417.417—Propellants and explosives.
(a)
A launch operator must define a safety clear zone that confines the adverse effects of each operation involving a public hazard or launch location hazard. A launch operator's safety clear zones must satisfy the following:
(1)
A launch operator must establish a safety clear zone that accounts for the potential blast, fragment, fire or heat, toxic and other hazardous energy or material potential of the associated systems and operations. A launch operator must base a safety clear zone on the following criteria:
(i)
For a possible explosive event, base a safety clear zone on the worst case event, regardless of the fault tolerance of the system;
(ii)
For a possible toxic event, base a safety clear zone on the worst case event. A launch operator must have procedures in place to maintain public safety in the event toxic releases reach beyond the safety clear zone; and
(iii)
For a material handling operation, base a safety clear zone on a worst case event for that operation.
(2)
A launch operator must establish a safety clear zone when the launch vehicle is in a launch command configuration with the flight safety systems fully operational and on internal power.
(b)
A launch operator must establish restrictions that prohibit public access to a safety clear zone during a hazardous operation. A safety clear zone may extend to areas beyond the launch location boundaries if local agreements provide for restricting public access to such areas and a launch operator verifies that the safety clear zone is clear of the public during the hazardous operation.
(c)
A launch operator's procedures must verify that the public is outside of a safety clear zone prior to a launch operator beginning a hazardous operation.
(d)
A launch operator must control a safety clear zone to ensure no public access during the hazardous operation. Safety clear zone controls include:
(a) General.
A launch operator must define a hazard area that confines the adverse effects of a hardware system should an event occur that presents a public hazard or launch location hazard. A launch operator must prohibit public access to the hazard area whenever a hazard is present unless the requirements for public access of paragraph (b) of this section are met.
(b) Public access.
A launch operator must establish a process for authorizing public access if visitors or members of the public must have access to a launch operator's facility or launch location. The process must ensure that each member of the public is briefed on the hazards within the facility and related safety warnings, procedures, and rules that provide protection, or a launch operator must ensure that each member of the public is accompanied by a knowledgeable escort.
(c) Hazard controls during public access.
A launch operator must establish procedural controls that prevent hazardous operations from taking place while members of the public have access to the launch location and must verify that system hazard controls are in place that prevent initiation of a hazardous event. Hazard controls and procedures that prevent initiation of a hazardous event include the following:
(1)
Use of lockout devices or other restraints on system actuation switches or other controls to eliminate the possibility of inadvertent actuation of a hazardous system.
(2)
Disconnect ordnance systems from power sources, incorporate the use of safing plugs, or have safety devices in place that prevent inadvertent initiation. Activity involving the control circuitry of electrically activated safety devices must not be ongoing while the public has access to the hazard area. Install safing pins on safe and arm devices and mechanically actuated devices. Disconnect explosive transfer lines, not protected by a safe and arm device or a mechanically actuated device or equivalent.
(3)
When systems or tanks are loaded with hypergols or other toxic materials, close the system or tank and verify it is leak-tight with two verifiable closures, such as a valve and a cap, to every external flow path or fitting. Such a system must also be in a steady-state condition.
(4)
Keep each pressurized system below its maximum allowable working pressure and do not allow it to be in a dynamic state. Activity involving the control circuitry of electrically activated pressure system valves must not be ongoing while the public has access to the associated hazard area. Launch vehicle systems must not be pressurized to more than 25% of the system's design burst pressure, when the public has access to the associated hazard area.
(5)
Do not allow sources of ionizing or non-ionizing radiation, such as, x-rays, nuclear power sources, high-energy radio transmitters, radar, and lasers to be present or verify they are to be inactive when the public has access to the associated hazard area.
(6)
Guard physical hazards to prevent potential physical injury to visiting members of the public. Physical hazards include the following:
(7)
Maintain and verify that safety devices or safety critical systems are operating properly prior to permitting public access.
(a)
A launch operator must establish, maintain and perform procedures for controlling hazards and returning the launch facility to a safe condition after a successful launch. Procedural hazard controls must include:
(b)
A launch operator must establish procedures for controlling hazards associated with a failed flight attempt where a solid or liquid launch vehicle engine start command was sent, but the launch vehicle did not liftoff. These procedures must include the following:
(1)
Maintaining and verifying that each flight termination system remains operational until verification that the launch vehicle does not represent a risk of inadvertent liftoff. If an ignition signal has been sent to a solid rocket motor, the flight termination system must remain armed and active for a period of no less than 30 minutes. During this time, flight termination system batteries must maintain sufficient voltage and current capacity for flight termination system operation. The flight termination system receivers must remain captured by the command control system transmitter's carrier signal;
(2)
Assuring that the vehicle is in a safe configuration, including its propulsion and ordnance systems. The flight safety system crew must have access to the vehicle status. Re-establish safety devices and bring each pressurized system down to safe pressure levels; and
(c)
A launch operator must establish procedural controls for hazards associated with an unsuccessful flight where the launch vehicle has a land or water impact. These procedures must include the following provisions:
(1)
Evacuation and rescue of members of the public, to include modeling the dispersion and movement of toxic plumes, identification of areas at risk, and communication with local government authorities;
(3)
Securing impact areas to ensure that personnel and the public are evacuated, and ensure that no unauthorized personnel or members of the public enter, and to preserve evidence; and
(4)
Ensuring public safety from hazardous debris, such as plans for recovery and salvage of launch vehicle debris and safe disposal of hazardous materials.
(2)
Only those explosive facilities and launch points addressed in the explosive site plan are used and only for their intended purpose; and
(3)
The total net explosive weight for each explosive hazard facility and launch point must not exceed the maximum net explosive weight limit indicated on the explosive site plan for each location.
(c)
A launch operator must establish, maintain, and perform procedures that ensure public safety for the receipt, storage, handling, inspection, test, and disposal of explosives.
(d)
A launch operator must establish and maintain each procedural system control to prevent inadvertent initiation of propellants and explosives. These controls must include the following:
(1)
Protect ordnance systems from stray energy through methods of bonding, grounding, and shielding, and controlling radio frequency radiation sources in a radio frequency radiation exclusion area. A launch operator must determine the vulnerability of its electro-explosive devices and systems to radio frequency radiation and establish radio frequency radiation power limits or radio frequency radiation exclusion areas as required by the launch site operator or to ensure safety.
(2)
Keep ordnance safety devices, as required by § 417.409, in place until the launch complex is cleared as part of the final launch countdown. No members of the public may re-enter the complex until each safety device is re-established.
(3)
Do not allow heat and spark or flame producing devices in an explosive or propellant facility without written approval and oversight from a launch operator's safety organization.
(4)
Do not allow static producing materials in close proximity to solid or liquid propellants, electro-explosive devices, or systems containing flammable liquids.
(6)
Include lightning protection on each facility used to store or process explosives to prevent inadvertent initiation of propellants and explosives due to lightning unless the facility complies with the lightning protection criteria of § 420.71 of this part.
(e)
A launch operator, in the event of an emergency, must perform the accident investigation plan as defined in § 417.111(h).