NESC Develops Method for Estimating Risk When Reducing NDE 

Download PDF: NESC Develops Method for Estimating Risk When Reducing NDE 

Performing nondestructive evaluation (NDE) can have both cost and schedule impacts, leading some to question whether descoping (i.e., reducing or eliminating) NDE inspections on certain spaceflight hardware could be possible. However, this approach would be counter to NASA’s Technical Standard NASA-STD-5019A, which outlines the spaceflight system requirements for establishing a fracture control plan—one that relies on design, analysis, testing, NDE, and tracking of fracture-critical parts to verify damage tolerance and mitigate catastrophic failure. 

Under the 5019A framework, damage smaller than the NDE detection capability is assumed to exist, but through analysis or test, the part being evaluated must be shown to survive the required service life. In practice, NDE’s role is to screen out flaws that otherwise may result in failure. However, in some cases, descoping NDE from the damage tolerance verification process could be useful and still provide the required level of safety.   

The NESC conducted an assessment to help answer the question of whether rationale could be found for achieving an equivalent risk posture without using the traditional 5019A approach to damage tolerance. The objective was to develop a probabilistic analysis method that would allow NASA programs and projects to estimate risk associated with descoping the NDE requirements of single-wrought materials. This effort included using historical data to demonstrate the method, performing sensitivity studies, and identifying the minimum supporting data that would be required for approving a descoping request. 

Descoping NDE from Damage Tolerance 

Damage tolerance is typically treated as deterministic: an NDE detection threshold is established as a fixed flaw size with an associated binary outcome (flaw exists/does not exist), and failure is based on a conservative analysis or test with a binary result (pass/fail). However, damage tolerance is rooted in the following probabilities:  

•  P(A): Probability that a flaw of a given size exists, 

•  P(D0│A): Probability that this flaw will be missed by NDE, and  

•  P(F│D0,A): Probability that a flaw results in failure given that it exists and was missed by NDE.  

These are combined into the joint failure probability: P(F,D0,A) = P(F│D0,A)P(D0│A)P(A) 

Damage tolerance is based on the idea that analysis and testing suggests a near-zero probability of failure below a critical initial flaw size (aCIFS) shown by the green (lower) arrow in Figure 1, and NDE results in a near-zero probability of missing a flaw above some detectability threshold (aNDE) shown by the yellow (upper) arrow in Figure 1. If these two areas overlap, then the part is damage tolerant, with a near-zero failure probability regardless of underlying probability of flaw existence, i.e., conservatively assuming that P(a>aCIFS)=1 for any flaw size does not impact the conclusion. However, if NDE is descoped, it removes the right arrow from Figure 1, and risk will increase to a value proportional to the probability P(a>aCIFS). 

Estimating P(a>aCIFS) may be intractable without expensive, high-resolution methods to characterize the frequency of flaw occurrence at a particular size for a given part. Alternatively, it may be possible to estimate P(a> aNDE), the probability of a detectable flaw existing. Assuming that a part of interest is shown to be damage tolerant prior to any NDE descope (i.e., satisfying NASA-STD-5019A), it can be assumed that (1) historical inspection data are available, and (2) aNDE > aCIFS, due to the required overlap in Figure 1. As such, it was proposed that the frequency of historical finds could be used to estimate a 95% upper confidence bound on P(a> aNDE) and thus an estimate of the risk associated with descoping. 

To demonstrate the risk-evaluation framework, the NESC gained access to a historical NDE database comprising 33,630 bolt-hole inspections over a 3-year period. In total, six crack-like features were found by NDE. Accounting for uncertainty due to sample size yielded a 95% confidence upper bound of P(a> aNDE) = 0.04% for each hole. In the proposed method, it is conservatively assumed that if a flaw exceeding the CIFS exists, then it will lead to structural failure. While conservative, this assumption was necessary based on the limitations of the database in that it lacked detected flaw sizing. Based on this assumption, P(a> aNDE) = 0.0004 yields a structural reliability of approximately 0.9996 (expressed as 3.4 “nines”).  

The results are illustrated graphically in Figure 2. In this case study, increasing the number of inspections in the dataset to 100,000 (i.e., multiplying by a factor of 3) marginally increases the number of nines to 3.5. At the observed NDE rejection rate, 4 nines of reliability are not achievable even with infinite samples and zero uncertainty. It is expected that the rejection rates and sample sizes in this case study are on the order of magnitude of what would be observed and available in practice. Since 2 nines or less would equate to a significant increase relative to the baseline risk for NASA Human Spaceflight Programs, a minimum sample size of 5,000 inspections is needed at an NDE rejection rate of 0.04%. 

There are necessary assumptions underpinning this methodology. First, time-invariant process control is required to ensure that estimated probabilities from historical inspections are predictive of future probabilities after descope. Ensuring consistency during the data collection period is a first step in verifying existing controls, and continued monitoring is necessary to verify that the process remains time-invariant. Second, while aggregating data across multiple parts can increase the inspection sample size and decrease uncertainty in estimated rejection rates, it requires aggregation rationale via qualitative and quantitative assessments of similitude. The methodology developed by the NESC is intended to be a component of a comprehensive fracture control evaluation by the NASA Fracture Control Board and the responsible Technical Authority.  

For information, contact Patrick E. Leser.  patrick.e.leser@nasa.gov 

Reference: NASA/TM-20250004074