NASA Procedures and Guidelines
This Document is Obsolete and Is No Longer Used. Check the NODIS Library to access the current version: http://nodis3.gsfc.nasa.gov

NPR 8621.1
Effective Date: June 02, 2000
Cancellation Date: February 11, 2004
Responsible Office:

TABLE OF CONTENTS

Change History

Cover

Preface

P.1 PURPOSE

P.2 APPLICABILITY

P.3 AUTHORITY

P.4 REFERENCES

P.5 CANCELLATION

CHAPTER 1.á Responsibilities

1.1 NASA Administrator
1.2 Associate Administrator for Safety and Mission Assurance
1.3 Enterprise Associate Administrators
1.4 Associate Administrator for Headquarters Operations
1.5 NASA Center Directors
1.6 Program/Project Managers
1.7 NASA Center Safety and Mission Assurance Officials (including Safety Officials)
1.8 Public Affairs Offices
1.9 Contracting Officers
1.10 Appointing Officials
1.11 Approving Officials
1.12 Ex Officio Representative
1.13 Aircraft Management Office
1.14 Operator of an Agency Aircraft
1.15 NASA Officials Entering into Agreements
1.16 Responsible Organization
1.17 Supervisors
1.18 Employees

CHAPTER 2.á Notification and Recording of Mishaps, High-Visibility Events, and Close Calls

2.1 Notification and Reporting Requirements
2.2 NASA Mishap and Close Call Immediate Notification Requirements
2.3 Other Immediate Reporting Requirements
2.4 Other Recording Requirements
2.5 Exemptions to Recording Requirements for Certain Occurrences

CHAPTER 3.á Implementing the Mishap Investigation Process

3.1 Safeguarding the Site and Collecting Initial Evidence
3.2 Determining the Level of Investigation/Selecting the Appointing Official and Approving Official
3.3 Appointing Official Procedures
3.4 Exceptions to the Normal Appointment and Investigation Process
3.5 Membership of an Investigation Board, Team, or Activity
3.6 Support for the Investigation
3.7 Conducting the Investigation

CHAPTER 4.á Acceptance and Approval Process for Mishap Investigation Reports

4.1 General
4.2 Mishap Report Acceptance and Approval
4.3 Release of Information Concerning Mishaps, Casualties, Mishap Reports, and other Information
4.4 Retention of Mishap Reports and Records

CHAPTER 5.á Corrective Action Planning and Approval

5.1 CAP Development
5.2 Corrective Action Implementation
5.3 Corrective Action Independent Assurance and Closeout

CHAPTER 6.á Lessons Learned Development, Disposition, Submission, and Approval

6.1 Lessons Learned Development
6.2 Lessons Learned Disposition, Submission, and Approval

APPENDICES.

A. Terms and Definitions

B. Guidelines for the Preservation of Evidence
B-1. Locating and Preserving Physical Evidence
B-2. Mapping the Mishap Scene
B-3. Photography
B-4. Documentary Evidence

C. Release of Information Concerning Mishaps and Casualties

D. Release of Mishap Investigation Reports

E. Guidelines for Witness Interviewing
E-1. Statement to Witnesses
E-2. Locating and Interviewing Witnesses

F. Mishap Organizational Responsibilities Matrices
F-1. NASA Mishap Reporting Requirements Matrix
F-2. Mishap Organizational Responsibilities Matrix
F-3. Mishap Appointing/Approving Official Matrix

G. Mishap Site Safety

H. Sample Documentation
H-1. Sample Appointing Official Appointment Letter
H-2. Mishap Investigation Board Appointment Letter
H-2.1. Attachment A to Appointment Letter
H-3. Mishap Investigation Report Format
H-4. Causal Factors and Recommendations
H-5. Finding, Cause, Observation, and Recommendation Format
H-6. Corrective Action Plan Format
H-7. Mishap Summary Report Format

I. Mishap Investigation Techniques
I-1. Root Cause Analysis Methodology
I-2. Evidence and Data Analysis
I-3. Advanced Analytical Techniques
I-3.1. Events and Causal Factors Diagramming
I-3.2. Management Oversight and Risk Tree (MORT)
I-3.3. Sequentially Timed Events Plotting (STEP)
I-3.4. Change Analysis
I-3.5. Fault Tree Analysis

J. Mishap Investigation Checklists
J-1. Mishap Investigation and Followup Process Checklist
J-2. Immediate Action Checklist
J-3. Mishap Board Checklist
J-4. Witness Interview Checklist
J-5. Human Factors Checklist
J-6. Training and Certification Checklist
J-7. Systems Investigator Checklist
J-8. Operations Checklist
J-9. Maintenance and Inspection Checklist
J-10. Investigation Kit
J-11 Aircraft Flight Mishap Checklist

K. Incident Reporting Information System (IRIS)

L. Acronyms

M. Typical Sequence of Events for the Mishap Investigation Process

P.1 PURPOSE

The purpose of this NASA Procedural Requirements (NPR) is to provide requirements to report, investigate and document mishaps, close calls, and previously unidentified serious workplace hazards to prevent recurrence of similar accidents. This NPR does not apply to investigative procedures concerning civil, criminal, or administrative culpability, or legal liability. Furthermore, the safety investigation outlined in this NPR shall not be used to direct or justify disciplinary action for mishaps or close calls (Requirement 30984).

A close call (although not technically considered a mishap) must also be reported and investigated to find and fix the root cause(s) of the event before a recurrence results in serious harm. It is important that every NASA employee be continually reminded to look out for and report close calls. In addition to the obvious benefit of preventing recurrence, people will develop a habit of vigilance that will help to eliminate the unsafe acts and unnecessary risk taking that is the primary causal factor of most mishaps.

This NASA Procedures and Guidelines (NPG) provides guidance concerning how to respond to any mishap or close call from discovery through closure of the actions needed to prevent recurrence, and how to release that mishap information to the public. This NPG also includes instructions on how NASA organizations are to respond to the mishap reporting and investigating requirements of other agencies, such as the Occupational Safety and Health Administration (OSHA) and the National Transportation Safety Board (NTSB). The appendices contain mishap investigation techniques to be used.

This NPG is applicable to NASA Headquarters and Centers, including Component Facilities; to JPL and other NASA contractors to the extent specified in their contracts; and to other organizations (i.e., commercial partners, other Federal Agencies, international parties, tenants on NASA Centers, etc.), as specified and described in written operating agreements. This document does not apply to investigative procedures concerning civil, criminal, or administrative culpability, or legal liability. Furthermore, the safety investigation process outlined in this NPG may not be used to direct or justify disciplinary action for mishaps or close calls.

a. 42 U.S.C. 2473 (c)(1), Section 203 (c)(1) of the National Aeronautics and Space Act of 1958, as amended.

b. 29 U.S.C. 668, Section 19 of the Occupational Safety and Health Act of 1970, as amended.

a. 29 CFR Part 1904, Recording and Reporting Occupational Injuries and Illnesses (U.S. Department of Labor, Occupational Safety and Health Administration).

b. 29 CFR Part 1960, Basic Program Elements for Federal Employee Occupational Safety and Health Programs and Related Matters.

c. 49 CFR Part 830, Notification and Reporting of Aircraft Accident or Incidents and Overdue Aircraft, and Preservation of Aircraft Wreckage, Mail, Cargo, and Records.

d. Reserved.

e. NPD 9800.1, NASA Office of Inspector General Programs.

f. NPR 1441.1, NASA Records Retention Schedule (Schedule 1).

g. NPR 1620.1, Security Procedures and Guidelines.

h. NPR 3792.1, Plan for a Drug-Free Workplace.

i. NASA Federal Acquisition Regulation (FAR) Supplement (NFS) Part 1807, Acquisition Planning.

j. NFS Part 1852.223-70, Safety and Health.

k. Office of Space Flight (OSF) Contingency Action Plan for Space Flight Operations.

l. Incident Reporting Information System (IRIS).

m. NASA Lessons Learned Information System (LLIS) (http://llis.gsfc.nasa.gov/).

This NPR cancels NPR 8621.1, dated June 2, 2000

Original signed by
/s/ Frederick D. Gregory

Associate Administrator for Safety and Mission Assurance

The NASA Administrator can elect to be the Appointing Official for Type A mishap investigations. (See Appendix A for definitions of mishap types.) In such instances, the Associate Administrator for Safety and Mission Assurance will provide assistance and support in board appointment activities and in the investigation, approval, and corrective action process.

1.2 Associate Administrator for Safety and Mission Assurance

1.2.1 The Associate Administrator for Safety and Mission Assurance (or designee) is responsible for the following:

a. Assuring the proper reporting, investigating, and recordkeeping for mishaps and close calls by defining and administering the mishap reporting and investigating process.

b. Concurring with the assignment of responsibility for conducting the investigation and membership for Type A mishaps or high-visibility mishaps or close calls. The Associate Administrator for Safety and Mission Assurance may grant authority to the Space Shuttle and International Space Station programs to conduct program level technical investigations instead of a higher level investigation board for certain anomalies or close calls (see Chapter 3).

c. Approving the mishap investigation board membership and level and serving as the Approving Official for the mishap investigation board report generated by any investigation appointed by an Enterprise Associate Administrator or the Associate Administrator for Headquarters Operations (Type A only).

d. Providing assistance to the Appointing Official in reviewing Corrective Action Plans (CAP's).

e. Participating, at his/her discretion, as an ex officio representative (or designating an individual to participate on his or her behalf) in any NASA mishap investigation board or investigation activity to the level deemed appropriate to either assist the conduct of the investigation or to monitor the mishap investigation activities to ensure that activities are thorough, impartial, and in conformance with NASA policy.

f. Serving as the Appointing Official and Approving Official for mishap investigations directed by the Administrator or for those high-visibility mishaps, mission failures, or close calls that the Administrator may select. (See NPD 8621.1 , "NASA Mishap Reporting and Investigating Policy.")

g. Notifying the Occupational Safety and Health Administration (OSHA) Office of Federal Agency Programs of the mishaps listed in paragraph 2.3.2 and forwarding to OSHA's Office of Federal Agency Programs a final copy of the mishap summary of any mishap for which notification was made.

h. Notifying the National Transportation Safety Board (NTSB) of any incidents listed in paragraph 2.3.3 and negotiating NTSB's involvement, if any, in investigations or other followup activities.

1.2.2 The Associate Administrator for Safety and Mission Assurance will serve as Appointing Official for NASA joint participation on boards with the Department of Defense (DoD) and other agencies unless authority is delegated by existing agreements.

1.3 Enterprise Associate Administrators

The Enterprise Associate Administrators are responsible for the following:

1.3.1 Enterprise Associate Administrators have primary responsibility for implementing mishap reporting, investigating, and recordkeeping requirements for their assigned Enterprises.

1.3.2 The Enterprise Associate Administrator will be the Appointing Official for Type A mishaps, or high-visibility close calls, mission failures, or other mishaps (after consulting and receiving agreement from the Administrator or the Associate Administrator for Safety and Mission Assurance to determine if they desire to be the Appointing Official). The Enterprise Associate Administrator may delegate this authority only after consulting with and receiving agreement from the Associate Administrator for Safety and Mission Assurance.

1.3.3 The Enterprise Associate Administrator will obtain concurrence from the Associate Administrator for Safety and Mission Assurance on mishap investigation board levels and proposed membership.

1.3.4 The Enterprise Associate Administrator will develop mishap contingency plans (premishap plans, procedures, and activities) to support this NPG.

1.4 Associate Administrator for Headquarters Operations

The Associate Administrator for Headquarters Operations is responsible for the following:

a. Serving as the Appointing Official for Type A mishaps and lesser mishaps and close calls that occur at NASA Headquarters, with the advice of the supporting safety official, and serving as the Approving Official for investigations below Type A.

b. Developing NASA Headquarters-level mishap contingency plans (premishap plans, procedures, and activities) to support this NPG.

c. Developing and documenting a reporting, investigation, and prevention process that meets the NASA Headquarters data collection and analysis needs, and as a minimum, identifies the what, where, when, and why of the mishap or close call. Additionally, the Associate Administrator for Headquarters Operations should dictate the local timelines for initial notification of the mishap, finalization of the mishap report, and generation of the CAP to meet the requirements of this NPG.

d. Ensuring the final mishap information is documented in a mishap report and submitted in accordance with this NPG.

e. Providing administrative and logistical support for investigation boards working at NASA Headquarters.

1.5 NASA Center Directors

Each NASA Center Director is responsible for the following:

a. Serving as the Appointing Official for Type B mishaps (and Type A when delegated), and lesser mishap or close call investigations to determine their cause.

b. Developing Center-level mishap contingency plans (premishap plans, procedures, and activities) to support this NPG.

c. Developing and documenting a reporting, investigation, and prevention process that follows this NPG, meets their individual Center's data collection and analysis needs, and as a minimum, identifies the what, where, when, and why of the mishap or close call. Additionally, each Center should dictate the local timelines for initial notification of the mishap, the mishap report, and the CAP to meet the requirements of this NPG.

d. Ensuring the final mishap information is documented in a mishap report and submitted to NASA Headquarters in accordance with this NPG.

e. Providing administrative and logistical support for investigation boards working on the Center.

1.6 Program/Project Managers

1.6.1 Program/project managers will serve as the Appointing Official for Type A or B mishap boards (when delegated), lesser investigation activities or close calls, or special program level technical reviews to determine the cause of a failure, with the advice of the program safety official.

1.6.2 When experiencing a mishap involving hardware or facilities within their program jurisdiction, program/project managers will provide funding/support for investigations chartered by the Administrator, the Associate Administrator for Safety and Mission Assurance, or the Center Director.

1.6.3 Program/project managers will develop program/project level mishap contingency plans (premishap plans, procedures, and activities) to support this NPG. For NASA programs and projects involving international partners, program/project managers will address the responsibilities and procedures for mishap investigation in the bilateral or multilateral agreements.

1.6.4 Program/project managers will provide support to Appointing Officials in monitoring and assessing the status of corrective action plan implementation.

1.7 NASA Center Safety and Mission Assurance Officials (including Safety Officials)

1.7.1 In the event of a NASA mishap, NASA Center safety and mission assurance officials will perform the following, after first assuring that emergency response actions have begun:

a. Notify NASA Headquarters (the Safety and Risk Management Division of the Office of Safety and Mission Assurance) within 1 hour by telephone, facsimile, or electronic mail during normal duty hours, or the NASA Headquarters Emergency Center (Security Desk), 1-866-230-NASA (1-866-230-6272), during nonduty hours, of all mishaps and close calls requiring immediate notification (see Chapter 2 ). Telephonic reports must be followed up with an electronic report within 1 hour.

b. After initial notification to NASA Headquarters (if required) and to other appropriate Center personnel, such as the Center Public Affairs Office (PAO), submit an electronic transmission through the Incident Reporting Information System (IRIS) on NASA Form (NF)-1627A, "Initial Safety Incident Report," to the NASA Safety and Risk Management Division (see Appendix F) by COB of the next workday.

c. Provide the OSHA area office nearest the site of the mishap (or call OSHA at 1-800-321-6742) and the Safety and Risk Management Division with the information described in Chapter 2 within 8 hours of work-related accidents involving the death of a Federal employee, or the hospitalization of three or more employees (provided at least one is a Federal employee). This is required for any fatality or three or more hospitalizations that occur up to 30 days after the respective mishap. The NASA Center safety and mission assurance official must persist in making this report until an acknowledgement has been received. The official will provide two copies of a summary report, as required by 29 CFR 1960, to the Safety and Risk Management Division for forwarding to OSHA upon completion of the mishap investigation.

1.7.2 NASA Center safety and mission assurance officials will ensure all NASA mishaps and close calls are initially reported/recorded electronically on NF-1627, "NASA Full Safety Incident Report," and submitted in accordance with the IRIS instructions (see Appendix K) and the policies of the Director, Office of Health Affairs, at NASA Headquarters. Updates (including closure) will be submitted to IRIS within one week of receiving the data.

1.7.3 NASA Center safety and mission assurance officials will notify the Office of Inspector General (OIG) and the Office of the Chief Counsel immediately if it is reasonably suspected that a mishap resulted from criminal activity so that the OIG and Chief Counsel can appropriately coordinate their activities with the responsible workplace official.

1.7.4 NASA Center safety and mission assurance officials will notify the Safety and Risk Management Division during normal duty hours of mishaps and close calls that do not require immediate reporting but, in the judgment of the NASA Center safety and mission assurance official, may receive high visibility from the public, the press, or have recurrence control implications beyond the local Center.

1.7.5 NASA Center safety and mission assurance officials will initiate, facilitate, and coordinate all investigation activities and will be part of Center-level decisions on the acceptability of investigation activities or the need to reject investigation reports and establish a new investigation activity. They will also provide assistance to Appointing Officials in reviewing the adequacy of CAP's.

1.7.6 NASA Center safety and mission assurance officials will provide support to Appointing Officials (or their designees) to further develop and capture lessons learned topics identified in the final investigation report.

1.7.7 NASA Center safety and mission assurance officials will assist Appointing and Approving Officials in fulfilling their responsibilities.

1.7.8 NASA Center safety and mission assurance officials will involve themselves in acquisition strategy meetings as per NASA Federal Acquisition Regulations Supplement (NFS) Part 1807, "Acquisition Planning," to assure that the appropriate mishap and close call reporting, investigating, and evaluation criteria are incorporated into contracts.

