Factors of Safety

     Old joke:  “You see the glass as half empty, I see the glass as half full, but an engineer sees the same glass and says ‘it is overdesigned for the amount of fluid it holds.’”

 

     When an engineer starts out to build something, one of the first questions to be answered is how much load must it carry in normal service?  The next question is similar:  hom much load must it carry at maximum?  An engineer can study those questions deeply or very superficially, but having a credible answer is a vital step in at the start of a design process. 

 

     Here is an example.  If you design and build a step ladder which just barely holds your weight without breaking, what will happens after the holidays when your weight may be somewhat more than it was before you eat Aunt Martha’s Christmas dinner?  You really don’t want to throw out your stepladder in January and build a new one do you?  Obviously you would should build a stepladder that can hold just a little bit more.  Don’t forget what might happen if you loan your stepladder to your coach-potato neighbor who weighs a lot more than you do?  Can you say lawsuit?

 

     So how do you determine what your stepladder should hold?  Do you find out who is the heaviest person in the world and make sure it will hold that person?  Probably not.  Better, pick a reasonable number that covers, say, 95% of all folks, design the ladder to that limit and put a safety sticker on the side listing the weight limit.  Yep, that is how most things are constructed.

 

     But that is not all.  Once you determine normal or even the maximum load it is a wise and good practice to include a “factor of safety”.  That means that you build your stepladder stronger than it needs to be.  This helps with the idiots that don’t read the safety sticker; it also helps protect for some wear and tear, and it also can protect if the actual construction of your stepladder falls somewhat short of what you intended.  So you might build your stepladder with a FS of 2.  That would cover 95% of all folks with plenty of margin for foolish people that try to accompany their friend climbing the ladder; or when your ladder has been in service for 25 years (like mine), or when your carpenter buddy builds the stepladder with 1/4” screws rather than ½” screws like you told him to.

 

     Factors of safety are not pre-ordained.  They have been developed over the years through experience and unfortunately through failures.  Some factors of safety are codified in law, some are determined by professional societies and their publications, and some are simply by guess and by golly.  Engineering is not always as precise as laypeople think.

     

     It’s a dry passage but I’d like to quote from one of my old college textbooks on this subject (Fundamentals of Mechanical Design, 3rd Edition, Dr. Richard M. Phelan, McGraw-Hill, NY, 1970, pp 145-7):

 

“ . . . the choice of an appropriate factor of safety is one of the most important decisions the designer must make.  Since the penalty for choosing too small a factor of safety is obvious, the tendency is to make sure that the design is safe by using an arbitrarily large value and overdesigning the part.  (Using an extra-large factor of safety to avoid more exacting calculations or developmental testing might well be considered a case of “underdesigning” rather than “overdesigning.”)   In many instances, where only one or very few parts are to be made, overdesigning may well prove to be the most economical as well as the safest solution.  For large-scale production, however, the increased material and manufacturing costs associated with overdesigned parts result in a favorable competitive position for the manufacturer who can design and build machines that are sufficiently strong but not too strong.

            As will be evident, the cost involved in the design, research, and development necessary to give the lightest possible machine will be too great in most situations to justify the selection of a low factor of safety.  An exception is in the aerospace industry, where the necessity for the lightest possible construction justifies the extra expense.”

            “Some general considerations in choosing a factor of safety are  . . . the extent to which human life and property may be endangered by the failure of the machine . . . the reliability required of the machine . . . the price class of the machine.”

 

            Standards for factors of safety are all over the place.  Most famously, the standard factor of safety for the cables in elevators is 11.  So you could, if space allowed, pack eleven times as many people into an elevator as the placard says and possibly survive the ride.  For many applications, 4 is considered to be a good number.  In the shuttle program the standard factor of safety for all the ground equipment and tools is 4.  

 

            When I was the Program Manager for the Space Shuttle, there were a number of times when a new engineering study would show that some tool either could be exposed to a higher maximum load than was previously thought, or that the original calculations were off by a small factor, or for some reason the tool could not meet the FS of 4.  In those circumstances, the program manager – with the concurrence of the safety officers – could allow the use of the tool temporarily – with special restrictions – until a new tool could be designed and built.  These “waivers” were always considered to be temporary and associated with special safety precautions so that work could go forward until the standard could once again be met with a new tool.

 

            In the aircraft industry, a factor of safety standard is 1.5.  Think about that when you get on a commercial airliner some time.  The slim factor of safety represents the importance of weight in aviation.  It also means that much more time, engineering analysis, and testing has gone into the determination of maximum load and the properties of the parts on the plane.

