Massachusetts Institute of Technology
Kavli Institute for Astrophysics and Space Research
(MKI)
TESS Instrument Pre Mishap Plan
Dwg. No. 37-11004.18
Data Item 3-12
Revision A
January 7, 2015
37-11004.18 Rev.A
Page 1 of 9
Rev.
Date
Description of Change
01
02
8/14/14
10/21/14
Initial Release
Correct figure 2.1 formatting
A
01/07/15
Formal Release
37-11004.18 Rev.A
Approved
By
Page 2 of 9
Pre-Mishap Plan
1.0 INTRODUCTON
1.1 Purpose
This plan defines the process by which MIT Kavli Center for Astrophysics and Space Research
(MKI) mishaps are investigated and reported at MKI and MIT Lincoln Laboratory (MIT/LL) for
the TESS Project in accordance with MIT and MIT/LL policy and procedures. This plan
excerpts language from the applicable work instruction(s) [see references] as a general
synopsis of the protocol that will be followed in the event of an incident.
This plan will also ensure emergency shutdown procedures are in place for powering off the
TESS Instrument and associated electrical ground support equipment. Integration and Test
personnel should be familiar with the content of this plan.
MIT emergency management is documented and posted at:
http://ehs.mit.edu/site/emergency
For MIT Procedures, Manuals, Directives, and Plans, go to:
http://ehs.mit.edu
The TESS Preliminary Hazard Report (PHA) is available at http://snebulos.mit.edu/dbout/37data.html, document number 37-11004.08.
The TESS Instrument Safety Analysis Report (ISAR) is available at
http://snebulos.mit.edu/dbout/37-data.html, document number 37-11004.12.
1.2 Definitions
1.2.1 Close Call
An occurrence or a condition of employee concern in which there is no injury or minor injury
requiring first aid and/or no or minor equipment or property damage (less than $1000) but
which possesses a potential to cause a mishap.
1.2.2 Incident
An occurrence of a close call or a mishap.
1.2.3 Mishap
An unplanned occurrence or series of occurrences that result in damage to property or
personnel injury or illness and meets Type A, B, C, or D mishap criteria as identified including:


Damage to developer, government, or customer-owned hardware property, or critical
products
Fatalities, injuries, or illnesses occurring on the TESS Instrument
1.2.3.1 Type A Mishap
A mishap resulting in one or more of the following: (1) an occupational injury or illness resulting
in a fatality, a permanent total disability, or the hospitalization for inpatient care of 3 or more
people within 30 workdays of the mishap; (2) a total direct cost of mission failure and property
damage of $2 million or more.
37-11004.18 Rev.A
Page 3 of 9
1.2.3.2 Type B Mishap
A mishap that caused an occupational injury or illness that resulted in a permanent partial
disability, the hospitalization for inpatient care of 1-2 people within 30 workdays of the mishap,
or a total direct cost of mission failure and property damage of at least $500,000 but less than
$2,000,000.
1.2.3.3 Type C Mishap
A mishap resulting in a nonfatal occupational injury or illness that caused any days away from
work, restricted duty, or transfer to another job beyond the day or shift on which it occurred, or
a total direct cost of mission failure and property damage of at least $50,000 but less than
$500,000.
1.2.3.4 Type D Mishap
A mishap that caused any nonfatal OSHA recordable occupational injury and/or illness that
does not meet the definition of a Type C mishap, or a total direct cost of mission failure and
property damage of at least $1,000 but less than $50,000.
1.2.4 Mishap Exclusions
The following types of events are not reportable as mishaps, but may be reportable as failures
or anomalies:
Property Damage Exclusions:




Items normally covered under Failure Reporting
Malfunction or failure of component parts or equipment due to normal wear and tear
where the malfunction is the only damage and the only action is to replace or repair the
equipment
Property damage from vandalism, arson, sabotage or Acts of God
Anticipated damage to equipment or property was incurred during testing or
manufacturing
Product Test Failure Exclusions:

