Policy
Directive
Effective Date: October 28, 2008
Expiration Date: October 28, 2013
|
|
NASA Policy Directive |
NPD 8700.1E Effective Date: October 28, 2008 Expiration Date: October 28, 2013 |
It is NASA policy to--
a. Protect the public, NASA workforce, high-value equipment and property, and the environment from potential harm as a result of NASA activities and operations by factoring safety as an integral feature of programs, projects, technologies, operations, and facilities.
b. Establish and maintain independent lines of communications for unrestricted flow of information and adjudication of dissenting opinions concerning any matters affecting the ability to meet the safety and mission success requirements and criteria. Attachment A contains a list of the typical elements included within Safety and Mission Assurance (SMA).
c. Hold NASA leaders, managers, supervisors, and employees accountable for safety and mission success within their assigned areas of responsibility.
d. Define and document both safety and mission success requirements and criteria in NASA programs and projects as a foundation for the design and development of safe and reliable program hardware and software.
e. Require all acquisition instruments as specified by the NASA Federal Acquisition Regulation Supplement to appropriately address SMA processes so that the responses to these instruments describe the approach to be used to implement SMA and to manage the associated safety and mission success risk factors.
f. Verify and validate life-cycle implementation of the SMA processes and any related safety and mission success requirements through ongoing surveillance of program, project, and contractor processes.
g. Certify the safety and operational readiness of hazardous or mission critical hardware and software (including flight systems, support equipment, facilities/operations, ground-based systems) through a process of formal review of the compilation of validation and verification information.
h. Address safety and mission success concerns, requirements noncompliance, risks and risk acceptance, and appropriate lessons learned at all major management reviews, other major milestone review activities, and operational readiness reviews.
i. Use qualitative and quantitative risk assessment techniques to develop information for making informed decisions regarding safety and mission success within a structured and formal decision process.
j. Process all technical decisions that result in residual safety and/or mission success risk by obtaining:
(1) The approval/concurrence of the cognizant Technical Authority (Engineering, SMA, or Health/Medical) with the acceptance of risk.
NOTE: The approval or concurrence is based on the technical merit of the case and independent assessment of the risk. If the technical decision relates to requirements owned by the Technical Authority, then the Technical Authority approves the decision. If the technical decision does not relate to requirements owned by the Technical Authority, then the Technical Authority concurs with the decision. Refer to NPR 7120.5D, NASA Space Flight Program and Project Management Requirements, for definitions of approval and concurrence.
(2) Formal approval by the cognizant SMA authority that the risk is acceptable.
NOTE: The cognizant SMA authority should not be confused with Technical Authority. SMA authority is the authority assigned by NPD 1000.3, The NASA Organization, to the Chief, Safety and Mission Assurance to determine if the risk of a hazard exceeds the limits where it can be accepted. This authority is not limited solely to hazards related to SMA requirements but to any hazard. Application of this authority is intended to be applied at a level consistent with the application of Technical Authority (that is to the cognizant SMA authority).
(3) Formal consent to take any human safety risk by the actual risk taker and an appropriate member of his/her supervisory chain.
NOTE: There are two elements to the consent to take risk. The first element is that the risk takers themselves volunteer to take the risk. The second element is that the appropriate member of the supervisory chain also consents to the risk-taking. The first element focuses on the willingness of the risk taker to volunteer while the second element provides for a check and balance on the risk taker to alleviate situations where a risk taker might be reluctant to decline taking inappropriate risk.
(4) Formal acceptance of the risk by the applicable program, project, or operations and facilities manager.
NOTE: Residual risk is the remaining risk that exists after all mitigation actions have been implemented or exhausted in accordance with the risk management process.
k. Report and track to resolution all corrective actions resulting from
investigations of mishaps, incidents, nonconformances, anomalies, and
safety and mission assurance audits; distribute and use
lessons learned to improve activities and operations.