 

            For some reason, lost in time, the standard FS for human space flight is 1.4, just slightly less than that for aviation.  That extra 0.1 on the FS costs a huge amount of engineering work, but pays dividends in weight savings.  This FS is codified in the NASA Human Ratings Requirements for Space Systems, NPR 8705.2.  Well, actually, that requirements document only references the detailed engineering design requirements where the 1.4 FS lives. 

 

            Expendable launch vehicles are generally built to even lower factors of safety:  1.25 being commonplace and 1.1 also used at times.  These lower factors of safety are a recognition of the additional risk that is allowed for cargo but not humans and the extreme importance of light weight.

 

            It is common for people to talk about human rating  expendable launch vehicles with a poor understanding of what that means.  Among other things, it means that the structure carrying the vast loads which rockets endure would have to be significantly redesigned to be stronger than it currently is.  In many cases, this is tantamount to starting over in the design of the vehicle.

 

            So to the hoary old punch line:  Would you want to put your life on the top of two million parts, each designed and manufactured by the lowest bidder?

12 thoughts on “Factors of Safety”

  1. Reminds me of an old definition of an engineer.

    Somebody who calculates to 5 decimal places, then multiplies by 2.

  2. You mentioned the ignoring of safety placards…which brings to mind the old engineering adage:

    “No matter how well you idiot-proof your design, God always invents a better idiot.”

    I am curious regarding the details of how the Redstone, Atlas, and Titan-II were man-rated. Did the engineers back then “start over” with their designs? I recall reading about some modifications (like the bracing collar on the Atlas) but do not recall descriptions of complete redesign.

    I also can’t help but wonder whether the “complete redesign” of, for example, the Delta IV Heavy or Atlas V, both 3rd-generation launch vehicles, would be any more involved or expensive a process than the extensive on-going reworkings (the damper system, increase in the number of engines, etc) taking place today for two boosters (Ares I / V) that were supposedly “made to order” (and man-rated) from their conception.

    As you note, engineering involves many trade-offs, factor of safety being one of them. Many folks (including some who possess substantial engineering knowledge) apparently continue to wonder whether or not the trade-offs that shaped the current Constellation architecture were the proper ones that will best bring about the desired goals of the VSE.

    Best regards.

  3. Ah, an “Armageddon” fan,eh? I’ve always loved “Rockhound’s” statement. In one word, yes. If they asked me to…

    You see, Wayne, as you know, it’s all about risk acceptance. In the 35 years since I’ve been out in the real world, I’ve driven and flown well beyond the million-mile marker. Boeing certainly doesn’t pay more than it has to, and neither does Chrysler or Harley-Davidson.

    What about the bridges we routinely drive across without a second thought, or the buildings we occupy? Here in Pittsburgh, a portion of the new convention center’s roof collapsed and killed an ironworker. The investigation showed that the use of “cut nuts”, or structural fasteners cut in half to save money was the main factor. The FS here, whatever it may have been intended to have been, was effectively cut in half.

    These days, I work in a 1950s-vintage coal-fired power plant. Ancient switchgear, brittle wires, and steam leaks are a constant companion. But although I am wary of the dangers, I am comfortable working around steam heated to 1350 psig for two reasons: I accept the risks, and I trust my co-workers.

    Every astronaut who climbs aboard a shuttle knows that there are 100,000 people doing their absolute best to make it possible for them to do their work and come home again.

    You ask the question that is easy for us to say “yes” to because we know that we’ll never have the chance. But if NASA asked me to, I would surmise that there was some job that I alone was capable of performing (at 76″ tall and 250 lbs, I would be the tallest and heaviest astronaut ever!), and my work ethic would displace any fear that I might feel. Like the contractor I was for the past 25 years, my response would be “where do you want me to go, and when do you want me to be there?”

    And that would be an interesting “loopback” to your previous post.

    When I was in high school, I wanted to go into broadcasting. I never got there. I wound up in industrial instrumentation and controls, which has taken me places I never imagined.

    If you don’t post again before the holidays, have a great time and spend lots of time with your family.

  4. You could similarly ask, what is success? The fact that people or cargo made the journey safely, or that you landed a contract to provide parts?

    We cannot “read the minds” of private sector companies, to determine if their efforts are dominated, internally, more by sales and marketing, or by the science of engineering.

    Companies dominated by financial concerns are often willing to do whatever it takes to produce a product that will sell. Conversely, companies dominated by the perfection associated with engineering science can rack up costs while trying to achieve an ideal state of perfection that my be unnecessary.