1.8 Public Affairs Offices

Public affairs offices will assist in disseminating any preliminary information to the public relating to mishaps or close calls, and providing status, interim reports, and final reports to press and media representatives as provided in Appendix C and Appendix D.

1.9 Contracting Officers

Contracting officers must perform the following:

a. Incorporate applicable mishap and close call reporting and investigating procedures detailed in the NFS into contracts covering NASA programs and operations.

b. Involve safety and mission assurance and health personnel in the acquisition strategy planning activities for proposed contracts as detailed in NFS Part 1807, "Acquisition Planning."

1.10 Appointing Officials

1.10.1 Appointing Officials are responsible for the mishap investigation process and for appointing the mishap investigation members. The Appointing Official shall determine whether a mishap investigation board, mishap investigation team, Center-level investigation, or technical investigation team shall be used to investigate a mishap or close call, or alternately, to accept the investigation of another competent authority that may have jurisdiction.

1.10.2 The Appointing Official is responsible for the following:

a. Determining the level of NASA involvement, if any, when the mishap resulted from the actions of an outside source that was not involved in NASA operations.

b. Arranging for administrative and logistical support to the mishap investigation via the appointment letter.

c. Accepting the final mishap investigation report as fulfilling the requirements of the appointment letter and providing the report to the Approving Official for review.

d. Ensuring reporting organizations develop a CAP, accepting the CAP, and tracking and closing corrective actions resulting from any mishap investigation that the Appointing Official has appointed.

e. Providing a Portable Document File (PDF) electronic copy of the final, approved mishap investigation report to the appropriate level NASA Lessons Learned Information System (LLIS) program representative for posting to the NASA LLIS database. The copy that the Appointing Official provides to the LLIS database must first have been cleared for such release by the appropriate level NASA legal official, NASA import/export control official, and any other NASA program or policy official as appropriate. (Note: this should be undertaken during the report approval process.) This will ensure that the copy being released to the NASA LLIS is consistent with NASA policy and does not contain any restricted privacy information, classified information, or information that is subject to import/export control regulations.

f. Providing a final mishap summary report to the supporting safety and mission assurance organization and notifying the responsible organization that the corrective action plan is closed. (See Chapter 5.)

1.11 Approving Officials

The Approving Official has the final responsibility to review and approve the mishap investigation report as complete and in conformance with NASA policy. This includes coordination of the mishap report and any related lessons learned with an appropriate level NASA legal official, NASA import/export control official, NASA public affairs official, and any other NASA program or policy official as appropriate for compliance with NASA policies. The Appointing Official may also be the Approving Official for Center-level investigations.

1.12 Ex Officio Representative

1.12.1 The ex officio representative is the Associate Administrator for Safety and Mission Assurance, or his/her authorized representative, serving as a nonvoting participant in all investigation activities at his/her discretion. The ex officio representative is responsible for the following:

a. Assuring that the investigation was conducted in conformance with NASA policy and this NPG.

b. Assuring that the investigation process was fair, independent, and nonpunitive.

c. Providing advice and counsel to the investigation chair so that the investigation process could determine the root cause(s) of the mishap.

1.12.2 The ex officio representative will sign the final report demonstrating his or her belief that the above conditions have been satisfied.

1.12.3 For less than Type A investigations, the ex officio representative will be at a level consistent with the level of the appointment (e.g., will usually be a Center senior SMA official for Type B or a safety officer for Type C) and will be so documented in the appointment letter.

Ex officio representatives are not required for investigation activities directed or conducted by the safety or health organization.

1.13 Aircraft Management Office

The Aircraft Management Office (AMO) is responsible for coordinating the development of an Agency aviation safety program in accordance with Agency policies. As part of these responsibilities, the AMO will be notified of all aircraft mishaps and may participate in selected aircraft mishap investigations.

1.14 Operator of an Agency Aircraft

Upon occurrence of any NTSB aircraft accident (see Appendix A), the operator of an Agency aircraft shall immediately notify the Center safety office/program manager as well as the Safety and Risk Management Division by telephone, facsimile, or electronic mail during normal duty hours, or after duty hours call 1-866-230-NASA (1-866-230-6272). In addition, the operator of an Agency aircraft must report any event listed in paragraph 2.3.3.1 and provide the information specified in paragraph 2.3.3.2. The Safety and Risk Management Division has the responsibility to notify the NTSB.

1.15 NASA Officials Entering into Agreements

The NASA official entering into international agreements, interagency agreements, or memoranda of understanding between or among NASA and other federal agencies, international parties, and commercial partners shall include mutually acceptable elements of NPD 8621.1 , "NASA Mishap Reporting and Investigating Policy," and this NPG in the agreements to ensure that the process of reporting and investigating mishaps resulting from joint operations or other activities that affect NASA personnel or equipment are consistent with NASA policy.

1.16 Responsible Organization

The responsible organization is the organization that experienced the mishap. It will provide support as deemed necessary by the investigation chair for the mishap investigation process. After the corrective action plan is approved, the responsible organization will implement the corrective action plan as directed by the Appointing Official and provide status reports to the Appointing Official or designee.

1.17 Supervisors

1.17.1 When a supervisor is either witness to or informed of a mishap or close call, the supervisor must notify the appropriate emergency response personnel and the NASA Center safety and mission assurance official, health office, or program manager of the mishap (to the extent not already accomplished).

1.17.2 After the initial notifications are made, supervisors are responsible for providing further necessary assistance and control at the mishap site until emergency response, safety, or security authorities arrive. They are required to report the circumstances of mishaps and close calls in their immediate work area, support the investigation process and activities, and provide as much information as possible for, or submit, the NF-1627A, "NASA Initial Safety Incident Report."

1.17.3 Supervisors are required to develop mishap contingency plans (premishap plans) within their work area to support the procedures and guidelines in this NPG.

1.17.4 Supervisors may serve as the investigation official when tasked by an Appointing Official.

1.17.5 If the mishap results in a death, or personal injury requiring immediate hospitalization or in damage estimated to be in excess of $10,000 to Government or private property, the supervisor should also refer to NPG 3792.1 , "NASA Plan for a Drug-Free Workplace," to determine whether additional action outside the safety mishap reporting and investigating process should be taken.

1.18 Employees

All employees witness to or involved in a NASA mishap or close call are responsible for the following (to the extent physically able):

a. As soon as possible, notifying emergency response (911, fire, ambulance, security, etc.) of the need for any assistance.

b. As soon as possible, notifying a supervisor, management official, or a safety/health staff member of the circumstances of the mishap or close call.

c. Providing as much information as possible for witness statements and for the NF-1627A, "NASA Initial Safety Incident Report," and supporting the investigation process and activities.
á

2.1 Notification and Reporting Requirements

NASA, OSHA, and the NTSB for aircraft all have reporting requirements covering mishaps and close calls. The level and immediacy of reporting depend upon a multitude of factors, which may overlap. (See Appendix A for the definitions of a mishap and types of investigations.) NASA mishaps, close calls, or occurrences that must be reported include those involving the following:

a. Injury or death to members of the public or damage to public or private property, if the mishap was caused by NASA operations.

b. Injury or death to civil service employees while on duty.

c. Damage to or loss of government property or equipment, or mission failures.

d. Close calls.

e. Any other occurrence on NASA property that would be of interest to NASA (public traffic accident on NASA roads, visitor medical emergency, etc.).

2.2 NASA Mishap and Close Call Immediate Notification Requirements

2.2.1 All NASA mishaps and close calls must be reported immediately to a supervisor, safety or health official, or program manager who will notify the Center safety office. Other occurrences (see paragraph 2.1.e) will be reported in accordance with procedures established by the Center.

2.2.2 For those Type A or Type B mishaps, high-visibility mission failures, or other high-visibility mishaps or high-visibility close calls, the Center safety office (or program safety manager) shall provide an immediate (within 1 hour) notification to the Safety and Risk Management Division by telephone, facsimile, or electronic mail in the format of NF-1627A during normal duty hours, or the NASA Headquarters Emergency Center, 1-866-230-NASA (1-866-230-6272), during nonduty hours. The Center office must receive an acknowledgement of receipt from Headquarters to fulfill this requirement. (Initial phone notification requires a written, electronic followup within 1 hour.) (See Appendix F.) By close of business the next workday, the Center safety office will submit a followup electronic NF 1627A initial report using the IRIS.

2.2.3 The Center safety office (or program safety manager) should notify other Center offices that have a need to know about the NASA mishap, close call, or occurrence (e.g., Center Director, Center public affairs office, Center aviation safety officer, Center health office, Center security office) within 1 hour if possible. Public affairs procedures on additional notification and the further release of mishap information to the press and outside of NASA are in Appendix C and Appendix D of this NPG.

2.3 Other Immediate Reporting Requirements

2.3.1 Reporting of NASA Mishaps to the Office of Inspector General and the Office of the General Counsel.

The Office of Inspector General (OIG) and the Center's Office of the Chief Counsel or NASA Office of the General Counsel should be notified if it is suspected that a mishap resulted from criminal activity, so that the OIG and appropriate legal offices can coordinate their activities with the mishap review board official.

2.3.2 Immediate Reporting of NASA Mishaps and other Occurrences to OSHA.

2.3.2.1 If the occurrence involves the death of any employee from a work-related incident or the in-patient hospitalization of three or more employees as a result of a work-related incident, the safety office of the organization affected shall orally report the fatality/multiple hospitalization by telephone or in person to OSHA so that OSHA can determine their need for a separate investigation. The OSHA reporting requirement applies to any fatality or hospitalization of three or more employees which occurs within (30) days of a mishap. This oral report must be made within 8 hours of the death or hospitalization of three or more employees to the area office of OSHA, U.S. Department of Labor, that is nearest to the site of the mishap or to OSHA at their toll-free central telephone number (1-800-321-6742). Notification (confirmation) shall also be made to the NASA Safety and Risk Management Division that the oral report has been provided to OSHA.

2.3.2.2 The report to OSHA will include the following:

a. Establishment name.

b. Location of incident.

c. Time of incident.

d. Number of fatalities.

e. Number of hospitalized employees.

f. Contact person, phone number.

g. Brief description of the incident.

2.3.3 Immediate Reporting of NASA Aircraft Occurrences and Incidents to NTSB.

2.3.3.1 The NTSB has special mishap notification requirements. Therefore, mishaps, incidents, close calls, and occurrences (as listed below) involving NASA aircraft will be promptly reported to Center safety office/program manager, and the Safety and Risk Management Division by telephone, facsimile, or electronic mail during normal duty hours, or after duty hours call 1-866-230-NASA (1-866-230-6272). By close of business of the following day, a NF 1627A report will be submitted using the NASA IRIS for the following:

a. Flight control system malfunction or failure.

b. Inability of any required flight crew member to perform normal flight duties as a result of injury or illness.

c. Failure of structural components of a turbine engine excluding compressor and turbine blades and vanes.

d. In-flight fire.

e. Aircraft collision in flight.

f. Damage to property, other than the agency aircraft, estimated to exceed $25,000 for repair (including materials and labor) or fair market value in the event of total loss; whichever is less.

g. For large multiengine aircraft (more than 12,500 pounds maximum certificated takeoff weight), there shall be immediate notification for the following:

(1) In-flight failure of electrical systems which requires the sustained use of an emergency bus powered by a backup source such as a battery, auxiliary power unit, or air-driven generator to retain flight control or essential instruments.

(2) In-flight failure of hydraulic systems that results in sustained reliance on the sole remaining hydraulic or mechanical system for movement of flight control surfaces.

(3) Sustained loss of the power or thrust produced by two or more engines.

(4) An evacuation of an aircraft in which an emergency egress system is utilized.

h. An aircraft is overdue and is believed to have been involved in an accident or incident.

2.3.3.2 Notification shall contain the following information, if available.

a. Type, nationality, and registration marks of the aircraft.

b. Name of owner and operator of the aircraft.

c. Name of the pilot-in-command.

d. Date and time of the mishap, malfunction, or failure.

e. Last point of departure and point of intended landing of the aircraft.

f. Position of the aircraft with reference to some easily defined geographical point.

g. Number of persons aboard, and number killed, or seriously injured.

h. Nature of the mishap, accident, or occurrence, the weather, and the extent of damage to the aircraft, so far as is known.

i. A description of any explosives, radioactive materials, or other dangerous articles carried.

2.4 Other Recording Requirements

The Center safety office shall ensure all NASA mishaps and close calls (except as noted below) are recorded and submitted electronically to the IRIS on NF-1627, "NASA Full Safety Incident Report," in accordance with the IRIS system instructions (see Appendix K) and as augmented by the policies of the Director, Office of Health Affairs, at NASA Headquarters. Followup information or updated status reports will be submitted as information becomes available. As required by 29 CFR 1960.2 and the definitions therein, those mishaps involving injury/illness to NASA civil service employees are also recordable on the OSHA 200 Log. Additional personal injury or illness information may be recorded on NF 1627B, "NASA Injury/Illness Incident Report," by medical or supervisory personnel and submitted to IRIS in accordance with instructions in Appendix K.

2.5 Exemptions to Recording Requirements for Certain Occurrences

2.5.1 OSHA Recordable Accidents That Are Not Recorded as NASA Mishaps.

There are certain occurrences involving personnel injury (or death) that, due to their circumstances, must be recorded on the OSHA log and reported as OSHA lost-time cases, may be compensable under Office of Workers Compensation Program guidelines, but are not considered NASA mishaps and are not counted in internal NASA statistical reporting. Note that this does not rule out the need to conduct investigative activities and undertake corrective actions. These occurrences are excluded because their inclusion would make it more difficult to statistically analyze NASA mishap data to identify patterns and trends so that appropriate workplace policies and corrective actions can be established. The occurrences are listed below.

a. Cases where an employee does not lose any workdays but remains on the job in "light" duty are not considered as NASA lost-time cases, although they must be recorded as OSHA lost workday cases. Part of a workday lost for medical treatment or therapy also does not count as lost time.

b. Injuries associated with nonoccupational diseases where the disease itself, not the injury, is the proximate cause of the lost time. Example: A hemophiliac suffers a minor laceration that results in time away from work.

c. Injuries/illnesses sustained before entry into NASA service or employment unless specifically aggravated by current tenure of service, if found during a preemployment physical or declared by the employee as a disability.

d. Injuries resulting from nonwork related, preexisting musculoskeletal disorders or by minimum stress and strain (example: simple, natural, nonviolent body positions or actions). These injuries/illnesses are unrelated to mishap-producing agents or repetitive stress environments in daily work.

e. Injuries experienced during unsupervised or unsponsored recreational activities during nonduty hours (e.g., during volleyball game at lunch period, or while skiing or playing tennis after hours while on official travel).

f. Injuries or deaths occurring during official duty while using public transportation or a public conveyance (airplane, bus, train).

2.5.2 The following property damage is excluded from NASA mishap recording requirements for reasons similar to those stated in paragraph 2.5.1:

a. NASA property damage as a result of vandalism, riots, civil disorders, or felonious acts such as arson or sabotage is not a mishap. This will be reported and investigated in accordance with procedures under NPG 1620.1, "NASA Security Procedures and Guidelines."

b. Malfunction or failure of component parts that are normally subject to fair wear and tear and have a fixed useful life that is less than the complete system or unit of equipment is not recorded as a NASA mishap, provided that:

(1) The failure is not due to lack of scheduled preventative maintenance.

(2) The malfunction or failure is the only damage.

(3) The sole action is to replace or repair that component part. This exception does not apply to a malfunction or failure of a component part that results in damage to another component.

2.5.3 A test failure involving damage to equipment or property as a result of testing is not recorded as a NASA mishap provided that:

a. The testing is part of an authorized development/qualification/certification program that supports a larger objective.

b. Damage is limited to the test article and immediate facility support equipment and instrumentation.

c. Risk of damage cost from the test failure was accepted by program management in a formal, documented, risk analysis and acceptance process.
á

3.1 Safeguarding the Site and Collecting Initial Evidence

3.1.1 Preserving the mishap site and any evidence is the first and one of the important actions necessary for a successful mishap investigation. The responsible organization, along with local safety personnel, security personnel, or emergency response personnel, shall take immediate action to prevent further injury to personnel and/or damage to any property, and safeguard (or impound) appropriate records and equipment that may be involved in the mishap, using preestablished procedures and mishap contingency plans (premishap plans). These procedures will normally be available from or controlled by the safety organization. It is suggested that these procedures be posted on the local network. Guidelines for preservation of evidence are in Appendix B, and guidelines for mishap site safety are in Appendix G

3.1.2 The responsible official should appoint an interim investigator, site commander, or team to control the site and conduct initial activities if there will be a delay in the initiation of a formal investigation. Normally this is covered in mishap contingency plans (premishap plans) or procedures for mishap or emergency response. The site should not be released for post investigation cleanup or other activities until released by the investigation authority or the responsible safety organization. Each Center should document the policy and procedures for release of impounded property and records.

3.1.3 The interim investigator, site commander, security personnel, emergency response personnel, or safety personnel may either request initial written statements from all persons (who are able) who were involved in or witness to the mishap, or document verbal accounts from such persons, as soon as possible after the site is secured and emergency actions taken. When members of the public may have witnessed a NASA mishap, appropriate measures will be taken to publicize the investigation for purposes of maximizing the amount of reliable testimony.

3.1.4 In the event that the medical member determines autopsies are required, time is of the essence, and the medical member, human factors member, or flight surgeon should coordinate and consult with the coroner or medical examiner to determine jurisdiction and arrange for the autopsies.

