Jon Goff at Selenian Boondocks has some good words NASA’s lunar architecture’s overall mission safety and how it isn’t necessarily effective to concentrate too much on small parts that are already relatively safe.
I could add my own few formal cents in this, since the ESAS (or here) analysis done by NASA in 2005 didn’t release the appendices for risk calculations, nor are the references available in the internet (the SPACE tool).
Overall mission success is dependent on lots of small successess that all have to happen, or mathematically, is a product of all the success probabilities. A logarithm of the successes is a sum of the success log probabilities. Since all the success probabilities are less than one, the logs are negative numbers. The smaller the success probability, the more negative the log of it.
Thus if you construct a pie diagram, which is always used to describe a sum, you have to use the complement of the log to see the contribution to the failure probability. ie -log(P_eventsucceeds). The higher this complog, the higher the contribution of the component probability to the total failure probability. It’s the same mathematically as log(1/P). If one wants some numbers, you can scale the total sum of the the pie diagram to 1, which at the same time then gets rid of the logarithm base.
You can not think failure probability inverses instead of success probability. A success probability of 95% is a failure probability of 1 in 20, so the failure inverse is 20. You can’t really add up or multiply these numbers to get anything meaningful, although they are a nice way of looking at the safety of the components by themselves.
What matters in trying to make a system safe is the sensitivity of overall failure to a change in a component failure. But the change in a component success probability can either be absolute in percentage units or it can be relative to it’s own size. For example if you make a 80% safe thing to 81% safe (1 percentage unit safer), the whole system reliability went up accordingly, 1.25% up compared to previous. If the overall safety was 50%, it would now be 50.625%. But if you make a 98% safe item to 99% safe (again 1 percentage unit safer), the safety goes up 1.010% and thus from 50% to 50.505%. Therefore it pays slightly less to make safer systems safer in the absolute percentage unit sense. What is more important though, that often those last percentage units cost much more to improve, and are closer to being proportional to the inverse of the failure probability. But I have no data on this and it’s hard to estimate.
I also really hope that ESAS or anyone else didn’t use 3D pie diagrams, which will be the next post subject!