Events involving damage to equipment or property as a result of testing, provided that
all of the following are true:
a) The testing is part of an authorized research, development, qualification, or
certification program
b) Damage is limited to the test article and test instrumentation
c) Risk of damage to the test article and test instrumentation resulting from failure was
accepted explicitly (e.g, documented) by TESS management and concurred on by
Mission Assurance
d) The test team performs a test failure analysis and generates a technical report
instead of treating it as a mishap and completing a mishap report
Acceptance Test Failure Exclusions:
37-11004.18 Rev.A
Page 4 of 9

A failure resulting in damage to flight hardware during the ground Acceptance Test
Procedure (ATP) is not a mishap when the following are true:
a)
b)
c)
d)
e)
Failure is a predictable outcome
Only the flight article is damaged
Test equipment functioned properly
There were no anomalies in the facility or test procedures
Test team performs a test failure analysis
Injury Exclusions:





Injuries and illnesses from non-occupational diseases
Injuries that occur during work arrival or departure
Injuries or illness sustained before working at MIT or MIT/LL unless specifically
aggravated by current work assignment
Injuries from non-work-related, pre-existing disorders or by minimum stress and strain
Injuries from activities unrelated to work (e.g., recreational activities, workouts, etc.)
2.0 INCIDENT TIMELINE
The following is a timeline of the actions that should be taken in the aftermath of an incident,
see Figure 2.1:
1)
2)
3)
4)
5)
6)
7)
Initial Incident Response (Immediate Reaction)
Preservation of Scene
Notification
Gathering and Preservation of Evidence
Investigation
Analysis
Corrective Action Plan
37-11004.18 Rev.A
Page 5 of 9
IMMEDIATE REACTION
(All Witnesses)
Call Emergency Response (if required)
Secure hardware to prevent further personnel injuries and/or damage.
Notify Supervisor, Project Management and/or Project Safety Personnel.
NOTIFICATION
(Mgmt/Safety)
COLLECTING & SAFEGUARDING
EVIDENCE (IRT)
Report facts concerning mishap to the
Project Manager and the GSFC Personnel
Collect data, witness statements and
physical evidence.
Immediately– Project Mgmt /Project SMA
Within 1 Hr.– GSFC
Collect data
Collect witness statements
Within 8 Hrs.– OSHA
(if required)
Collect physical evidence
React
Within 24 Hrs.– GSFC follow-up
INVESTIGATION
(MI Authority)
Investigate the circumstances surrounding
the mishap to determine root cause.
Interview witnesses
Review evidence
Draw conclusion
Report Findings
Figure 2.1: Top Level Mishap Response Sequence
37-11004.18 Rev.A
Page 6 of 9
3.0 RESPONSIBILITY
Each MIT and MIT/LL employee is responsible for the timely reporting of observed mishaps
and close calls. It is the responsibility of the stated designees below to transmit initial mishap
notifications, perform mishap investigations, and prepare interim and final mishap reports.
3.1 Mishap Discovery, Initial Notification, and Initiation of Investigation
3.1.1 Person(s) Observing a Mishap
1. Immediately stop any work activity or process that jeopardizes hardware, property,critical
products, personnel safety, or the environment.
2. Call Emergency Response (if required)
3. Safe and secure the area.
4. Notify the program Supervisor.
3.1.2 Supervisor or Individual Responsible for Directing the Work
1. Immediately notify Mission Assurance Manager
2. Verify safe and secure conditions.
3.1.3 Mission Assurance Manager
1. Notify the TESS Program Manager (PM)
2. Establish an Initial Response Team (IRT) which includes the Mission Assurance Manager,
Facility Management and others as appropriate.