3.1.4.1 For international mishaps occurring on international programs and involving program participants, autopsies will be conducted in accordance with the bilateral/multilateral agreements.

3.1.4.2 For cases that result in fatalities involving flight mishaps, consideration should be given to obtaining support from the Armed Forces Institute of Pathology.

3.2 Determining the Level of Investigation/Selecting the Appointing Official and Approving Official

3.2.1 The type of mishap or close call will determine the level of investigation.

3.2.2 For Type A mishaps or selected high-visibility mishaps or close calls having a Type A mishap potential, the responsible Enterprise Associate Administrator or, in the case of a Type A mishap occurring at NASA Headquarters, the Associate Administrator for Headquarters Operations, will be the Appointing Official, unless the Administrator or Associate Administrator for Safety and Mission Assurance elect to be the Appointing Official. The Associate Administrator for Safety and Mission Assurance will approve the investigation board membership and be the Approving Official.

3.2.3 For Type B mishaps, delegated high-visibility mishaps, close calls having a Type B mishap potential, or mishaps or close calls delegated from Type A mishaps (see paragraph 3.2.2), the Center Director will be the Appointing Official and Approving Official with the advice of the Center safety official and notification to the Safety and Risk Management Division. (See Appendix F.)

3.2.4 For Type C and lesser mishaps and close calls, the Appointing Officials will be Center Directors, local safety and health (medical) officials, or other management level officials as designated in Center policies and procedures. Each Center's policies and procedures should address management responsibilities for establishing mishap investigations and the Center process for investigation and report approval and closeout for Type C and lesser mishap investigations. NASA lesser mishap investigations will follow the processes outlined in this NPG.

3.2.5 The final determination of the Approving Official may also be dependent upon the visibility and nature of the mishap and the decision of the Administrator or the Associate Administrator for Safety and Mission Assurance. The Associate Administrator for Safety and Mission Assurance will be the Approving Official for all Enterprise, Associate Administrator for Headquarters Operations, and Administrator-level boards. Center-level boards can be appointed and approved by the Center Director. When authority for appointment is delegated, the delegation letter will also direct the approval authority.

3.2.6 Additional Guidelines for Determining Levels of Investigation.

3.2.6.1 The Appointing Official should consider the following additional guidelines in determining the level of investigation:

a. The cost of the property damaged and associated impacts. (See Appendix A.)

b. Schedule delay impacts.

c. Mission or test failures that significantly reduce the potential for successful achievement of mission and/or test objectives, or affect other government organizations or the general public.

3.2.6.2 The Associate Administrator for Safety and Mission Assurance must concur with the approach and level of assignment for investigation for a Type A mishap or high-visibility mishap or close call.

3.3 Appointing Official Procedures

3.3.1 For Type A mishaps, or selected high-visibility mission failures or close calls, the expected Appointing Official (Enterprise Associate Administrator, Associate Administrator for Headquarters Operations) will contact the Associate Administrator for Safety and Mission Assurance as soon as possible (generally within 1 hour of initial notification) to determine if either the Administrator or the Associate Administrator for Safety and Mission Assurance desires to be the Appointing Official. If both elect not, the Appointing Official will establish a "quick reaction teleconference" to plan and discuss the mishap investigation process and the initial actions to be taken. Because of the many and diverse situations that could constitute a mishap, preselection of personnel to constitute a mishap investigation board is normally not possible except by description or job title. For major mishaps, the appropriate Associate Administrator, the Associate Administrator for Safety and Mission Assurance, Center Director, program manager, and others as necessary will assemble the recommendations for board constituency. If the mishap occurs during nonduty hours, the teleconference will be conducted at a time selected by the Enterprise Associate Administrator.

3.3.2 For Type A mishap investigation boards (including high-visibility close calls), the Appointing Official must obtain the concurrence of the Associate Administrator for Safety and Mission Assurance for the level of the investigation and membership proposed for the investigation board.

3.3.3 The responsible Enterprise-level Appointing Official, with the concurrence of the Associate Administrator for Safety and Mission Assurance, may delegate appointing and approving authority to a Center Director or program/project manager, or elevate the level of investigation of a less serious mishap or close call if, in the judgment of the Enterprise-level Appointing Official, it is warranted due to the potential for a major mishap or its visibility. Procedures for the delegated level will apply.

3.3.4 If delegated the authority, program/project managers will appoint a chairperson and members of investigation for mishaps within their program/project. These boards are formed when only the functions, resources, and activities of particular programs are affected, or where there is a prearranged agreement with the appropriate Enterprise Associate Administrator and the Associate Administrator for Safety and Mission Assurance.

3.3.5 For Type B mishaps, other mission failures, and close calls not considered above, Center Directors, program managers, or the Associate Administrator for Headquarters Operations will serve as the Appointing Official and will appoint the chairperson and members of the investigation board. Advice of the responsible safety official and notification to the Safety and Risk Management Division are required. (See Appendix F.)

3.3.6 Type C and lesser mishaps and close calls that do not require a Type A or B mishap investigation board will be investigated in accordance with Center-level procedures which, as a minimum, will address management responsibilities for establishing mishap investigations, the investigation report approval and closeout process, the development and acceptance of corrective action plans, and development and approval of lessons learned.

3.3.7 Lesser mishaps can be delegated upward upon the request of either level of Appointing Official. The procedures applicable to the level to which the responsibility is delegated will be followed.

3.3.8 NASA Contractor Mishaps.

3.3.8.1 Contractors will establish mishap investigations and provide reports as specified in their contract and as specified in the NFS 1852.223-70. In those cases that are not NASA mishaps, i.e., solely involve a contractor accident or incident arising out of work performed under a NASA contract (which the contractor is required to investigate pursuant to NFS 1852.223-70), the NASA Appointing Official is not required to appoint a separate NASA mishap investigation board.

3.3.8.2 NASA mishaps arising out of contractor operations.

For those NASA mishaps resulting from NASA contractor operations or contractor personnel, the Appointing Official may delay the formation of a separate NASA mishap investigation board (or activity), pending the review of the contractor report required by NFS 1852.223-70, provided the deficiencies involved are confined to technical or operational matters and have no policy change implications. The contractor report in such a case will be subjected to a NASA review and approval process that conforms to this NPG. If the responsible NASA Appointing Official, as a result of the review and approval process, or otherwise, believes that the contractor report is not adequate for purposes of recurrence prevention or is not suitably independent, the Appointing Official shall appoint a NASA investigation pursuant to this NPG.

3.3.9 For all types of mishaps or close calls, after the level of investigation has been determined by the responsible group or official, the Appointing Official (if it is determined that an Appointing Official is needed) will prepare an "appointment letter." The appointment letter identifies the investigation's chairperson, membership (including ex officio), responsibilities, the desired course of action along with timelines, and the Approving Official. (See Appendix H.) The board membership is determined with the advice of the Office of the General Counsel or the Office of the Chief Counsel, as appropriate.

3.3.10 When serving as Appointing Official, the Associate Administrator for Safety and Mission Assurance must consult with the appropriate Enterprise Associate Administrator in the selection of personnel appointed to chair or serve as board members. The Associate Administrator for Safety and Mission Assurance or Enterprise Associate Administrator will also contact the NASA Administrator for a major mishap (generally within 1 hour of the initial notification of the mishap) to determine if the Administrator wishes to exercise appointment authority.

3.4 Exceptions to the Normal Appointment and Investigation Process

3.4.1 Flight anomalies, mishaps, and close calls occurring in the Space Shuttle and International Space Station programs may be investigated by technical level reviews instead of a mishap investigation board due to the existence of a formally documented and robust technical investigation and corrective action process in place and the fact that results are reviewed and approved through the program and flight readiness process, which includes Office of Safety and Mission Assurance participation. The Associate Administrator for Safety and Mission Assurance must be consulted before proceeding to appoint a technical level review in lieu of a Type A or B mishap board.

3.4.2 Mission failures occurring in the Balloon and Sounding Rocket programs managed by the Goddard Space Flight Center (GSFC)/Wallops Flight Facility (WFF) will be investigated by the normal project-level technical investigation process. However, if the mission failure results in death, injury/illness, or unanticipated damage to government or nongovernment property, reporting and investigating procedures detailed in this NPG will be followed. Program officials will prepare an annual fiscal year report and submit to program and SMA officials from GSFC and the NASA Safety and Risk Management Division for their review. These organizations will review the actions taken by the respective programs to assure that corrective actions and lessons learned are derived and used to preclude future mission failures. All mission failures and close calls will be reported by program officials to the appropriate safety officials at the GSFC/WFF. In addition, these occurrences will be recorded on NF-1627 and entered into the IRIS and LLIS.

3.4.3 Mission failures occurring in space or aeronautical programs without human crews, that use better, faster, cheaper techniques, which do not result in death, injury/illness, or unanticipated damage to nongovernment property, may be investigated by technical investigation teams upon the approval of the Associate Administrator for Safety and Mission Assurance. Technical investigation teams may consist of representation from contractors and foreign space organizations outside of NASA when a joint venture mission failure occurs. Complete investigation reports will be prepared and distributed to the program manager and the Center safety office. These reports will document root cause(s) of the mission failure, lessons learned, and recommended corrective actions. All mishaps and close calls will be reported by program officials to the appropriate safety officials, and will be recorded on NF-1627 and entered into the IRIS.

3.4.4 Mission failures or NASA mishaps for long-duration missions where the program/project structure has been disbanded will still be investigated per this NPG. If there is no recoverable physical evidence available, the investigation will use existing program/mission documentation and any collected mission data along with applicable analytical techniques to determine the probable root cause(s) of the mishap. A CAP will not be required of the project/program. The responsible organization must develop lessons learned for possible application to existing or future programs.

3.4.5 Mission failure of remotely piloted vehicles, where the risk of loss or damage has been formally accepted by the program, may be investigated by technical investigation teams upon the approval of the Associate Administrator for Safety and Mission Assurance. The program should investigate the loss as a technical failure to understand the root cause(s) and eliminate recurrence. If, however, the loss of the remotely piloted vehicle caused damage to, or loss of, personnel, property, or equipment in addition to the remotely piloted vehicle, it must be reported and investigated as a mishap.

3.4.6 The NASA Administrator may activate the "Office of Space Flight (OSF) Space Flight Operations (SFO) Contingency Action Plan," in the case of a high-visibility, mission-related Space Shuttle, International Space Station, or contingencies related to the processing and/or flight of payloads manifested on contract Expendable Launch Vehicles. This plan is established by the Office of Space Flight to assign immediate responsibilities and outline actions that must be taken in the event that a space flight contingency occurs. A standing mishap investigation board, consisting of seven members and supported by the Office of Space Flight at NASA Headquarters, is identified in the plan and activation is anticipated for events involving serious injury, loss of life, or significant political, media, or public interest.

3.4.7 Accepted investigations by other parties. NASA mishaps or close calls involving a NASA employee in the line of duty may not require a separate NASA investigation if the NASA Appointing Official accepts an investigation by other authorities if it appears to be independent and adequately address recurrence control. Examples include the following:

a. Traffic accidents involving NASA employees in the course of their duty when investigated by local authorities (sheriff, state police, coroners, etc.) having jurisdiction.

b. An injury or fatality when there is substantial reason to believe the incident is the result of criminal or terrorist acts to NASA employees and when investigated by local or Federal law enforcement authorities such as the Federal Bureau of Investigation, the Bureau of Alcohol, Tobacco, and Firearms, the Department of State, the Drug Enforcement Agency, or the Office of Inspector General.

c. Fatalities or injuries as a result of commercial transportation mishaps involving NASA personnel on official business and when investigated by authorities having jurisdiction such as the Federal Aviation Administration and the NTSB.

d. Injuries or fatalities investigated by OSHA. Note: A NASA investigation for the systemic root cause(s) of the mishap should be accomplished on a noninterference basis in parallel to any OSHA-led investigation of a NASA mishap.

3.5 Membership of an Investigation Board, Team, or Activity

3.5.1 An investigation board is composed of chairperson, executive secretary, board members, ex officio representative, consultants, observers, advisors, and support staff as determined by the Appointing Official. The chairperson, executive secretary, and board members must be Federal personnel. The severity and complexity of the mishap to be investigated will dictate the total number of members as well as the number of tasks assigned to a member.

3.5.2 The term "Chairperson" designates the individual in charge of any type mishap investigation from a full board to a two-person investigation team.

3.5.3 The Associate Administrator for Safety and Mission Assurance or his or her designee may participate as deemed necessary as an ex officio, nonvoting member, of all mishap investigation board activities. For lower level activities, the ex officio representative can be from the local SMA or safety organization. (See Chapter 1 for specific responsibilities.)

3.5.4 The chairperson, members, the ex officio representative, and support staff will be appointed by formal memorandum and will be relieved of other duties while they are engaged in board activities. (See Appendix H for a sample appointment letter for board investigations.)

3.5.5 The majority of board or team members should be from NASA Centers, organizations, or programs independent of the Center, operation, or the program in which the mishap occurred. In addition, members shall have no vested interest in the outcome of the investigation. When needed, other members can be appointed from Federal Agencies having technical expertise in the area of investigation for cases where the necessary expertise cannot be obtained within NASA. For international programs, members will be as provided in bilateral/multilateral or international agreements.

3.5.6 Boards or teams will consist of an odd number of voting members - at least five Federal employees for Type A boards and at least three Federal employees for Type B boards.

3.5.7 Non-Federal employees may serve as observers, advisors, or consultants and may be excluded from any deliberations at the discretion of the board chairperson and will not be allowed to read, or listen to, witness testimony.

3.5.8 When possible, members will be selected from personnel who have completed the NASA mishap investigation course (or equivalent) and have received refresher training every 3 years.

3.5.9 Members shall have sufficient experience and technical expertise to understand the technology and management interfaces related to the mishap.

3.5.10 Legal personnel will be appointed as advisors (nonvoting) to the board to provide legal and policy assistance and guidance to the investigative process.

3.5.11 A qualified public affairs officer will be designated as an advisor (nonvoting) to the board. This person will advise and assist the board in developing and coordinating information to be released to the public in accordance with NASA policies. (See Appendix C and Appendix D.)

3.5.12 For other specific board members and their investigative roles, see Appendix F.

3.5.13 Lower level teams or investigation activities can be composed of one or more NASA employees meeting criteria as above. For some lost time mishaps, incidents, or close calls, safety or health chartered investigations may be appropriate. Ex officio representatives are not required for investigation activities directed or conducted by the safety or health organization.

3.6 Support for the Investigation

The Enterprise or Center experiencing the mishap will provide support for mishap investigation board activities. The host Center is responsible for administrative and logistical support for the board. Responsibility for administrative and logistical support will be noted in the appointment letter.

3.7 Conducting the Investigation

3.7.1 Once the mishap investigation membership is selected, the first action taken is to quickly familiarize the investigator(s) with their roles and responsibilities and to provide them with the appropriate tools to conduct a proper investigation. The safety and mission assurance office associated with the responsible organization will provide the needed information to the investigator(s). Additionally, the local safety and mission assurance office may provide an ex officio representative, unless Headquarters is participating, to assess the progress of the investigation and assure the adequacy of the investigation process to the Center Director. Once appointed, the mishap investigation board, team, or mishap investigator is responsible for the mishap site and control of all evidence associated with the mishap. Only the board chairperson or mishap investigator may release the site or evidence for activities other than those supporting the investigation.

3.7.2 The mishap investigation board or investigator is responsible for investigation of the mishap. Safety personnel, emergency response personnel, security personnel, and other personnel will turn over all initial evidence gathered at the scene of the mishap. The responsible organization will support the mishap investigation board or mishap investigator with records, data, experts, etc., as requested. The Appointing Official will arrange for any necessary administrative support, including, but not limited to, meeting rooms, clerical help, photographic support, and laboratory analysis, as requested. Also, the Appointing Official will monitor the progress of the mishap investigation board or mishap investigator and provide any management concerns to the mishap investigation board or mishap investigator. The SMA office associated with the responsible organization will support the mishap investigation board or mishap investigator and the Appointing Official by providing a facilitator, experts, etc., as requested.

3.7.3 The mishap investigation board or mishap investigator will use a structured technique to collect all available data, construct a timeline of events, conduct witness interviews, and to analyze the mishap occurrence to determine what happened, when it happened, and why it happened. Typical steps in a mishap investigation are found in Figure 3-1. Appendix E-1 provides a suggested witness clause that should be read and explained to all witnesses at the start of their formal interview. Appendix E-2 provides guidelines for obtaining eyewitness accounts and witness testimony. Guidelines for evidence and data analysis can be found in Appendix I. The mishap investigation board or mishap investigator should strive to find both the technical cause(s) of the mishap and the human cause(s) of the mishap. The Management Oversight and Risk Tree (MORT) investigation tool provides a structured method of analyzing mishap data. This tool can be very helpful in identifying technical and management root cause(s) of the mishap, and it is highly recommended that at least one board member be familiar with this technique (see Appendix I). Mishap investigation checklists are provided in Appendix J.

3.7.4 Typical Steps in a Mishap Investigation.

Figure 3-1 shows the typical steps involved in a mishap investigation. Appendix F provides specific details for reporting requirements, organizational responsibilities, and Appointing/Approving Officials.

ááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááá Figure 3-1 - Typical Steps in a Mishap Investigation

3.7.5 The mishap investigation report will contain a description of the structured analysis technique used by the mishap investigation board or investigator for assuring all causative possibilities are explored. The mishap investigation board or investigator will document the what, when, where, and why of the mishap in the mishap investigation report. The focus and priority of the investigation report is the determination and discussion of the root cause(s) of the mishap. The report will also include significant observations, findings, and recommendations. The report will include proposed corrective actions if requested in the appointment letter, and proposed lessons learned topics for future development. The report should be technically accurate, properly documented, well defined, easily understood, and consistent with the format in Appendix H or as specified by the Appointing Official. Witness statements will be kept separate from the main portion of the report so that they can be easily separated and withheld from release with the main report.

3.7.6 The final report will be signed by all board members. Minority reports can be provided if needed in the event that agreement is not reached among board members. Observers, advisors, and consultants may sign the report at the discretion of the chairperson. The ex officio representative will also sign the report attesting to their belief to the following:

a. The investigation was conducted in conformance with NASA policy and this NPG.

b. The investigation process was fair, independent, and nonpunitive.

c. Adequate advice was provided to the chairperson so that the root cause(s) of the mishap could be determined and documented.

3.7.7 The mishap investigation board or mishap investigator will provide the mishap investigation report to the Appointing Official in accordance with Chapter 4.
á

4.1 General

The mishap investigation report will focus on the root cause(s) of the mishap, contributing root cause(s), and significant observations. The mishap investigation report will contain findings and recommendations, will describe the structured analysis technique used, and will document the what, when, where, and why of the mishap.

4.2 Mishap Report Acceptance and Approval

The mishap investigation report shall be submitted to the Appointing Official within 60 calendar days unless the Appointing Official has established another deadline. Any requests for extensions should be submitted in writing to the Appointing Official. The Appointing Official will determine the appropriate review process for the report. The review process could involve other federal agencies or international parties. The report will include Volumes I, II, and V, and draft Volumes III (Corrective Action Plan) and Volume IV (Lessons Learned topics). See Appendix H.)

4.2.1 The Appointing Official will review the report against the instructions of the appointment letter. The Appointing Official may not change or influence the mishap investigation report but may ask for clarification. The board chairperson or investigator is not required to make any changes to the report with which he or she does not agree. The Appointing Official, with the concurrence of the responsible local safety official (Associate Administrator for Safety and Mission Assurance for Type A board reports), may reject the report and then charter a new investigation. If the Appointing Official accepts the report as meeting the intent of the appointment letter, it is sent to the Approving Official (if a different individual) who coordinates the report with the appropriate level NASA legal official, NASA import/export control official, NASA public affairs official, and any other NASA program or policy official(s) as appropriate for compliance with NASA policies. After successful coordination and resolution of any policy concerns, the Approving Official approves the report as being consistent with NASA policy. After approval, the report is returned to the Appointing Official who tasks the responsible organization to develop a CAP, and finalize and submit it, and the lessons learned, in accordance with Chapters 5 and 6. If a draft CAP is included with the report, it may be used as a starting point or as guidelines for forming a CAP. The final CAP (Volume IV) and approved lessons learned (Volume V) will be completed and filed with the official approved report. NASA medical reports and witness statements are excluded from a mishap report, but should be retained in a confidential/privileged file.

4.2.2 Contractor investigation reports of NASA mishaps arising out of contractor operations as per paragraph 3.3.8.2 will be subject to a NASA review and approval process in accordance with this NPG.

4.3 Release of Information Concerning Mishaps, Casualties, Mishap Reports, and other Information

4.3.1 Appendix C details the procedures and guidelines for prompt release to the news media and the public of factual information concerning NASA mishaps resulting in serious injury to, or death of, person(s), or extensive damage to, or destruction of, property. In all cases, release of information must be coordinated and approved by the appropriate NASA Headquarters or NASA Center public affairs offices.

4.3.2 Appendix D details the procedures and guidelines for making timely release of information from NASA mishap investigation reports, as appropriate, consistent with the provisions of the Freedom of Information Act (5 U.S.C. 552) and the Privacy Act (5 U.S.C. 552a). In all cases, release of information must be coordinated and approved by the appropriate NASA Headquarters or NASA Center public affairs offices.

4.3.3 All witness statements, eye witness accounts, or documented verbal accounts, given in the course of a NASA mishap investigation are considered as privileged and protected and therefore cannot be released to the public or news media. NASA will make every effort to keep testimony confidential and privileged to the greatest extent permitted by law. However, the ultimate decision as to whether testimony may be released may reside with a court or administrative body outside NASA.

4.3.4 NASA may also refuse to release other information in an investigation report depending on additional factors such as whether the information is classified or involves proprietary considerations.

4.4 Retention of Mishap Reports and Records

Mishap reports and associated records will be retained in the office of primary record until no longer needed, at which time they will be retired in accordance with NPG 1441.1, "NASA Records Retention Schedules." Testimony data will be retained in a confidential/privileged file in the office of primary record until no longer needed, and then retired in a similar manner.
á

5.1 CAP Development

5.1.1 The responsible organizations shall create and submit a mishap CAP to the Appointing Official. The CAP must address all of the findings of the mishap. (See Appendix H for CAP format.) The CAP will include the following:

a. A description of the corrective actions along with a designation of the organization(s) responsible for implementing the corrective actions and a completion date for each corrective action.

b. Which NASA or contractor organization (to the lowest level) is responsible for ensuring the corrective action is completed.

c. A matrix or other means of matching corrective actions to mishap root cause(s) or other findings.

d. A review of any process changes required based on corrective actions.

e. The method to be used to track, provide interim status, and document completion of the corrective actions.

5.1.2 The CAP should be developed and submitted to the Appointing Official within 30 working days from when tasked. The Appointing Official may extend this deadline upon written request from the responsible organization. The mishap investigation board or mishap investigator may be provided a copy of the CAP for review and comment.

5.1.3 Upon receipt of the CAP, the Appointing Official will provide a copy to the Approving official, the applicable safety organization, and other selected offices as is deemed appropriate for review. Based on the results of that review, the Appointing Official will either accept or reject the plan. If requested, the mishap investigation board or mishap investigator will support the Appointing Official in assessing the adequacy of the CAP and provide comments. If the plan is rejected, it is returned, with comments, to the responsible organization for revision and resubmission. The Appointing Official can ask for additional CAP in areas not explicitly covered by the investigation report as appropriate. The Appointing Official will determine the timeframe for resubmission of the CAP. If the plan is accepted, the Appointing Official will do the following:

a. Direct the responsible organization to implement the plan.

b. Provide the plan to the responsible SMA organization or safety office for distribution to interested parties and to formulate the corrective action assurance (audit) plan.

5.2 Corrective Action Implementation

5.2.1 The responsible organization will implement the approved CAP as directed by the Appointing Official. The responsible organization will track the corrective action performance and completion and inform the Appointing Official of the status of the actions at intervals determined by the Appointing Official.

5.2.2 It is possible that the original CAP will contain actions that are deemed later to be unnecessary or unwise. Should a need arise to change the CAP, the responsible organization shall submit the change to the Appointing Official for approval, similar to the process used for the original plan approval. The Appointing Official is responsible for assessing and approving any changes to the CAP. Approved changes should be sent to the responsible organization and the safety office.

5.3 Corrective Action Independent Assurance and Closeout

5.3.1 The applicable safety office is responsible for independently monitoring corrective action activities to determine if they were carried out according to the plan. The safety office will report compliance and noncompliance concerns to the Appointing Official at intervals designated by the Appointing Official.

5.3.2 The Appointing Official, based on evaluation of the responses from the responsible organization, and the assessment from the safety office, will close all corrective actions and assemble a final mishap summary report. (See Appendix H for format.) This report includes the mishap investigation report, the CAP, any changes to the plan, final status of corrective actions, and lessons learned. The final status of the corrective actions shall provide the Appointing Official's statement that all corrective actions are completed including any final deviations from the plan, e.g., completion date changes, performing organization changes, etc. It is not necessary to create a new report to fulfill this requirement. It is anticipated that only the final status will need to be developed for this deliverable. The mishap summary report is delivered to the responsible organization and the safety office. The responsible organization will distribute the report to other appropriate local organizations, the office of record, NASA Headquarters, other NASA Centers, and other Federal agencies. Once this occurs, the duties of the Appointing Official are concluded.
á

6.1 Lessons Learned Development

6.1.1 In those instances where an appointment letter has been issued as a result of a mishap or close call, the Appointing Official is responsible for ensuring that the investigation team identify potential lessons learned topics for further exploration following the completion of the mishap investigation. These topics should be clearly delineated in the final investigation report.

6.1.2 Following the approval of the final investigation report by the Approving Official, the Appointing Official shall designate a person or team of persons to further investigate, develop, or expand the lessons learned topics identified in the report.

6.2 Lessons Learned Disposition, Submission, and Approval

6.2.1 The person or team of persons appointed by the Appointing Official to further investigate lessons learned topics from the final investigation report will have 6 weeks from their appointment date to disposition and prepare any lessons learned for submission to the NASA LLIS.

6.2.2 This person or team of persons will review each lessons learned topic and determine which have potential applicability to other existing or future NASA programs, projects, and operations. Those that do will be explored in greater detail and be prepared for submission to the NASA LLIS database in accordance with NASA LLIS database submission policies and requirements.

6.2.3 The prepared lessons learned will be provided to the Appointing Official. Upon receipt of the proposed lessons learned, the Appointing Official will provide a copy to the Approving official, the applicable safety organization, and other selected offices as is deemed appropriate for review (see paragraph 6.2.4 below). Based on the results of that review, the Appointing Official will either accept or reject the lessons learned and direct their submission to the NASA LLIS.

6.2.4 The prepared submission must be cleared before submission to the NASA LLIS by an appropriate-level NASA legal official, NASA import/export control official, and any other NASA program or policy official as appropriate. This will ensure that the lessons learned submission to the NASA LLIS is consistent with NASA policy and does not contain any restricted, privileged, or private information, classified information, or information that is subject to import/export control regulations.

6.2.5 The approved, prepared submission should be submitted electronically to the NASA LLIS database. Questions about how to electronically submit the data should be directed to the LLIS representative in the SMA office at the NASA Center which is the responsible organization for the hardware and/or persons involved in the close call or mishap.
á

B.Guidelines for the Preservation of Evidence
B-1. Locating and Preserving Physical Evidence
B-2. Mapping the Mishap Scene
B-3. Photography
B-4. Documentary Evidence

C.Release of Information Concerning Mishaps and Casualties

D.Release of Mishap Investigation Reports

E.Guidelines for Witness Interviewing
E-1. Statement to Witnesses
E-2. Locating and Interviewing Witnesses

F.Mishap Organizational Responsibilities Matrices
F-1. NASA Mishap Reporting Requirements Matrix
F-2. Mishap Organizational Responsibilities Matrix
F-3. Mishap Appointing/Approving Official Matrix

G.Mishap Site Safety

H.Sample Documentation
H-1. Sample Appointing Official Appointment Letter
H-2. Mishap Investigation Board Appointment Letter
H-2.1. Attachment A to Appointment Letter
H-3. Mishap Investigation Report Format
H-4. Causal Factors and Recommendations
H-5. Finding, Cause, Observation, and Recommendation Format
H-6. Corrective Action Plan Format
H-7. Mishap Summary Report Format

I.Mishap Investigation Techniques
I-1. Root Cause Analysis Methodology
I-2. Evidence and Data Analysis
I-3. Advanced Analytical Techniques
I-3.1. Events and Causal Factors Diagramming
I-3.2. Management Oversight and Risk Tree (MORT)
I-3.3. Sequentially Timed Events Plotting (STEP)
I-3.4. Change Analysis
I-3.5. Fault Tree Analysis

J.Mishap Investigation Checklists
J-1. Mishap Investigation and Followup Process Checklist
J-2. Immediate Action Checklist
J-3. Mishap Board Checklist
J-4. Witness Interview Checklist
J-5. Human Factors Checklist
J-6. Training and Certification Checklist
J-7. Systems Investigator Checklist
J-8. Operations Checklist
J-9. Maintenance and Inspection Checklist
J-10. Investigation Kit
J-11 Aircraft Flight Mishap Checklist

K.Incident Reporting Information System (IRIS)

L.Acronyms

M.Typical Sequence of Events for the Mishap Investigation Process
Appendix A. Terms and Definitions

Accepted Investigation. Accepted results of an investigation conducted by another authority that may be more appropriate than a NASA investigation, such as the NTSB, the police, or other appropriate authorities.

Appointing Official. The official authorized to appoint the mishap investigation board, mishap investigator, medical board, Center-level investigation, or technical investigation team to investigate a mishap or close call, or to accept the investigation of another authority. This official is also authorized to accept the final mishap investigation report, direct the responsible organization to develop a CAP, accept the CAP, track and close corrective actions, and produce a summary report of mishap-related activities upon completion.

Approving Official. The official with the final responsibility to review and accept the NASA mishap investigation report as complete and in conformance with NASA policy.

Board Safety Advisor. An advisor or ex officio representative of the board or investigation, generally from the SMA organization, who is familiar with the investigation process and provides assistance to the Chairperson and the Appointing Official to keep the investigation process on track.

Chairperson. The NASA use of the term "Chairperson" is used to designate the individual in charge of a mishap investigation by either a mishap board or other level of investigation.

Close Call. A situation or occurrence with no injury, no damage or only minor damage (less than $1,000), but possesses the potential to cause any type mishap, or any injury, damage, or negative mission impact. (A close call is not considered a mishap, but the mishap reporting, investigation, and recordkeeping and recurrence control guidelines will be followed.)

Contributing Root Cause. A factor, event, or circumstance which led, directly or indirectly, to the dominant root cause, or which contributed to the severity of the mishap or close call. (See also Dominant Root Cause, Root Cause Analysis, and Significant Observation.)

Corrective Actions. Changes to design processes, work instructions, workmanship practices, training, inspections, tests, procedures, specifications, drawings, tools, equipment, facilities, resources, or material that result in preventing, minimizing, or limiting the potential for recurrence of a mishap.

Cost of Mishap. The direct cost of replacement of damaged equipment and parts, plus labor, as well as cost of cleanup and any environmental investigation activity and restoration of property as required by Environmental regulations. In cases where replacement parts are available from salvaged or excess equipment at little or no cost to NASA, the actual cost of replacement parts may be used plus labor. The cost of the safety mishap investigation is not included.

Dominant Root Cause. Along a chain of events leading to a mishap or close call, the first causal action or failure to act that could have been controlled systemically either by policy/practice/procedure or individual adherence to policy/practice/procedure. (See also Contributing Root Cause, Root Cause Analysis, and Significant Observation.)

Ex Officio Representative. An individual authorized, due to position, to participate in all board and investigation proceedings that they deem appropriate. In NASA investigation activities, the Associate Administrator for Safety and Mission Assurance, or his/her authorized representative fulfills this role. This individual is nonvoting.

Finding. A conclusion based on facts established during the investigation by the investigating authority.

First Aid. First aid involves initial treatment and subsequent observation of work-related minor scratches, cuts, burns, splinters, etc., which (1) do not ordinarily require professional medical care even though the treatment may be provided by a physician or registered professional personnel and (2) do not involve loss of consciousness, a lost workday, restriction of work or motion, transfer to another job, or (3) do not result in payments by the Office of Workers Compensation Program. The following procedures are considered first-aid treatment.

a. Application of antiseptics during first visit to medical personnel.

b. Treatment of first degree burn(s).

c. Application of bandage(s) during any visit to medical personnel.

d. Use of elastic bandage(s) during first visit to medical personnel.

e. Removal of foreign bodies not embedded in eye if only irrigation is required.

f. Removal of foreign bodies from wound if procedure is not complicated and is, for example, by tweezers or other simple technique.

g. Use of nonprescription medications and administration of single dose of prescription medication on first visit for minor injury or discomfort.

h. Soaking therapy on initial visit to medical personnel or removal of bandages by soaking.

i. Application of hot or cold compress(es) during first visit to medical personnel.

j. Application of ointments to abrasions to prevent drying or cracking.

k. Use of whirlpool bath therapy during first visit to medical personnel.

l. Negative X-ray diagnosis.

m. Observation of injury/illness during visit to medical personnel.

High-Visibility (Mishaps or Close Calls). Those particular mishaps or close calls that possess a high degree of programmatic impact or public, media, or political interest at the judgement of the safety director.

Incident. A mishap consisting of personal injury of less than Type C mishap severity but more than first-aid severity, and/or property damage equal to or greater than $1,000, but less than $25,000.

Lessons Learned. Knowledge or understanding gained by experience. The experience may be positive, as in a successful test or mission, or negative, as in a mishap or failure. A lesson must be significant in that it has real or assumed impact on operations; valid in that it is factually and technically correct; and applicable in that it identifies a specific design, process, or decision that reduces or limits the potential for failures and mishaps, or reinforces a positive result.

Lost-time Injury/Illness. A nonfatal traumatic injury that causes any loss of time from work beyond the day or shift on which it occurred; or a nonfatal nontraumatic illness that causes loss of time from work or disability at any time. (See Recordkeeping and Reporting Guidelines for Federal Agencies, OSHA 201.4.)