This NPD applies to NASA Headquarters, NASA Centers, including Component
Facilities, NASA Technical and Support Service Centers, and to JPL to the
extent specified in its contract.
a. 42 U.S.C. ยบ 2473(c)(1), Section 203(c)(1) of the National Aeronautics and Space Act of 1958, as amended.
b. 29 CFR 1910, Occupational Safety and Health Standards.
c. 29 CFR 1960, Basic Program Elements for Federal Employee Occupational Safety and Health Programs and Related Matters.
d. NPR 5100.4, Federal Acquisition Regulation Supplement (NASA/FAR
Supplement).
a. NPD 1000.3, The NASA Organization.
b. NPR 7120.5D, NASA Space Flight Program and Project Management Requirements.
c. NPR 8705.6, Safety and Mission Assurance Audits, Reviews, and Assessments.
d. Worker Safety and Health Support Annex of the National Response Plan.
e. Safety and Mission Assurance Requirements Tree,
http://www.hq.nasa.gov/office/codeq/doctree/qdoc.htm.
a. The Administrator is the ultimate acceptance/disposition official for residual safety and mission success risks and the official Agency spokesperson to consent to any exposure to residual human safety or property risk on behalf of the general public. In this capacity, the Administrator shall--
(1) Decide cases of formal dissent to accept residual safety and mission success risks that are elevated to the Administrator (Requirement 58733).
(2) Consent to the residual human safety or property risk on behalf of the general public in cases where the consent to take the residual human safety or property risk is not the responsibility of the Center Director (when the risk is located at or near a NASA Center or Component Facility) or the Range Commander (when the risk is associated with range operations (Requirement 58734).
(3) Request external approval/concurrence for risks that are not within the authority of NASA to grant (Requirement 58735).
b. The Mission Directorate Associate Administrators are responsible for the safety and mission success of their programs, projects, elements, and activities.
(1) To accomplish this, each Mission Directorate Associate Administrator shall--
(a) Establish safety and mission success requirements based on the Agency-level requirements for all programs and assure these requirements are properly flowed down into projects, elements, and activities (Requirement 58738).
(b) Ensure that all programs, projects, elements, and activities control the recurrence of problems through a closed-loop corrective and preventive action system (Requirement 58739).
(c) Establish policies and procedures for formal reviews for the certification of programs, projects, elements, and activities as detailed in paragraph 1.g ((Requirement 58740).
(d) Establish and apply a process for technical decisions dealing with residual safety and mission success risk that is consistent with the policy statements contained within paragraph 1.j above (Requirement 58741).
(e) Accept residual safety and mission success risks to programs, projects, elements, and activities under their purview (Requirement 58742).
(2) Mission Directorate Associate Administrators are authorized to direct the suspension of any activity that presents either a present hazard (imminent danger) or future hazard to people, property, or mission operations due to unsafe acts or conditions that might be identified by either inspection or analysis.
c. Responsibilities for the Chief, Safety and Mission Assurance are assigned in NPD 1000.3.
(1) In addition to those responsibilities, the Chief, Safety and Mission Assurance shall--
(a) Provide SMA and Risk Management (RM) expectations and evaluations at Program Management Council activities and other major program milestone reviews (Requirement 58746).
(b) Establish review processes to support the certification of hardware and software safety and operational readiness (including flight systems, support equipment, facilities/operations, ground-based systems) (Requirement 58747).
(c) Participate in selected certification and readiness reviews established by the Mission Directorate Associate Administrators (Requirement 58748).
(d) Formulate and direct safety, reliability, maintainability, and quality education, training, and career development programs to enable SMA staff, program/project management, senior Agency management, and the NASA workforce to obtain the understanding of safety, reliability, maintainability, and quality principles, tools, methods, and standards necessary to successfully perform their functions (Requirement 58749).
(e) Review emergency planning as part of the Office of Safety and Mission Assurance review processes to ensure compliance with the Occupational Safety and Health Administration requirements in 29 CFR 1960, 29 CFR 1910, and the Worker Safety and Health Support Annex of the National Response Plan (Requirement 58750).
(f) Evaluate and independently assess residual risk and determine whether the risk may be accepted (Requirement 58751).