3. Impound or copy pertinent data, gather initial witness statements, take photos and gather
information necessary to make an initial notification.
4. Draft initial mishap notification.
5. Submit initial mishap notification to the NASA Chief Safety and Mission Office (CSO) and
Project Safety Manager (PSM) and Project Safety Engineer (PSE) within no more than 24
hours (reference notification timetable in Figure 2.1).
6. Enter information into the Mishap database (or applicable system)
3.1.4 Hardware Quality Engineer
1. Convene a Material/Failure/Anomaly Review Board if applicable.
3.1.5 Program Manager
1. Communicate mishap information to pertinent MKI and MIT/LL personnel and GSFC
customer personnel within no more than 24 hours of event (reference notification timetable in
Figure 2.1)
3.2 Mishap Investigation
3.2.1 Program Manager
1. Establish a Mishap Investigation Team (MIT), which includes the Mission Assurance
Manager, Facility Management and others as appropriate (i.e., Public Affairs, Local Security,
Manufacturing, Design, Integration and Test personnel).
3.2.2 Mishap Investigation Team
1. Gather physical evidence and facts.
2. Collect witness statements.
3. Review and analyze data.
37-11004.18 Rev.A
Page 7 of 9
4. Determine final classification of mishap.
5. Identify direct cause(s), intermediate cause(s), and root cause(s).
6. Formulate conclusions and develop recommendations regarding root and intermediate
causes.
7. Generate corrective and preventive actions, recommendations, and lessons learned.
8. Submit Preventive/Corrective Action(s) (PCA) for open corrective and preventive actions.
9. Contact PM, the Mission Assurance Manager, and other appropriate personnel regarding
corrective actions.
10. Support customer investigations.
11. Based on the conclusions of the mishap investigation and with PM and/or Facility
Management support, determine and document appropriate corrective, preventive actions and
lessons learned.
3.2.3 EHS Personnel
1. If the mishap involves personnel injury, illness, or environmental releases or spills of
hazardous materials, assist SSE personnel in the mishap investigation.
3.3 Mishap Reporting (MIT Report)
3.3.1 Mishap Investigation Team
1. Complete the interim (if applicable) and final mishap report.
2. File the interim and final mishap report.
3. Provide Type A/B Mishap Reports to Senior Management as required
4. Submit mishap report to designated GSFC Project Safety Manager.
3.3.2 Program Manager
1. Review and approve mishap report.
2. Manage the completion of program corrective actions.
3.3.3 Contracts Personnel
1. Submit copies of mishap reports to Customer Contracts and to internal MKI or MIT/LL
personnel.
2. Retain the documentation for five years.
37-11004.18 Rev.A
Page 8 of 9
4.0 PROGRAM CONTACTS
4.1.1 MKI and MIT/LL Contacts
Title
Name
Emergency
Response
Phone
Mobile
Email
http://emergency.mit.edu
Dial 100 from a
campus phone or
1(617) 253-1212
1(617) 253-1212
Program Manager
Tony Smith
1(617) 253-6134
1(508) 752-5275
Asst. Program
Manager
Joe Scillieri
1(617) 253-3319
1(857) 928-4815
Mission Assurance
Manager
Brian Klatt
1(617) 253-7555
1(508) 314-0838
MKI Deputy
Director
Mark Bautz
1(617) 253-7502
Greg Berthiaume
NASA/LL
Liaison
1(781) 981-7975
jss@space.mit.edu
bk@space.mit.edu
mwb@space.mit.edu
gdb@ll.mit.edu
4.1.2 GSFC Contacts
(listed in order of contact precedence starting with any GSFC employee on site at developer)
Title
Name
Office
Project Safety
Manager
Project Chief
Safety and Mission
Assurance Officer
TESS Program
Manager
William
Conn
Teresa
James
1(301) 286-8388
1(301) 614-5928
1(410) 353-1016
teresa.a.james@nasa.gov
Jeff
Volosian
1(301) 286-9924
1(301) 356-3056
jeffrey.f.volosin@nasa.gov
37-11004.18 Rev.A
Mobile
Email
william.e.conn@nasa.gov
Page 9 of 9