Medical Treatment. The following procedures are considered medical treatment. Any NASA work-related injury/illness for which the following type of treatment was provided or should have been provided is considered to be a NASA mishap:

a. Treatment of infection.

b. Application of antiseptics during second or subsequent visits to medical personnel.

c. Treatment of second or third degree burn(s).

d. Application of sutures (stitches).

e. Application of butterfly adhesive dressing(s) or sterile strip(s) in lieu of sutures.

f. Removal of foreign bodies embedded in the eye.

g. Removal of foreign bodies from wound if procedure is complicated because of depth of impediment, size, or location.

h. Use of prescription medications (except a single dose administered on first visit for minor injury or discomfort).

i. Use of hot or cold soaking therapy during second or subsequent visit to medical personnel.

j. Application of hot or cold compress(es) during second or subsequent visit to medical personnel.

k. Cutting away dead skin (surgical debridement).

l. Application of heat therapy during second or subsequent visits to medical personnel.

m. Use of whirlpool bath therapy during second or subsequent visit to medical personnel.

n. Positive X-ray diagnosis (fractures, broken bones, etc.).

o. Admission to a hospital or equivalent medical facility for treatment (not merely observation).

Mishap Contingency Plans (Premishap Plans). Preapproved documents outlining timely organizational activities and responsibilities that must be accomplished in response to emergency, catastrophic, or potential (but not likely) events encompassing injuries, loss of life, property damage or mission failure.

Mishap Investigator. If the Appointing Official decides that an investigation is required and it may be done by a single investigator (this could be a mishap investigation board as listed above), the Appointing Official will select a single mishap investigator. The mishap investigator will investigate the mishap using the procedures and techniques in this NPG.

Mission Failure. A mishap of whatever intrinsic severity that, in the judgment of the Enterprise Associate Administrator and the Associate Administrator for Safety and Mission Assurance, prevents the achievement of primary NASA mission objectives as described in the mission operations report or equivalent document.

NASA Contractor Mishap or Close Call. A NASA contractor mishap or close call is any accident, incident, exposure, or close call, whether or not constituting a NASA mishap or close call, which a NASA contractor is required to report or investigate due to the provisions of its contract. Contractor mishaps are categorized similarly to NASA mishaps.

NASA Mishap. An unplanned event that results in injury to non-NASA personnel caused by NASA operations; damage to public or private property (including foreign property) caused by NASA operations; occupational injury or occupational illness to NASA personnel; damage to NASA property caused by NASA operations; or mission failure. (NASA mishaps are categorized as Type A Mishaps, Type B Mishaps, Type C Mishaps, Mission Failures, or Incidents.)

NASA Mishap Investigation Board. A NASA-sponsored board, selected by the Appointing Official and consisting a group of individuals or of a single individual with expertise in the area under investigation, is appointed to investigate a NASA mishap. Board members must not have any vested interest in the outcome of the investigation. Board members may be selected from NASA or other Government agencies. Observers may be obtained from these same sources or from non-Government sources, such as consultants. For international programs, board members will be appointed as provided in negotiated agreements. The responsibilities of the mishap investigation board are to determine what happened, the root cause(s) of why it happened, and develop recommendations to prevent a reoccurrence. The board will provide this information to the Appointing Official in the form of a report. The mishap investigation board should also support the Appointing Official in assessment of the CAP by providing comments and/or recommendations on the proposed plan.

NASA Operation. Any activity or process that is under NASA direct control or includes major NASA involvement.

NTSB Aircraft Mishap Definition. An NTSB aircraft mishap means an occurrence associated with the operation of an aircraft which takes place between the time any person boards the aircraft with the intention of flight and all such persons have disembarked, and in which any person suffers death or serious injury, or in which the aircraft receives substantial damage.

Recommendation. An action developed by the investigation board to correct the cause or a deficiency identified during the investigation. The recommendations may be used in the preparation of the corrective action plan.

Responsible Organization. The organization responsible for the activity, people, or operation/program where a mishap occurs or the lowest level of organization where corrective action will be implemented.

Root Cause Analysis. The root cause analysis is a structured process for identifying the basic factors, reasons, and causes for conditions that result in mishaps or close calls. Once identified, the conditions can be corrected and future mishaps or close calls prevented. (See also Contributing Root Cause, Dominant Root Cause, and Significant Observation.)

Safety and Mission Assurance (SMA) Office of the Responsible Organization. The organization responsible for developing the record impoundment plans, familiarizing the mishap investigation board or a mishap investigator with the mishap investigation process, distributing findings and CAP's to other interested organizations, supporting the Appointing Official in his/her assessment of proposed CAP, sampling corrective action completion, and assessing effectiveness of completed corrective actions.

Significant Observation. A factor, event, or circumstance identified during the investigation that did not contribute to the mishap or close call, but if left uncorrected has the potential to cause a mishap, injury, or increase the severity should a mishap occur. (See also Contributing Root Cause, Dominant Root Cause, and Root Cause Analysis.)

Technical Investigation Team. When an investigation board is not required and it is determined appropriate by the Appointing Official, a technical investigation team may utilize technically knowledgeable NASA, contractor, and foreign party members outside of NASA when a joint venture mission failure or anomaly has occurred and the mishap did not result in death, injury/illness, or unanticipated damage to nongovernment property.

Type A Mishap. A mishap causing death and/or damage to equipment or property equal to or greater than $1 million. Mishaps resulting in damage to aircraft, space hardware, or ground support equipment that meet these criteria are included, as are test failures in which the damage was unexpected or unanticipated.

Type B Mishap. A mishap resulting in permanent disability to one or more persons, hospitalization (within a 30-day period from the same mishap) of three or more persons, and/or damage to equipment or property equal to or greater than $250,000, but less than $1 million. Mishaps resulting in damage to aircraft, space hardware, or ground support equipment that meet these criteria are included, as are test failures in which the damage was unexpected or unanticipated.

Type C Mishap. A mishap resulting in damage to equipment or property equal to or greater than $25,000, but less than $250,000, and/or causing occupational injury or illness that results in a lost workday case. Mishaps resulting in damage to aircraft, space hardware, or ground support equipment that meet these criteria are included, as are test failures in which the damage was unexpected or unanticipated.

Witness Statements. Witness statements include all factual statements obtained during the course of the investigation from any party providing evidence or testimony. Witness statements are considered privileged information.

Appendix B. Guidelines for the Preservation of Evidence

B-1. Locating and Preserving Physical Evidences

B-2. Mapping the Mishap Scene

B-3. Photography

B-4. Locating and Preserving Physical Evidences

1.1 Preserving Evidence and Controlling the Investigation Area

1.1.1 The primary concern of the investigator, upon arrival at the point of investigation, should be to assure that appropriate actions have been taken to preserve evidence, to limit access to the investigation areas, and to control the flow of technical data to the investigation board. The cognizant safety official will normally be the first representative in the investigation area and, in most cases, will have already initiated evidence preservation actions. If wreckage (used throughout as a generic term) is accessible and is to be used in the investigation, such actions should emphasize minimal physical changes to the scene due to movement and/or deterioration of wreckage until the investigators have completed their on-the-site examination. Evidence preservation actions shall not hamper essential rescue operations or the resumption of vital civil/military functions. Some specific actions that should be taken include:

1.1.1.1 Establish Liaison. Establish liaison with cognizant safety officials and security guards immediately upon arrival at the point of investigation.

1.1.1.2 Coordinate with Security. Coordinate with the Center security office or local law enforcement officials for the preparation of special orders to the guard force concerning responsibilities in the investigation area. Special orders should include instructions for entrance to areas.

1.1.1.3 Designated Classified Areas. Designate, in conjunction with Center security and Center public affairs official, areas containing classified material and/or material and subjects unsuitable for publication.

1.1.1.4 Control Access. Designate specific individuals to control access to the area (a list of personnel authorized access should be provided by the coordinating group leader or team leader).

1.1.1.5 Protect From Residual Hazardous Material. Assure protection of, or from, residual hazardous material prior to entry to the scene (specialized technical assistance may be required).

1.1.1.6 Protect Recorded Evidence. Protect recorded evidence subject to alteration. Telemetry, voice recording tapes, videotapes, and nonvolatile memory should be protected from inadvertent or intentional erasing of stored data. Checklists, logs, and other handwritten records should be impounded and/or reproduced to prevent modification.

1.1.1.7 Protect Evidence from Deterioration. Protect evidence subject to deterioration. Breaks and scratches in any metal subject to corrosion should be covered with canvas or other water-repellent material until removed to a low humidity area. Systems employing corrosive agents should be checked for leakage and possible contact with metallic objects containing evidence. Samples of materials or biological specimens should be secured for laboratory analysis.

1.1.1.8 Document Locations and Orientations. Monitor emergency groups to assure that, if possible, all items requiring removal are documented as to original location and their orientation plotted and photographed prior to removal.

1.1.1.9 Return Authority for Control. Return authority for control of the mishap scene to the program or Center officials after the requirements for investigation are met, so wreckage can be removed. The investigation Chairperson should personally approve this action.

1.2 Preservation of Physical Evidence

1.2.1 When handled in an uncontrolled manner, physical evidence may be invalidated, making it difficult to find cause. If the evidence were needed in a legal case; e.g., an employee's suit against a machine manufacturer, lost or impaired evidence would weaken the case (plaintiff or defense) and possibly embarrass the investigating organization. Therefore, it is vital that physical evidence be handled appropriately.

1.2.1.1 Identification of Evidence.

a. Tags and receipts for evidence and samples are critical and should always be used. The following is an excerpt from "Aircraft Fire Investigator's Manual," NFPA No. 422M-1972. The use of the term wreckage is meant to be generic to any mishap debris.

b. Recommended Procedures for Controlling Aircraft Parts or Chemicals Sent to Laboratories for Analysis.

c. During the course of a mishap, it may be necessary to have an analysis of a particular aircraft component, hydraulic oil, lubricating oil, or other chemicals. Specific information must accompany the sample for identification purposes, along with specific instructions to the laboratory for the type of analysis required. The following procedures must be completed before sending the sample to the laboratory.

(1) Identify each sample immediately by securely attaching a sample tag to the container.

(2) Identify the contents and, if possible, lot or batch number, when or if appropriate, and manufacturer.

(3) Identify the aircraft type, aircraft serial number, and the manufacturer.

(4) Include serial number for the sample itself. The serial number can be determined by taking the calendar year as the prefix number and assigning consecutive numbers as the samples are submitted. For example, in 1972, the first sample submitted should be 72-1 and the second 72-2 (followed by aircraft SN).

(5) Record the date the sample was taken.

(6) Note the individual who took the sample.

(7) Explain tests required in detail; i.e.,

(a) Water, sediment, etc.;

(b) Metallurgical type failure (shear, tension, heat distortion, etc.); and/or

(c) Electrical test.

d. The investigation Chairperson may designate a member of the investigation to have control of all samples that are shipped out to laboratories. Also, all analytical reports will be forwarded back through the same individual. This type of control is particularly beneficial when many samples and analyses are needed to support a mishap investigation.

1.2.1.2 Examples of Proper and Improper Evidence Collection.

a. The gathering and packaging of evidence is important to the process and should be given as much care as witness interviewing and data analysis. Following are examples of situations that helped or hindered investigations.

b. Maintenance personnel, not under the supervision of a board member or other competent professional, disassembled a failed valve. Evidence of great potential value was destroyed.

c. A semiscale heater was disassembled under the guidance of a board member using a fault tree to guide the work and avoid overlooking or destroying failure evidence. The evidence was thoroughly analyzed with no loss of information.

d. Excellent laboratory test work enabled a committee to determine the cause of an explosion, through thermal gravimetric analysis, differential thermal analysis, pyrolysis, infrared absorption spectroscopy, and gas chromatography.

e. A representative of the organization designated to receive residue for testing participated in packaging it for shipment. The sample was properly packaged and received. It yielded information valuable to the investigation.

f. Evidence was packaged improperly by an individual who was not familiar with evidence handling. The sample was contaminated and laboratory personnel were not able to discern mishap damage from packaging damage. The evidence was useless.

NOTE: The cost of analysis of physical evidence is normally born by the organization responsible for the mishap area. There may, at times, be disputes over responsibility for expenses connected with an investigation. If it is a policy that line management pays the costs of special tests and studies, the solution to this problem may be quite simple, consult the appointing authority.

g. Ways to assure field data related to physical evidence is valid:

(1) Bioassay data should be obtained by use of standard approved techniques and calibrated standards should be used for reference.

(2) Portable/stationary monitoring instrumentation readings should be validated, instruments properly calibrated and responses appropriate.

(3) Parts should be handled as little as possible if they are to be analyzed in a laboratory.

(4) Parts should be photographed before they are moved.

1.3 Failure Recognition

1.3.1 Failure analysis requires engineers/scientists who are expert in the materials involved and knowledgeable of stresses and failure modes in the specific equipment involved. Because of the great diversity of equipment used in most technical work, and because experimental equipment often approaches technological boundaries, it is not feasible to train investigators in all relevant fields. An investigator may be qualified to carry out failure analysis in a specific mishap, but in general the investigation board will rely on reliability and other engineering specialists. The objectives are as follows:

a. To define a field protocol to gather and preserve evidence of failures.

b. To increase ability to detect typical failure signs.

c. To outline some key aspects and problems in failure analysis.

1.3.2 It is essential that the investigator carefully follow a field protocol whenever failure can possibly be suspected as a causal factor. The investigator should perform the following:

a. Familiarize himself/herself with the scene of the event.

b. Begin field notes, if not started earlier. Record all possible observations (relative positions of debris, marks, fluids, and especially any anomalies).

c. Request expert assistance at the first sign of need.

d. Begin photography.

e. Begin master sketch.

f. Initiate the process of creating hypotheses and looking for positive and negative evidence.

g. Collect samples of smeared material, ash, paint, fluids, etc., as needed.

h. Initiate close-up photography of details (scratches, gouges, smears, fractures, and relative positions).

i. Tag key parts.

j. Obtain a grid map as needed.

k. Ensure evidence is thoroughly recorded before moving anything except if required for rescue operations.

l. Give responsibility of preparing evidence for transport to laboratory personnel who will do the analysis, but be sure they understand the critical nature of the material being prepared.

1.4 Identifying and Consolidating the Evidence

1.4.1 The initial efforts of the investigation board should be directed toward identifying and consolidating evidence. The investigator should refrain from drawing any conclusions until all evidence is collected and analyzed. Investigation should not be limited to data generated concurrently with, or as a result of, the mishap. It should include historical, environmental, operational, psychological, and other factors bearing on the situation. There are three general areas of investigation which should be examined. These areas are categorized as material, personnel, and records. The material area includes all parts, components, and support facilities directly or indirectly involved. The personnel area includes all persons associated with the activities immediately surrounding the mishap such as the flight crew, launch complex personnel, maintenance personnel, test personnel, operations personnel, range safety personnel, management and supervisory personnel, and witnesses. The records area includes all records and historical data associated with the specific equipment, operations, and operating personnel. As the investigation progresses, evidence should be consolidated into a form suitable for analysis. Consolidation of data provides an indication of errors, omissions, or lack of attention to a particular area so that action can be taken to obtain supplemental material or substantiating evidence before control of the investigative area and pertinent records are returned to program or functional officials.

1.4.2 Nonrecoverable Wreckage.

In most space flight mishaps, in some aircraft and ground test simulation mishaps, and in many explosive type mishaps, remotely monitored instrumentation may provide adequate information for cause factor determination. In such cases, recovering the wreckage for the purpose of investigation may prove impractical because of the costs involved, the risks taken by recovery teams, and the superior quality of evidence obtained through instrumentation recordings. The search for evidence, when the wreckage is not recovered, will normally include the readout of telemetry and voice recordings, the review of any tracking data that may be available, close attention to review of preflight or pretest records, and the viewing of video recordings. In many cases, the volume of data available, though extremely helpful, may be too large to properly examine without a systematic approach. The recommended technique is to review video and voice recordings, first to arrive at the suspected failure and/or times of failure; and second, to examine telemetry data from associated equipment during the suspected time of failure. Observations of hardware operational parameters are usually available from two sources for manned systems (1) on team instruments monitored by the crew with measurements transmitted to controllers via voice communications links, and (2) data monitored on team assignments and transmitted to controllers via telemetry links. Instrument panel readouts and switch positions may be determined directly from video transmissions. Comparisons of data from various modes of transmission should be made to substantiate evidence. Without telemetry instrumentation, it will be necessary to rely heavily on the observations of witnesses and/or voice recordings with supplemental information from equipment and personnel historical data. For nontest and most normal operations mishaps, such sophisticated information gathering is not available and the investigator must rely on witness statements, physical evidence, and analysis to find out what happened.

1.4.3 Recoverable Wreckage.

When the mishap scene is accessible and the wreckage is to be recovered for analysis, there are certain steps that should be taken to maximize the effectiveness of efforts to locate and consolidate evidence. Removal of wreckage should be prevented until all significant evidence has been gathered and everything possible has been learned from the wreckage scene. When necessary to remove wreckage promptly, so as to not hamper rescue operations or to permit resumption of vital civil or military functions, each significant piece should be identified and marked as to original location and handled with care to avoid additional damage. Release of parts for salvage or detailed inspection at another location should be controlled by the coordinating group in conjunction with the investigation board leader. These steps include a preliminary survey of the mishap scene, a review of records, an examination of witness testimony, a reconstruction of the wreckage, and an examination of the recovered parts.

a. Preliminary Survey: A preliminary survey of the mishap site during which the relative positions of parts or debris can be studied will aid in establishing the nature of the mishap. Physical examination and recording of evidence at the scene will enable the investigator to reach and support conclusions as to what caused the mishap. This survey is accomplished by:

(1) Interviewing on-scene witnesses.

