a subsystem of the RLV. Although the paper is written from an IVHM and RLV perspective, it is targeted towards system engineers/architects who are interested in estimating the effects of fault detection and isolation requirements during conceptual design.