(2) The Chief, Safety and Mission Assurance is authorized to direct the suspension of any activity that presents either a present hazard (imminent danger) or future hazard to people, property, or mission operations due to unsafe acts or conditions that might be identified by either inspection or analysis.
d. The Chief Health and Medical Officer is authorized to direct the suspension of any activity that presents either a present hazard (imminent danger) or future hazard to people, property, or mission operations due to unsafe acts or conditions that might be identified by either inspection or analysis.
e. The Center Directors are responsible for the safety and mission success of their activities and operations.
(1) To accomplish this, in addition to the responsibilities established in NPD 1000.3, each Center Director shall--
(a) Establish safety and mission success requirements for Center operations and activities (Requirement 58756).
(b) Delegate this authority based on an assessment of the frequency of occurrence and the severity of the risk (Requirement 58757).
(c) Designate a functional manager for SMA to serve as the leader and focal point for the Center's SMA activities (Requirement 58758).
(d) Staff Center SMA organizations with sufficient qualified safety, reliability, maintainability, quality, and RM professionals (Requirement 58759).
(e) Apply a process for technical decisions dealing with residual safety and mission success risk to Center activities and operations that is consistent with paragraph 1.j, including:
(i) Serving as the risk acceptance/disposition official for residual safety and mission success risk to Center operations and activities (Requirement 58761).
(ii) Consenting to take the residual risk on behalf of people exposed (civil service employees, contractor employees, and visitors) on-site at the Center and its component facilities (Requirement 58762).
NOTE: For spaceflight and aircraft flight crews, the Center Director for the Center where the flight crews are employed is responsible for the flight crew and consents to take the residual risk on behalf of the flight crews, regardless of the location of the risk. During flight operations, the consent to take risk may transfer to the vehicle commander or other designated individual.
(f) Maintain the safe and successful functioning of the Center facilities and operations (Requirement 59094).
(g) Use lessons learned to improve operations and activities (Requirement 59095).
(h) Control recurrence of undesired events through a closed-loop corrective action system (Requirement 59096).
(2) Center Directors are authorized to direct the suspension of any activity that presents either a present hazard (imminent danger) or future hazard to people, property, or mission operations due to unsafe acts or conditions that might be identified by either inspection or analysis.
f. Program, project, and element managers are responsible for the safety and mission success of their programs, projects, and elements. Program, project, and element managers shall--
(1) Establish safety and mission success requirements within their programs, projects, and elements in conjunction with the designated Technical Authority (Requirement 58765).
(2) Work with the host Center SMA organization to coordinate/execute SMA efforts within the program/project/element (Requirement 58766).
(3) Accept any residual safety and mission success risk for activities within their decision authority for their program/project/element ((Requirement 58767).
g. In cases where there is residual risk to safety and mission success, the cognizant Technical Authorities (Engineering, SMA, Health/Medical) shall evaluate and formally approve or concur with the program manager to accept the risk. (Refer to paragraph 1.j.(1).) (Requirement 58768).
h. The Center SMA functional manager supports the Center Director in implementing their responsibilities.
(1) The Center SMA functional managers shall--
(a) Provide local SMA leadership and policy implementation direction for Center-hosted programs, projects, and operations (Requirement 58771).
(b) Serve as the Center focal point for the alternative, independent SMA line of communication (Requirement 58772).
(c) Assure that effective and efficient SMA processes are in place to enhance the potential for success of NASA programs, projects, elements, and activities hosted by the Center (Requirement 58773).
(d) Conduct surveillance and independent assessments to enhance (a) the success of programs, projects, elements, and activities; and (b) the effectiveness of SMA activities (Requirement 58774).
This includes overseeing any SMA activities managed by other organizations, such as aviation safety, lifting safety, pressure-systems safety, firefighting, and emergency response. (For a list of typical SMA activities and program elements, see Attachment A.)
(e) Review, in coordination with their Center's program, project, and element personnel, SMA and RM plans for the programs, projects, and elements at the Center (Requirement 58775).
(f) Perform hazard analyses and SMA assessments in support of program, project, and element needs (Requirement 58776).
(g) Provide SMA expectations and evaluations to local Center Program Management Council activities (Requirement 58777).