(2) Diagramming the mishap area to scale and indicating relative positions of equipment, wreckage, bodies, obstructions, flight path (if applicable), positions of witnesses, etc. Several methods may be used in plotting the area diagram. The choice depends mostly upon terrain. These methods are as follows:

b. Grid. The grid consists of equal size squares, the scale and size of which depends upon extent of wreckage scatter. Grid lines should be laid off on ordinal compass headings, using surveyor's equipment or a compass and tape. (Overlay or circular grid over square grid is useful in explosive mishaps where a radial pattern of debris may be expected.)

c. Distance and Heading. This method consists of plotting significant wreckage parts by distance and degrees from a central or initial point, normally the impact point. The presentation will be basically the same as the grid system but will require a full time surveyor and may consume more time.

d. Vertical Photographs. Aerial photographs can be used to advantage where wreckage is scattered over a great distance or where extreme terrain problems exist. This type of vertical photograph is especially adaptable in early coverage of a mishap involving hazardous material contamination.

e. Layout Plans or Photography. When mishaps occur in areas for which drawings are available or where helicopter coverage is most convenient, it is preferred that wreckage plotting be accomplished on layout plans or with the aid of close range aerial photographs. Three dimensional (perspective) drawings, cutaway drawings, and schematics may be useful for plotting areas where depth cannot be shown by vertical drawings, maps, or photographs.

1.4.3.1 Photographing the mishap scene, wreckage, and pertinent hardware should be made prior to removal or disturbance. Such information is helpful in determining what happened as well as providing illustrations for reports. In instances where unusual wreckage patterns exist or where there is evidence of in-flight collision, color photographs are of value. This is especially true when differentiating between smoke or oil discolorations and between various colored paint smudges which would appear black in conventional photographs. Stereoscopic photographs of bodies and detailed parts may be useful in the investigation. When applicable, the location of the photographers and the angle/direction from which the photograph was taken should be noted. Official photographs, whenever available, should be used as admissible evidence and contained in the report. However, press photographs or others may be useful and necessary if the subject or object has not been covered in official photographs.

1.4.3.2 Recovering all parts of the equipment, materials, vehicle, or system. It is sometimes necessary to search far back along the flight path and in surrounding localities for parts, debris, and clues in an aircraft mishap. Aerial photographs may be used to point out exact locations or to provide clues as to where to search for portions of the wreckage. Members of the investigation board should be available to observe or to supervise recovery operations. When water is included in the mishap scene, the problem of locating and recovering parts becomes more complicated. Special services and equipment may be required. This support can be obtained through official contact with the United States Navy and/or Coast Guard or by local commercial salvage companies. The problem of location can often be solved by plotting the crash site from descriptions of witnesses or from radar ground plots. Another indication could be air bubbles which may appear for several days after the mishap. A third method is dragging the area and/or using sonar. Minesweeping activities have special equipment designed for the location of objects under water. When the wreckage is located, divers or submersibles may be used to locate parts. Underwater photography may be used as an effective investigative technique for recording the relative position of parts. It should be remembered that salvage personnel may not have experience with aerospace vehicles and the investigators should provide all possible assistance. A vehicle striking the water often suffers not only the damage of impact but the additional hydraulic effect of water entering and exerting an outward force. Thus, the wreckage scatter pattern and the structural or component failure patterns may be unlike that experienced with ground impact. When investigating water mishaps, consideration should be given to the effect of tide on the dispersal of wreckage. Appropriate members of the investigation board should be available to supervise recovery operations and to determine the extent of recovery. Photographs should be obtained of recovered parts. Drawings of part location and general condition may be required. The damage inflicted during recovery should be properly noted to minimize confusion during subsequent detailed analysis. The wreckage parts should be flushed with fresh water to reduce the effect of salt water corrosion. Parts destined for detailed inspection should be provided to the inspection agency as soon as possible to minimize the effects of corrosion. The recovery phase should be video taped to identify any damage resulting from the recovery operations.

1.4.3.3 Tagging of parts must be accomplished as the parts are recovered. Tags should identify the system and component nomenclature of the part. When tagging parts, the investigator should:

a. Tag and identify all parts and wreckage which may contribute to the investigation and enter the information in a log. All parts should be tagged and numbered both on the tag and in a recovered parts log.

b. Draw on the tag a sketch showing the location of the recovered part relative to the grid lines (if the grid system is used) or the center point (if the distance and heading method is used).

NOTE: It is suggested that the top of the tag, as it is set in the reading position, be established as North to reduce the possibility of misinterpreting the geographical position of parts.

c. Note on the tag the nomenclature of the part and its suspected relationship to the cause of the mishap. Tags on parts which cannot be definitely identified should contain a list of possibilities as to their nomenclature, or if suspected of being foreign to the system or vehicle in question, and their possible source. The investigator should not tag parts which obviously have no significance to the investigation.

d. Assign numbers to all parts if pieces are numerous and widely dispersed, and note the applicable number on both the tag and the area diagram or area photograph.

e. Print the investigator's name legibly on the tag.

f. Have each tagged part recorded for individual use and the use of the group. A compilation of recorded parts will establish what parts have been identified and will thus aid the search for parts still missing.

1.4.3.4 Preservation of parts, subassemblies, or major components suspected of failure, malfunction, or faulty design should be accomplished immediately after photographs are made, relative positions are determined, and tagging is complete. Before removal for tests or disassembly, all such parts should be wrapped or boxed to prevent further damage. Examples of parts which should be preserved are:

a. Parts suspected of initial failure, improper heat treatment, or improper material specification.

b. Lines, fittings, wiring, mechanical controls, and explosive devices not properly attached and subject to excessive vibration.

c. Ruptured plumbing or fittings.

d. Power supply components or communication equipment suspected of being faulty.

e. Instruments suspected of being faulty.

f. Defective engines and accessories.

g. Hydraulic actuators.

h. Survival gear.

i. Control systems.

1.4.4 Laboratory Analysis

There is a wide array of laboratories available to perform specialized analyses for the investigator. The availability and cost are determined by the type of analysis and the accessibility of the laboratory to the investigator. For instance, NASA has widely distributed personnel and facilities for failure analysis. Thus, the investigator's task is to recognize signs of failures and to know where and how to get analytic assistance. The NTSB and the Department of Transportation have metallurgical laboratories and collections of parts exhibiting various modes of failure. NTSB reports also reflect increasing reliance on tests and analyses performed by the National Bureau of Standards. There are also commercial laboratories available to accomplish many types of testing.

1.1 Maps, Diagrams, Drawings, Charts, and Field Techniques

At the beginning of an investigation, the recording and measurement of transient evidence is essential. In followup stages, engineering as-built drawings can normally be used for reporting the extent and debris locations. However, before adding transient measurements to as-built drawings, superfluous detail should be removed; e.g., location of irrelevant sewer in a waste management mishap. Facility drawings should be made available and accessible to the investigator.

1.1.1 Maps.

1.1.1.1 Overall, small scale maps of longer distances and directions, as well as large scale maps of the immediate scene will be useful. It is on the latter that witness locations will normally be shown.

1.1.1.2 Measurements may be indicated by a reference point (angle and direction), triangulation (two angles), or by using a grid.

1.1.1.3 Both fixed and transient evidence are important to the investigator and can be recorded on maps. Fixed evidence includes landmarks and natural features that will not move or deteriorate rapidly. Transient evidence refers to any other evidence that may deteriorate rapidly or can be easily removed or altered. The transient evidence to be recorded centers primarily on two elements: (1) locations of wreckage and debris, and (2) locations of persons (sometimes compiled on a separate witness map).

1.1.2 Diagrams.

1.1.2.1 Diagrams are arbitrary or stylized pictures of reality that can show distribution or depict sequences, flows, or processes. Flow and motion diagrams can include flow of energy, materials, plans, personnel; etc. They are useful to the investigator in visualizing the flows and sequences that were occurring, or should have been occurring, before, during, and after the mishap. Diagrams may be existing or may have to be created by, or for, the investigation board.

1.1.2.2 Diagrams of the mishap area, to scale, and indicating relative positions of equipment, wreckage, bodies, obstructions, flight path (if applicable), positions of witnesses, etc., should be prepared for study during the investigation. Several methods may be used in plotting the area diagram. The choice depends mostly upon terrain. These methods are as follows:

a. Grid. The grid consists of equal size squares, the scale and size of which depends upon extent of wreckage scatter. Grid lines should be laid off on ordinal compass headings, using surveyor's equipment or a compass and tape. (Overlay or circular grid over square grid is useful in explosive mishaps where a radial pattern of debris may be expected.) The grid should be "anchored" at one corner to a permanent reference point and all grid references taken from the corner. References to locations are then shown as grid coordinates.

b. Straight Line Distance. A straight line is extended from a starting point, usually the initial impact point, down the centerline of the wreckage distribution. The centerline is marked in distance increments (feet, yards, meters, etc.) to indicate distance from the initial point and all other measures are taken at 90 degree angles to the central reference line. In this case references are recorded as distance from the reference point and distance from the centerline at 90 degree angles (60.5 feet/14.7 feet right or East).

c. Distance and Heading. This method consists of plotting significant wreckage parts by distance and degrees from a central or initial point, normally the impact point. The presentation will be basically the same as the grid system but will require a full time surveyor and may consume more time.

d. Circular Plot. This is especially useful when there is a uniform distribution of wreckage. The circular plot is referenced to a point at the center of the mishap area. All references are then made as compass headings from North and a distance from the center reference (137 degrees/ 475.5 feet).

e. Vertical Photographs. Aerial photographs can be used to advantage where wreckage is scattered over a great distance or where extreme terrain problems exist. This type of vertical photograph is especially adaptable in early coverage of a mishap involving hazardous material contamination.

f. Layout Plans or Photography. When mishaps occur in areas for which drawings are available or where helicopter coverage is most convenient, it is preferred that wreckage plotting be accomplished on layout plans or with the aid of close range aerial photographs. Three dimensional (perspective) drawings, cutaway drawings, and schematics may be useful for plotting areas where depth cannot be shown by vertical drawings, maps, or photographs.

1.1.3 Drawings. These should be simplified pictures of reality, such as manufacturing or construction prints, perspective drawings, cutaway drawings, etc. Drawings can often be highlighted or captioned to call attention to significant detail. The initial effort is to record only transient evidence in a sketch roughly to scale. Do not measure locations of permanent fixed objects. They can be located on copies of drawings at a later time.

1.1.4 Charts.

1.1.4.1 These may include photographic reproductions of records (e.g., temperature and pressure), trend analysis or types and classes (commonly seen as "statistics"), and organization charts. For statistical charting, the best advice is to consult a good statistician. However, two potential problem areas are:

1.1.4.2 Do not use broken scales on charts. Possible exception: If a variation of 1 or 2 percent in a factor is significant (i.e., a causal factor), a broken scale chart to highlight the detail may be useful. Also, if a single value would compress the scale so as to eliminate useful detail, simply note it at the top with an arrow pointing up.

1.1.4.3 Do not connect discontinuous data with a trend line or use a bar chart. Possible exception: When two or more profiles are being compared.

1.1.4.4 For organization charts, which should be a required exhibit in most reports, the rule is to store complete organization charts in investigation board files and use a report exhibit to show only relevant structures and relationships such as: (1) the organizational chain from the mishap organization manager up to the senior executive officer in the mishap organization and to the ultimate chief executive officer if appropriate (for example, to the NASA Administrator), and (2) to show organizational placement of major functions, such as safety, quality, training, engineering, purchasing, and maintenance. Factors of remoteness may be significant, either because remoteness produced poor communications or remoteness affected the independence or review. When maps, drawings, diagrams, and charts are used to record evidence, note the same types of items which are applicable when making photographs. Do not use more diagrams, drawings, and charts than absolutely necessary. Unneeded charts can slow understanding.

1.1.5 Field Techniques.

1.1.5.1 The most versatile field tools the investigator has for mapping and diagramming are his pencil and pad. Investigators do not need to be world-class artists to be effective in the field. Care, diligence, and attention to detail will provide excellent results and yield information that will be valuable later. The two figures that follow show an evidence record log (Figure B-2-1) and a drawing of a mishap scene (Figure B-2-2). The drawing is used for relational perspective and the log supports it with detail about each piece of evidence.

1.1.5.2 This approach keeps the drawing from being so cluttered that information runs together. It also allows the investigator to keep drawings of complex sites on a manageable size sheet of paper.

ááááááááááááááááááááááááááááááááááááááááááááááá Completed by:áááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááááá Date:_________
ááááááááááááááááááááááááááááááááááááááááááááááá NAME_________________
ááááááááááááááááááááááááááááááááááááááááááááááá POSITION______________áááááááááááá Instructionsáááááááááááááááááááááááááááááááááááááá Time:_________
á

1.1.1 Good photographic coverage of the mishap is essential even if photographs are not going to be used in the final report. The chairperson must decide how to acquire good technical photography which will assist in the investigation. Five choices, in order of preference, are as follows:

a. Center Photo Lab. If the organization has a photographic laboratory, the photographers should be able to respond quickly and photograph those transient items and portions of the scene that are likely to change. Most labs are equipped well enough to take the initial pictures that may be required.

b. Other Organizational or Contractor Photo Labs. If the facility is small and does not have its own lab, the nearest NASA office or contractor facility may be able to provide photographic support and generally would be a better choice than hiring outside help.

c. Commercial Photographer. If it becomes necessary to hire a photographer from outside the Center, make certain that the one chosen is qualified to do the kind of job that is required. The pictures that result will reflect the kind of photographer that is hired. There are photographers that specialize in commercial, industrial, medical, aerial, legal, portrait, and scientific photos. The best ones to assist in mishap investigation would be industrial, legal, or scientific photographers.

d. A Member of the Investigation. A member of the investigation team may have to take the photographs. Even an investigator who would be considered a good amateur photographer would probably not produce as good a result as a professional. However, since planning and directing the photographic coverage is always the investigator's responsibility, it is more likely that the investigator will see what he wants to see in the photographs when he takes them.

e. Security Personnel. Security units may be able to provide photographers if there is no one else available.

1.2 Planning Photographic Coverage

1.2.1 The planning and direction of photography is the investigator's responsibility. When any photographer, other than the investigator himself, is taking the pictures, it is up to the investigator to communicate the nature of information he wants to capture on film. Precise instructions as to what is of interest and what is not and the area to be covered are essential. Factors important to obtaining good, usable photographs are as follows:

a. Response Time. It is important to obtain coverage as soon as possible after the mishap. The scene is always dynamic and is rapidly changing. The photographic task may be in two stages; immediately after the event and well planned or staged pictures later to clarify details. A lot of pictures should be taken. Even though most will not be used in a report, they are helpful to the investigator in establishing the cause and analyzing details.

b. Time Frame of the Photographs. While the investigator is concerned with postevent photography, photographs taken before and during the event should not be overlooked. Photographic lab files, amateurs, and newspaper photographers are all good sources to be considered.

1.2.2 Types of Photography to Consider.

a. Conventional Photography - Instant-type cameras, self-developing cameras and single lens reflex cameras provide conventional photography tools that record on film. Cameras range from simple to extremely complex and expensive. The most versatile is the single lens reflex camera that allows a wide array of lenses to be used interchangeably to achieve the desired coverage and detail in a variety of lighting situations. Instant-type cameras are useful, and today, are very sophisticated in their operation while still being simple to use. Self-developing cameras provide the advantage of instant developing so the investigator can see the picture before he walks away or moves a piece of evidence. Self-developing film is, however, more sensitive to light, temperature, and age than many other films.

b. Digital Cameras - Relatively new, digital cameras add a new dimension to mishap photography by allowing the images to be downloaded as files to a computer and printed or transmitted to other computers for examination. Digital photographs can also be integrated directly into the mishap report without having to cut-and-paste them into the report with tape or glue. Digital cameras have all of the attributes of single-lens-reflex cameras and other conventional photography as well. If the investigator has a laptop computer in the field, he can download and view his digital images as he takes them to assure acceptable quality and can even transmit them to another location via modem if necessary.

c. Video Cameras - Motion and sound are added to the documentation of the mishap scene through video photography. Video can also be used to document the activities of rescue personnel, investigators, and others for analysis and critique at a later time. Video can be narrated as the investigator tapes and thus he is able to make a record of these observations, explain why the observations are made, point out areas of interest, and record witness testimony to allow visualization of what the witness perspective of the mishap was.

d. Videotape - Video systems may be used in higher radiation areas where film is not suitable and where instant results or playbacks are required. Also, they may operate under lower light levels than a camera in some inaccessible areas.

e. Aerial Photographs - In large mishaps a direct aerial photograph can be helpful in determining the direction of major occurrences.

f. Photo Micrographs - Ultra close-up pictures of minute portions of debris are sometimes helpful in establishing the cause of failure points.

g. Ultraviolet and Infrared - Special lighting and narrow wavelength optical filters can be of use to show certain features not visible to the eye.

h. Motion Pictures - These may be helpful for reenactments of personnel movements and actions.

i. Stereo - A major disadvantage of photographs is the lack of depth when only recording in two dimensions. Stereo cameras are available which show the proper arrangement of features in all planes. A static subject can be photographed in stereo by taking two pictures of the subject 6 to 12 inches apart. The resulting pictures can then be viewed in stereo.

j. X-ray - Parts or portions of rubble can be x-rayed to reveal stress or breaking points.

k. Thermal Scanners and Thermal Video Cameras - These operate in wavelengths beyond what the eye sees and generally image emitted heat from objects. They may be useful after explosions and fires to pinpoint sources or origins of fires.