    Anyone who has produced requirements documentation knows that you cannot think of all possible situations or contingencies. However, when you are performing the actual work to these requirements specifications, you often end up discovering issues that the requirements people did not think of.

    If you are a company dominated by financial concerns, it is much easier to force your scientists to ignore those peripheral concerns, because they are not part of the design requirements. And NASA surely would have thought of all those design contingencies, right?

    The issue when dealing with the private sector, it seems to me, is more than just an issue of competence. It is an issue of trust. And can you trust the objectivity of science to anything dominated by financial concerns?

    I don’t think that you can, unless you have many costly checks and balances in place. Their foundational objectives are not the same. Even when they are united within a company, the alliance is an uneasy one. Yet the financial camp holds nearly all the cards.

    That being said, I think that a bidding process is good. It forces people, on every side, to look at the cost. But a requirement that the lowest bidder always is picked makes no sense. It is myopic, placing success (and safety) at the mercy of short-term economic concerns.

    But when we have the bidding process controlled by people, rather than a mathematical requirement of selecting the lowest bid, favoritism can result, which can also stifle any new entrants into the playing field — who might turn out to be a great new thing, if they were given a chance. We can end up in a situation similar to the the war, where no-bid contracts are awarded to inside “friends”. I think we can all agree that such things are not always in our collective best interest.

    It seems clear to me that, when dealing with engineering issues, particularly related to safety, science should speak louder than money. The business decision makers ought to have a strong scientific background, or be out of the decision making process altogether. I think that only people who have business AND science, coexisting within them, can engender trust when dealing with private sector industry. And we need to know that THEY are the ones calling the shots at any subcontractor.

    To my mind, trust is the key. NASA has to be able to trust the subcontractor, and the subcontractor must be able to trust NASA. Low bids have nothing to do with this. Trust requires transparency. All around.

    So, in essence, yes, I would trust my life to the lowest bidder. But only if NASA completely trusted that subcontractor, and could have chosen a more expensive solution.

    Mark

    http://orbum.net/mark

  5. Forget about it, Wayne. You’re going to be told what to do by people with no understanding of what human rating launch vehicles means & held responsible when it blows up. Should have stayed in number crunching.

  6. I love your sensbility, Mr. Hale. To me, this is a wonderful explanation of why things cost so much… shuttle program, NASA, etc. And why increasing FS would make it cost so much more… I am curious – does anyone know what FS car manufacturers go by? And even with the 1.5 of airplanes, statistically that is one of the safest modes of transportation (still) right? So there is more to it, than just that FS number… Thanks for the engineering insight!

  7. The Factor of Safety an engineer uses reflects the level of confidence in the theories and methods used to design something. An FS of 11 for elevator design could reflect some bureaucrat’s ignorance and mistrust of elevator design methodology or it could mean that elevator engineers are poor at designing elevators (and the bureaucrats know this). An FS of 11 also reflects a virtual lack of control of the operation of an elevator. Any nitwit can come along claiming to be an elevator mechanic and the design of the elevator must allow for this.

    Aircraft structural engineers are comfortable with an FS of 1.5 because the design theories and criteria they use are extremely accurate. It is rare that a wing, for example, fails an ultimate load test and if one does, it is major deep doodoo time.

    For an FS of 1.5 to be valid over an aircraft’s lifetime, its configuration must be carefully controlled. This is why the airlines constantly watch for bogus parts produced by cheating suppliers. Boeing is having a problem with substandard fasteners in its 787. If a launch vehicle is designed to an FS of 1.1, it must be very carefully checked out before being committed to launch. A low FS in a design isn’t necessarily bad; it just means the vehicle in question must be operated more carefully. The bigger the vehicle, the more carefully you fly it.

  8. Interesting post I never realized that safety standard is higher in aviation. Everything goes to the lowest bidder because subcontractors are working as brokers buying cheaper parts to make a profit on the parts instead of the work.

  9. The ULA folks have been running around telling the Obama NASA Transition team that they can save the day and NASA by switching from the Ares I to one of the EELV’s. ULA has given data that has caused the NASA transition team to question NASA’s Ares I choice without possibly understanding the FS issue.

    To whit, we need to know the following from the ULA folks–what is the FS of the A-V and D-IV Heavy and what will be the mass/time/money penalty to get the EELV FS equal to that of the Ares I. In other words, start comparing apples to apples.

    I’m glad you made this post. You are educating us about issues that the press hasn’t or cannot that none-the-less are important and understandable. Thanks.

  10. If the world was a safer place, many discoveries wouldn't have been made spend a great deal of time on safety, but if lives are at risk, no wonder I guess

Comments are closed.