(h) Evaluate and independently assess safety and mission success residual risk and determine that the risk may be accepted (Requirement 58778).
(2) Center SMA functional managers are authorized to direct the suspension of any activity that presents either a present hazard (imminent danger) or future hazard to people, property, or mission operations due to unsafe acts or conditions that might be identified by either inspection or analysis.
i. The Associate Administrator for Institutions and Management is responsible for the operational safety program at Headquarters.
(1) The Associate Administrator for Institutions and Management shall--
(a) Maintain the safe and successful functioning of Headquarters facilities and operations (Requirement 58782).
(b) Use lessons learned to improve operations and activities (Requirement 58783).
(c) Control recurrence of undesired events through a closed-loop corrective action system (Requirement 58784).
(d) Implement Agency safety policies, plans, techniques, procedures, and standards and ensure that safety requirements are established for Headquarters operations (Requirement 58785).
(e) Apply a process for technical decisions dealing with residual safety and mission success risk to Headquarters activities and operations that is consistent with paragraph 1.j, including:
(i) Serving as the risk acceptance official for residual safety and mission success risk to Headquarters operations and activities (Requirement 58787).
(ii) Consenting to take the residual risk on behalf of people exposed (civil service employees, contractor employees, and visitors) onsite at Headquarters (Requirement 58788).
(f) Designate a safety manager to serve as the leader and focal point for the Headquarters safety activities (Requirement 58789).
(2) The Associate Administrator for Institutions and Management is authorized to direct the suspension of any activity that presents either a present hazard (imminent danger) or future hazard to people, property, or mission operations due to unsafe acts or conditions that might be identified by either inspection or analysis.
j. Supervisors are responsible for the safety of their assigned personnel. Supervisors are authorized within the context of their official duties to direct the suspension of any activity that presents a present hazard (imminent danger) to their employees.
k. Employees are authorized to cease working any process or operation
they believe to be unsafe and request analysis by a qualified individual.
None.
NPR 8705.6, Safety and Mission Assurance Audits, Reviews, and
Assessments, defines the primary activities used to determine compliance
with the policy and requirements contained within this NPD. Additional
measurement and verification information is contained within lower-level
SMA requirements included within the SMA requirements set described in
the SMA Requirements Tree.
NPD 8700.1C, NASA Policy for Safety and Mission Success, dated
October 13, 2002.
Typical SMA Program Elements
Advisories
Alerts (Government-Industry Data Exchange Program)
Emergency preparedness (Worker Health and Safety aspects)
Independent assessment (SMA)
AS 9100/ISO 9001/AS9003
Lessons learned (SMA aspects)
Maintainability engineering
Metrics (SMA)
Metrology and calibration
Mishap reporting and investigating
Orbital debris
Nonhealth associated personal protective equipment (fall protection
restraints, hard hats, etc.)
Process-Based Mission Assurance
Process control
Procurement assurance (Application of SMA to procurements)
Quality assessment
Quality assurance
Quality audits
Quality engineering
Quality management
Quality, parts
Quality, product identification and traceability
Quality, reviews
Quality, software
Quality, surveillance
Quality, workmanship
Reliability engineering
Reliability, human
Reliability management
Reliability, software
Reliability-centered maintenance
Risk assessment (SMA aspects)
Risk management (SMA aspects)
Safety management
Safety engineering
Safety, aviation
Safety, confined spaces
Safety, cryogenic
Safety, electrical
Safety, explosives, propellants, and pyrotechnics
Safety, extravehicular activity
Safety, facility
Safety, fall protection
Safety, fire
Safety, hazardous materials
Safety, hazardous operations
Safety, hydrogen
Safety, inert gas
Safety, ionizing radiation
Safety, lockout/tagout
Safety, lifting devices
Safety, motor vehicle
Safety, nitrogen
Safety, non-ionizing radiation
Safety, nuclear (viz: the launching of radioactive materials)
Safety, oxygen
Safety, payload
Safety, pressure vessel
Safety, promotion and motivation
Safety, range
Safety, software
Safety, system
Safety, test operations
Survival, Crew
Survivability, Spacecraft
SMA management
Training (SMA topics)
None.