1.2.3 Supplemental Camera Equipment.

The choice of camera equipment, either by a photographer or the investigator taking the pictures, will affect the quality and the cost of the photographs. For most investigations, a thirty-five millimeter single lens reflex camera is preferred. Digital cameras are good but do not render the detail that film does when enlarged to see minute detail. The major considerations are as follows:

a. Modern films are very good and capable of rendering minute detail and color balance on small image formats.

b. A large number of pictures can be taken with very little weight to carry around, which is an important consideration when taking pictures in the remains of an explosion or rubble from a fire.

c. Thirty-five millimeter films are lower in cost per picture than large format sheet-films.

d. Thirty-five millimeter and 2-1/4 x 2-1/4 inch format cameras have short focal length lenses that have inherently better depth of fields than cameras using 4 x 5 inch or 8 x 10 inch lenses.

e. Lens construction on smaller cameras allows for larger apertures that minimize lighting requirements. Cameras with 4 x 5 inch and 8 x 10 inch views require much higher lighting levels because of their longer focal lengths and smaller apertures. Should the investigator be forced to acquire the pictures, an instant-type camera with color film and automatic flash could be used. Limitations would be in the poorer lens (image) quality and fixed lighting arrangement. In some instances, quick reference pictures taken with a self-developing camera, either black and white or color, may be used. This is generally not a good choice because of the effect of heat on the unexposed film. The colors of the print material are not reproduced faithfully and an incorrect analysis could be made from the interpretation of the color.

1.2.4 Requests for Photography. In order to obtain satisfactory photographic results, it is necessary to tell the photographer in detail what is required, such as:

a. Expected results, how many photographs, and when pictures will be required.

b. What type scenes to be photographed and from what angles the scene should be photographed. Written instructions and sketches showing needs may be used.

c. How large the event is; what size is to be covered.

d. Whether pictures will be taken day or night; whether they will be taken of open areas or buildings.

e. Whether color or black and white should be used. (Color has better information content.)

f. Whether reference objects such as rulers are required in the pictures.

g. How the photographs will be identified, e.g., numbering system, photographic log sheets.

h. How many prints are required and how soon, what size the prints should be.

1.3 Photographic Techniques

1.3.1 Certain basic qualities make up good pictures that are factual and accurate representations of the mishap scene. Photographs can easily misrepresent a scene and lead to false conclusions or findings about a mishap. Some misrepresentations occur unknowingly while others may be purposely contrived. By reviewing the attributes of good pictures, the investigator will be made aware of possible misrepresentations in the photographs that are examined. (Figure B-3-1)
insert fig b-3-1 here

1.3.1.1 Show enough of the scene to provide good orientation. Several pictures may have to be taken in sequence to provide this orientation. An overall shot, medium, and close-up may be required.

1.3.1.2 Use proper perspective. The use of wide angle and telephoto lenses alters the perspective and causes distortions. Normal focal length lenses should generally be used.

1.3.1.3 Use proper lighting. The angle and type of lighting greatly affects the appearance of the subject. While no one lighting arrangement is correct for all conditions and subjects, the lighting should be examined for uniformity and to see that it does not produce an abnormal appearance.

1.3.1.4 Correct camera settings are essential to good pictures. The three basic ones of shutter speed, aperture, and focus setting must be applied correctly in order to obtain a correct representation of the scene. Shutter speed must be fast enough to stop action in the photograph. The aperture, along with allowing enough light to pass through the lens, also controls how much of the near and far portions of the picture will be in focus. The focus setting used in conjunction with the aperture setting controls the focus range of the picture.

1.3.1.5 Keep the camera level for easy orientation and reference.

1.3.1.6 Use known objects in the scene as size references wherever possible. In overall scenes, the presence of a person may be sufficient. In close-up photos of rubble or damaged areas, a hand or portion of a 6-foot rule may be best.

1.3.1.7 Use color film for maximum information content. While black and white film is cheaper and easier to print, the color information in color prints is often essential to understanding and analyzing an event. However, the color record must be properly done. Otherwise, it will be misleading. The use of neutral gray cards in some photos is desirable.

1.3.1.8 Identification and labeling of the photographs is essential. Figure B-3-2 shows a log sheet that should be used by a photographer while taking the pictures. After the pictures are printed, captions should be used to point out pertinent details and to eliminate all ambiguity about whether the picture was taken at the time of the mishap or staged. Photographs are usually date stamped on the reverse side, but if that information is pertinent to the analysis it should be included in the caption.

1.3.1.9 While every mishap is unique and will have its own set of features that are important, there are some general guidelines about what to photograph.

a. Location of major identifiable pieces.

b. Collision debris, dirt, etc.

c. Pools of liquids.

d. Gouges, scratches, collision points, and damage.

e. Temporary view obstructions especially from view of operator or other key person.

f. Mobile equipment.

g. Material storage areas.

h. Scaffolds, jigs, racks, and temporary rigs.

i. Close-up of failed elements.

1.3.1.10 If there is a fire associated with the event, pictures taken during the event are very useful. Photographs should include:

a. Flames. They indicate what material is burning and how fire started and progressed through the structure.

b. Smoke. Also indicates what material is burning by smoke color.

c. Structure.

d. Spectators. Many times, if arson is involved, the arsonist will stay around to watch the fire. If a series of fires are started, the arsonist may be in all photographs.

1.3.1.11 Even though official photographers may not be on hand to photograph a fire, amateurs or press pictures may be available and used.

1.3.1.12 After the fire is out, there are several key areas to photograph that may assist in the analysis:

a. The most charred or burned area.

b. Any combustible materials, such as-matchbooks, papers, paint thinners, or kerosene.

c. Fusing methods that may be visible.

d. Spectators around the mishap location.
á

PHOTOGRAPHER___________________________________________________________________

LOCATION _________________________________________________________________________

CAMERA TYPE______________________________________________________________________

LIGHTING TYPE ____________________________________________________________________

FILM TYPE _________________________________________________________________________

DATE OF MISHAP ___________________________________________________________________

TIME OF MISHAP ___________________________________________________________________

FILM ROLL NUMBER ________________________________________________________________
á
á
á

Picture Number	Scene/Subject	Date of Photo	Time of Photo	Lens f/stop	Camera Type	Pointing Direction
á	á	á	á	á	á	á
á	á	á	á	á	á	á
á	á	á	á	á	á	á
á	á	á	á	á	á	á
á	á	á	á	á	á	á
á	á	á	á	á	á	á
á	á	á	á	á	á	á
á	á	á	á	á	á	á
á	á	á	á	á	á	á
á	á	á	á	á	á	á

ááááááááááááááááááááááááááááááááááááááááááááááááááááá Figure B-3-2: Photographic Log Sheet
á

Depending on the systems involved in a mishap and the nature of the mishap, the volume of documentary evidence may range from none to truckloads. The purpose of this section is to key the investigator to the types of documentary evidence to look for and its value.

1.1 Sources of Documentary Data

1.1.1 Facility description.

1.1.2 Mission, budget, schedule, constraints, and changes.

1.1.3 Hazard analysis process documentation, including prior appraisal of:

1.1.3.1 Information search.

1.1.3.2 Hazard identification.

1.1.3.3 Hazard control.

1.1.3.4 Risk assessment; acceptance decision level.

1.1.3.5 Independent review.

1.1.4 Procedures and/or job safety analysis. When available, obtain established criteria or procedures and their review.

1.1.5 Design, manufacture, installation, test, operations, and maintenance records; construction progress photos, which may show features later covered by construction, and construction completion reports.

1.1.6 Machine manufacturer's manuals.

1.1.7 Maps and drawings.

1.1.8 Monitoring systems records.

1.1.9 Training given to the supervisor.

1.1.10 Supervisor's observations on training and safety.

1.1.11 Failure histories.

1.1.12 Error rates; first aid and medical cases of similar nature.

1.1.13 Employee selection, training, transfer, and personal history.

1.1.14 Suggestions and their disposition.

1.1.15 Employee meetings.

1.1.16 Appraisals and followup action (internal and NASA). Include SMA and engineering appraisals as they are relevant. Review inspections and audits.

1.1.17 Press releases and clippings.

1.1.18 Personnel files and medical files. These should be obtained only for professional evaluation, and then returned to safeguarded files.

1.1.19 System maintenance records.

1.1.20 Mishap records from past events

1.1.21 Quality control documentation.

1.1.22 Control room logs.

1.1.23 Security camera tapes.

1.1.24 Air traffic control tapes and radar summaries.

1.1.25 Police reports.

1.1.26 Telemetry tapes.

1.1.27 Monitoring system tapes.

1.1.28 Correspondence files.

1.1.29 Flight plans.

1.1.30 Medical histories.

1.1.31 Checkout logs.

1.1.32 Training records.

1.1.33 Test and checkout record charts.

1.1.34 Launch records.

1.1.35 Weather information.

1.1.36 All forms of computerized information/data.

1.2 Impounding Records

1.2.1 Efforts to impound records will, in most cases, have been initiated prior to the investigation board's arrival. The organization responsible for impounding records should supply the board with all impounded records and brief the members on the status of impoundment as soon as practical after preservation of evidence and witness location efforts have started. Data to be impounded may include checkout logs, training records, test and checkout record charts, launch records, weather information, telemetry tapes, and other documents essential for investigative evaluation. Provisions should also be made for readout of telemetry and computer tapes. Assistance in analysis or readout of oral conversations may be obtained from the Federal Bureau of Investigation or the NTSB. Both are located in Washington, DC.

1.2.2 Records impoundment requires space to hold the records and controls to prevent unauthorized uses or modification of data. Preplanning should include distribution of information and guidelines for program and facility directors so they will understand the purpose of impoundment and their responsibilities to assure compliance at all levels of their particular activities. During a minor personal injury mishap, the impoundment area may reside in the investigator's file drawer or notebook; for a major space system loss, the impoundment area may be the size of a public library.

1.3 Recorded Information

Obtaining and analyzing recorded information (telemetry and voice) is an extension of records impoundment. In most instances, it will be necessary to have specialists participate in this effort. Some records may be damaged; others may require readout and interpretation by the program activity involved. Records may be sent to special laboratories and organizations such as the NTSB if in-flight recorder analyses are needed. Preplanning should include preliminary checks to determine what special capabilities are available in-house, locally, and out of the area. Special capabilities should be noted and summary information concerning capabilities should be made available.

1.4 Impoundment Area Requirements

1.4.1 The impoundment area must be secure and have shelves or file cabinets adequate to store all expected data, tapes, and disks. The amount of area required will depend on the mishap.

1.4.2 A filing system is important. It should only be as complex as the volume of data it requires. The key is that all data can be systematically stored, retrieved, issued, tracked, recited, and re-stored efficiently, effectively, and accurately. Figures B-4-1 and B-4-2 give simple examples of data impound area management forms that can be used to keep track of data.

1.4.3 One final note. When the investigation is over, all data must be returned to the originating organization for filing unless it is required for litigation purposes. If it is required for litigation, data must be turned over to the legal staff.

Data Impoundment Log

Impound Area: Control Center
á

Data Item	File Location	Source	Responsible Individual	Mail Code and Phone Number
Control center log of John Smith	Cabinet #2 Drawer #1	John Smith	Dan Jones, CC Supervisor	LCC 555-5555
á	á	á	á	á
á	á	á	á	á
á	á	á	á	á

ááááááááááááááááááááááááááááááááááááááá FIGURE B-4-1: DATA IMPOUNDMENT LOG
á
á

Impounded Data Checkout Record

Impound Area: Building 7, Room 214
á

Data Item	File Location	Issued to/Phone Number	Date and Time of Issue	Date and Time of Return
Control center log of John Smith	Cabinet #2 Drawer # 1	Dave Crockett/ 555-1212	07-11-94 0900	07-18-94 1300
á	á	á	á	á
á	á	á	á	á
á	á	á	á	á
á	á	á	á	á

ááááááááááááááááááááááááááááááááááááááá FIGURE B-4-2: IMPOUNDED DATA CHECKOUT RECORD

It is NASA policy to make prompt release to the news media and the public of factual information concerning NASA mishaps resulting in serious injury to, or death of, person(s), or extensive damage to, or destruction of, property (see NPD 8621.1 , "NASA Mishap Reporting and Investigating Policy"). Witness statements will not be reported and are not releasable (to the extent provided by law).

1.2 Procedures

1.2.1 Reporting Casualties.

1.2.1.1 NASA Employees. When a NASA employee is seriously injured or killed within the confines of a NASA Center, this fact will be announced as follows:

a. Situation Known to the Public. When a mishap is apparent to TV viewers, radio listeners, or observers, information will be announced as promptly as possible and, in no case, will more than 1 hour elapse before this announcement is made. This announcement should include what is known at the time, that injuries or fatalities have occurred, and when additional information is expected to be available. In the case of fatalities, release of the victim's name(s) will be made immediately on confirmation that the next of kin has been notified, but no later than 1 hour after this notification. The Center Director or appropriate Headquarters Official-in-Charge will ensure that notification of the family has been made.

b. Situation Not Known to the Public. When a mishap involving personnel injury or fatality is not apparent to the public, NASA will promptly announce that a mishap has taken place and that injuries or fatalities have occurred. The announcement of the personnel involved will be made in the same manner as described in paragraph 1.2.1.1.a above.

1.2.1.2 Military and Other-Agency Personnel. It normally is the prerogative of the parent military service or other Federal agency to make public identification of their personnel who have incurred casualties. However, in mishaps involving military and other Federal personnel (including astronauts) detailed to NASA, it is not always practical to withhold an announcement until the appropriate military service headquarters or Federal agency has been informed. When time is of the essence, procedures for public announcement will be the same as for NASA employees, with these additional requirements:

a. The cognizant Center will inform the public affairs organization of the appropriate military service headquarters or other Federal agency directly by telephone of the mishap and of the intent of the Center Director to announce the mishap and casualties.

b. When the NASA Center is on a military base, release of victims' names will be made according to procedures previously agreed upon by the base commander and Center Director, but no later than the stipulations in 1.2.1.1.a above.

1.2.1.3 Contractor Personnel. NASA does not assume responsibility for the release of information concerning serious mishaps involving contractor employees except as follows:

a. On a NASA Center. When the mishap occurs on a NASA Center or in the conduct of NASA-managed flight programs, it is the responsibility of the cognizant NASA Center Director to announce as soon as possible that a mishap has occurred, as well as the number of known dead and/or injured. NASA will not announce, however, the identity of contractor personnel involved.

b. On Contractor-Owned Facilities. When a serious mishap occurs at a contractor's plant engaged in NASA work, NASA has no responsibility to release information concerning the mishap. The cognizant NASA Center Director will confirm that contractor personnel involved were, in fact, engaged in NASA work. NASA will not issue statements as to the cause and extent of injury or damage.

1.2.1.4 Visitors to NASA Centers. When a serious mishap occurs which involves visitors on NASA Centers, the Center Director will announce as soon as possible that a mishap occurred and the number of known dead and/or injured. The release of civilians' names will be made in accordance with the procedures outlined in 1.2.1.1 above.

1.2.2 Reporting Property Damage and Destruction.

1.2.2.1 Government-Owned or Contractor-Owned Property on a NASA Center. When a mishap involves extensive damage to or destruction of government-owned or contractor-owned property on a NASA Center, the Center Public Affairs Officer will make an announcement immediately, and in no case more than 1 hour after the occurrence of the incident. An initial preliminary report should specify time, location, and a general description of the mishap, i.e., fire, explosion.

1.2.2.2 NASA-Owned Property on Other Government-Owned Facilities; Tracking Stations Overseas and Contractor-Owned Plants; and NASA Hardware or Related Material at Contractor-Owned and Operated Plants.

a. When a mishap involving extensive damage to or destruction of NASA property occurs at one of these locations, announcement should be made by the contractor, tracking station manager, base commander, etc. The cognizant NASA Center merely confirms the mishap.

b. NASA will make any comment on the possible effect of the mishap on the NASA program involved. The cognizant NASA Center will request that other involved facility management officials refrain from independently making public comment.

1.2.3 Reporting Overseas Mishaps.

When a serious mishap occurs overseas, for example, at tracking stations or during overseas rocket and balloon campaigns involving U.S. and international personnel, the Official-in-Charge will release this information through the U.S. consular office in accordance with policies and procedures established by that office. If the program involves foreign participation, the release will also be coordinated with the foreign entity sponsoring the program. In addition, the Official-in-Charge will notify, by the most expeditious means, the Associate Administrator for Safety and Mission Assurance and the cognizant program Associate Administrator, who will immediately notify the Associate Administrator for Public Affairs, the Associate Administrator for External Relations, the Office of the General Counsel, as well as other appropriate staff.

It is NASA policy to make timely release of information from NASA mishap investigation reports, as appropriate, consistent with the provisions of the Freedom of Information Act (5 U.S.C. 552) and the Privacy Act (5 U.S.C. 552a). (See NPD 8621.1 ,"NASA Mishap Reporting and Investigating Policy.")

1.2 Procedures (Applies to investigation boards or other investigations with media attention)

1.2.1 NASA will make available to the news media and public the full report (excluding any privileged information) of a mishap investigation. However, it is the option of the Associate Administrator for Public Affairs in conjunction with the mishap investigation Chairperson, the Appointing Official, and the General Counsel to determine if a full report or a summary only will be released. Normally, a news release will be issued summarizing the results of the mishap investigation. In some cases, a press conference may be conducted.

1.2.2 The appropriate public affairs office will issue the news release within 5 workdays of the formal Headquarters approval of the full report. The report will be made available (but not necessarily reproduced and distributed) at the same time.

1.2.3 Advice of the General Counsel is required before issuance of mishap report releases to avoid inadvertent publication of information which may be restricted by statute, be privileged, or have a bearing upon a current or prospective lawsuit in which the government could be involved.

1.2.4 Regarding the Office of Public Affairs involvement in the activities of any NASA mishap investigation:

1.2.4.1 When an investigation board is formed, a public affairs advisor to the board will be appointed by the Associate Administrator for Public Affairs. This appointment authority may be delegated to the Center public affairs director for type B and C investigations.

1.2.4.2 The public affairs advisor will attend board meetings, have access to all investigative material, travel with the board, and advise the board chairperson and members on the release of information.

1.2.4.3 The public affairs advisor will prepare a press release to accompany the investigation report when it is forwarded to the official who convened the board.

1.2.4.4 When the Approving Official approves the report, the Associate Administrator for Public Affairs will assume that appropriate coordination and concurrence regarding the release and/or summary have been obtained and the news release will be made as noted above.

1.2.4.5 Generally the news release on the report will be made simultaneously at Headquarters and the appropriate Center.

1.3 Responsibility

1.3.1 The Associate Administrator for Public Affairs is responsible for the following:

1.3.1.1 Determining the method of release and procedures concerning public release of mishap investigation reports by NASA Headquarters.

1.3.1.2 Determining whether a mishap report, whatever its origin, will be issued from NASA Headquarters or the cognizant NASA Center.

1.3.1.3 Establishing guidelines for NASA Headquarters and NASA Centers regarding release of mishap investigation reports.

1.3.2 When the release is made by the cognizant NASA Center, the Center public affairs director will be the source of information on the mishap investigation report.

1.3.3 Release will be coordinated with the General Counsel, appropriate NASA Headquarters officials, and NASA Center Directors.

E-1. Statement to Witnesses

E-2. Locating and Interviewing Witnesses

Your testimony will be documented and retained as part of the mishap investigation report background files but will not be released as part of the investigation board report.

NASA will make every effort to keep your testimony confidential and privileged to the greatest extent permitted by law. However, the ultimate decision as to whether your testimony may be released may reside with a court or administrative body outside NASA.

For the record, please state your full name, title, address, employer, and place of employment.

The category of eyewitnesses in this section will be interpreted as persons in the vicinity of the mishap site at the time of the mishap. Such persons as designers, manufacturers, physicians, maintenance personnel, mechanics, metallurgists, crewmembers, and other experts in specialized fields shall not, for purposes of this section, be considered as eyewitnesses unless they observed the mishap firsthand.

NOTE: Witness statements include all factual statements obtained during the course of the investigation from any party providing evidence or testimony.

1.2 Philosophy

1.2.1 The NASA philosophy of questioning witnesses to mishaps is to interview rather than interrogate. "Interview" connotes a cooperative meeting where the interviewer approaches the interviewee as an equal. The cooperation of the interviewee is sought; encouragement is given to tell the story freely without interruption or intimidation. An interview is usually conducted informally with a voluntary or cooperative answering of questions although safety investigation teams also occasionally conduct formal interviews. Even in those cases, witnesses are not sworn in.

1.2.2 "Interrogation" is considered questioning done on a formal or authoritative level such as a lawyer/witness situation, or a police officer/suspect session.

1.2.3 It is the interview rather than the interrogation philosophy which is desirable in the questioning of witnesses by mishap investigators. Witnesses shall be informed that their testimonies are to be documented and will be retained as part of the investigation report background files but will not be released as part of the investigation report. Witness shall also be informed that NASA will make every effort to keep their testimonies confidential and privileged to the greatest extent permitted by law. (See Appendix E-1) However, the ultimate decision as to whether their testimonies may be released may reside with a court or administrative body outside NASA.

1.3 Purpose

1.3.1 The investigator interviews mishap witnesses with two basic objectives in mind:

(1) To find out what the witness observed or did, (2) To find out the witness's opinion of potential causes of the mishap.

1.3.2 The thoroughness with which these two objectives are carried out is contingent upon the thoroughness of the investigator. The experienced investigator realizes that bits of seemingly insignificant information may assume great importance when combined with investigation findings in other areas.

NOTE: The following are excerpts with modifications, from Federal Railroad Administration (FRA) literature.

1.4 Locating Eye Witnesses

1.4.1 Locating mishap witnesses often requires an extensive search of the mishap site area. The following potential sources are intended as a guide in supplementing the investigator's ingenuity in locating witnesses.

1.4.2 Residents in the vicinity of the site may have information regarding time of the mishap, engine sound, duration of sound, fluctuation of dynamic level, unusual noises, local weather, relative speed, heading, initial condition of wreckage, rescue operations, etc.

1.4.3 Local authorities often will have names of witnesses.

1.4.4 Service personnel; e.g., ticket agents, dispatchers, operators, station attendants, waiters, store clerks, etc., may have valuable witness information.

1.4.5 Witnesses who believe they possess significant information often contact newspaper offices.

1.4.6 A plea, via local news media, may encourage the reticent or transient witness to contact the mishap investigation headquarters. The address and telephone number of the mishap investigation headquarters must be included.

1.4.7 Temporary area personnel such as letter carriers, delivery personnel, public utility employees, repair personnel etc., who may have been in the area at the time of the mishap may have pertinent information.

1.4.8 Expeditious arrival at the site facilitates the questioning of sightseers and the curious regarding what attracted them to the site. Those spectators may also know of other witnesses who have departed the site.

1.4.9 Rescue personnel can often provide significant occupant location or status information prior to or at the beginning of rescue operations.

1.4.10 One witness may lead to another. Ascertain whether or not the witness was alone at the time of the observation.

1.5 Witness Location Significance

1.5.1 The exact spot from which a witness makes an observation may explain differences from that of other witnesses in the mishap vicinity. A witness location chart, to be used in conjunction with the written statement, should be prepared for clarification purposes.

1.5.2 A witness downwind of a mishap may often hear sounds not audible to the upwind observer.

1.5.3 Sound is deflected and distorted by walls or buildings and may cause the witness to erroneously report direction, sound origin, or dynamic level.

1.5.4 Noise level at the point of observation may account for a witness missing significant sounds noted by other observers.

1.5.5 The witness looking toward the sun sees only a silhouette, while the witness whose back is toward the sun may note color and other details.

1.5.6 A witness located in a group may be influenced by the power of suggestion. An outspoken member of the group might exclaim, "Those two trains missed a collision by inches!" when, in fact, the lateral separation was 100 feet. The type of individual who dislikes being critical of others reports that the trains passed in close proximity when in reality the initial impression was that there was adequate separation.

1.6 Expediting the Interviewing of Witnesses

1.6.1 Prompt arrival at the mishap site is probably the investigator's finest investigation aid. It affords the opportunity of examining the wreckage before excessive disturbance, and it permits questioning of witnesses before they reflect on their observations. The investigator is urged to visit the mishap site, survey the situation, and decide upon certain questions witnesses could answer. Witnesses forget as time elapses. Association with other witnesses and other people influences them. They read newspapers, listen to the radio, and watch television, and the news media has its effect on the witness. The witness, like the fisherman, may embellish the story when listeners are less attentive than when the story was originally told. The best solution for remedying these witness frailties is to interview the witness promptly. A memory experiment associated with time lapse was conducted by a group of psychologists and revealed the following facts of significance to the witness interviewer:

1.6.1.1 Interviews taken immediately following an occurrence contained maximum detail and were generally more complete.

1.6.1.2 After a 2-day delay the information was more general with fewer specifics, but the main or more vivid points remained.

1.6.1.3 After a 7-day delay a few of the more vivid events remained but there was considerably more conjecture, analysis, and opinion injected by the witness. Witnesses, when contacted promptly, are usually appreciative of the need for mishap investigation and the promotion of safety. Some witnesses may consider the interview an imposition and become indignant and impatient when asked to recount their observations. This situation is unfortunate, but preferable to the witness who complains about the complacency of the mishap investigators who never made a contact.

1.6.2 The intelligent witness is aware of voids or blanks in the statement (which the trained interviewer realizes exists in all observations) and endeavors to eliminate them through the application of logic or reasoning. When a witness has time to reflect on the observations, there is more time to modify or supplement the facts in the interest of coherency. Maximum witness reliability can best be achieved by prompt interviewing.

1.6.3 Occasionally, subsequent evidence dictates that certain witnesses be requestioned. The requestioning of a witness does not necessarily indicate that the interviewer was remiss in the conduct of the initial interview. Instead, the investigator may employ this technique with the witness who appears to rationalize and analyze during the initial interview. The investigator would attempt to separate fact and analysis by observing whether or not the more vivid areas of observation were presented as they were initially, and whether areas of suspected conjecture and opinion were analyzed differently than when the witness was first interviewed. By this means, the investigator would attempt to separate fact and analysis and verify witness reliability. Requestioning a witness may also be in order in confirming technical group findings.

1.7 Aids to Interviewing

1.7.1 Successfully interviewing the mishap witness is primarily an application of common sense. The interviewer should show the witness the same consideration that the interviewer would appreciate if the situation were reversed. The experienced interviewer usually finds and adopts an effective style or technique in interviewing witnesses. The following suggested interviewing tips for the novice interviewer also serve as a review or checklist for the experienced mishap investigation witness interviewer.

1.7.2 During the initial narration by the witness it is advisable to take notes. The note taking should be unobtrusive, and only with the consent of the witness. Even with the consent of the witness, discretion should be used, and note taking should cease if it is distracting to the witness. Notes should not be so extensive that the witness becomes absorbed with what the interviewer is doing. Explain to the witness that the notes are used to suggest areas that may require further explanation.

1.7.3 Frequently the witness has difficulty putting into words what was observed. In cases such as this, explanatory sketches or diagrams are valuable supplements to the witness statement. They should not be construed, however, as substitutes for the narrative statement. When there is doubt concerning the exact meaning of a statement, check the answer. The simplest method is to rephrase the answer and get the witness to confirm it.

1.7.4 Courtesy and consideration should be afforded the witness at all times. Be patient if the witness has difficulty in remembering details. Normal witness observations are expected to have periodic voids. If the witness is indefinite in a given area, record the statement that way. Do not insist that the witness give a straight "yes" or "no" answer.

1.7.5 Attempt to have witnesses confine their comments to personal observations. Avoid hearsay or areas not within their personal knowledge. If a witness reports that someone else described the mishap and thus provided the information, take the name of the individual and contact the person at a later date. Get the full meaning of each statement of the witness. Analyze each answer carefully for suggestions or leads to further questions.

1.7.6 After the witness has completed the narrative, proceed with specific questions relative to areas where notes were made. Keep questions simple and avoid jargon, slang, or terminology that could be foreign to the witness.

1.7.7 Use the straightforward and frank approach in questioning the witness as opposed to the shrewd or clever techniques such as what might be used by an attorney when the witness is hostile or not cooperative. The primary purpose is obtaining information from the witness and, in most instances, not tricking or trapping the witness in an unguarded statement.

1.7.8 Avoid arguing with the witness concerning moral responsibility of the crew, operator, or public. Witnesses have been known to regard the interview as a medium for voicing their opinions on operations, noise, and other activities that annoy them. Attempt to keep the witness confined to observations relative to the mishap.

1.7.9 Do not assist the witness when there is difficulty describing some technical phase. The statement should be in the words and terms the witness understands.

1.7.10 Percentages and fractions, when used by a witness in describing an event, should be translated into exact descriptions. There is a tendency to exaggerate in terms of percentages or fractions of the whole.

1.7.11 The wording of the question is very important. The following example illustrates how answers are affected by rewording the question. "Should the United States do all in her power to promote world peace?" Of the people questioned, 9796 answered, "Yes." The question was reworded: "Should the United States become involved in plans to promote world peace?" In this instance only 6096 answered, "Yes." The connotation of the word "involved" made the difference.

1.7.12 Qualifying the witness is important in establishing observation credibility. Witness vocation and experience should be established. When a mechanic describes the sound of an engine as surging or backfiring, this observation should be more reliable than a similar observation of a person totally unfamiliar with the operations in question.

1.7.13 Use the individual versus the collective witness interview. The collective witness interview allows witnesses to hear the statements of others. In hearing these statements, witnesses could possibly take information that is mentioned by others and use this information to fill blanks in their own observations. Many times the collective witness interview will result in one witness contradicting and correcting another. In the collective witness interview, one witness may be influenced by the statement of another. Believing one of the witnesses knows more about the operation may cause others to alter details to conform with the statement of the first witness. Conformity of witness observation is not necessarily what the mishap investigator desires.

1.7.14 Use of a tape recorder is a matter of individual interviewer preference. When determining whether to use a tape recorder, the interviewer should consider the following:

a. A signed written statement from the witness is desirable.

b. The tape must be transcribed and the transcription forwarded to the witness for signature.

c. The witness must review his/her transcription and edit it for correctness .

d. Some witnesses concentrate more on the microphone than on their observations.

e. The environment may not be conducive to recording.

f. The mechanics of operating the tape recorder may be a disadvantage; e.g., changing tape in the middle of an interview, faulty recording due to an inexperienced operator, or mechanical malfunction may cause loss of information.

g. Each witness should be provided with a copy of his/her statement.

1.7.15 Courtesy is just as important in concluding the witness interview as it is in conducting it. Thank the witness for cooperating, providing the information, and preparing the signed statement; bear in mind that the statement was voluntary and, perhaps, given during the time that the witness may have allotted for something else. Provide a phone number and address where additional information can be called in or mailed if the witness recalls things to be added to the statement.

1.7.16 It is occasionally necessary to assist certain well-qualified, observant witnesses with the organization of their statements. A few minutes spent here will aid future readers in grasping the full significance of the information. Valuable witness interviews have been wasted because an investigator has failed to obtain a recorded statement in an understandable manner. Application of the following suggestions may help avoid this problem.

a. Assist the witness with the mechanics of organizing the written statement. Suggest the use of an outline if the witness appears to have difficulty in organizing the report and collecting related thoughts.

b. Encourage the witness to use drawings, sketches, or photographs if they will help clarify the written statement. Drawings, sketches, or photographs are merely supplements to the report and do not take the place of a written statement.

c. Assist the witness in organization only. Do not aid the witness with terminology; the statement should be the words of the witness.

d. Witnesses tend to minimize or omit observations that, to them, have little significance. The investigator's background should provide guidance as to the significance of the information to be included in the statement of the witness. Frequently, relatively insignificant information becomes vital to determining the cause of the mishap once the pieces of information have been put together by the experienced interviewer.

1.7.17 A witness will occasionally omit information from a written statement that was included in an oral description of the mishap. Ensure that omissions are inserted in the written report.

1.7.18 A professional approach to witness interviewing requires that the witness be provided with a copy of his/her statement. This is a common courtesy which should be afforded the witness. The copy may bring to mind additional observations the witness made relative to the mishap when there is an opportunity to leisurely reread the statement.

1.8 Analysis of Witness Observations

1.8.1 The gathering of the witness evidence comprises about 50 percent of the witness phase of the mishap investigation. The success of the witness phase hinges on the remaining 50 percent, the ability of the investigator, as an analyst, to apply technical knowledge to the seemingly unrelated observations of lay witnesses and to emerge with possible contributing and causal factors.

1.8.2 The purpose behind analyzing witness statements, as opposed to accepting them at face value, is to:

a. Translate lay person observation into possible causal factors.

b. Evolve order and logic from apparent confusion.

c. Corroborate facts by coordinating witness information and other findings.

d. Evaluate witness credibility.

e. Evaluate the witness as a potential public hearing participant.

1.8.3 Never underestimate the value of any detail in questioning a witness. A slipshod job in the witness phase may overlook a suspect area, delay finding the cause, or even mislead investigators to the extent that the cause remains undetermined.

1.8.4 In cases where there are only one or two witnesses, it is not difficult to compare statement information and correlate the information. Differences and similarities can be readily detected and isolated for further investigation. However, when the number of witnesses is large (approximately five or more) or the volume of the statements is extensive, the task becomes more difficult and the possibility of overlooking minute discrepancies increases. In those cases a simple correlation matrix, such as the one in Figure E1-1, can be a very effective tool.

1.8.5 By documenting the events and correlating them on a matrix that can be viewed in composite, the investigator can more readily see disparities and strong correlation between witness information and can identify areas where more investigation may be warranted. If a computer with data base software is available, it should be used when the number of witnesses is very large. Databases make it easier to insert events in proper sequence as they are identified. It also makes it much easier to sort and analyze for particular pieces of information. Of course, for less complex situations a pencil and piece of paper will be equally as effective. The decision is up to the investigator.
á
á

1.9 Locating and Interviewing Witnesses-Review.

Normally, witnesses will have been identified and located prior to the investigator's arrival at the point of investigation. It is important to secure information from witnesses as soon as possible after the mishap has occurred. Statements should contain as much detailed information as possible to minimize the necessity of recalling witnesses. Extensive use should be made of voice recorders and subsequent transcriptions.

1.9.1 Witness Location - Early witness location and interview are often important in establishing details of any mishap. This appendix provides helpful information concerning techniques and aids for conducting effective interviews. Names of witnesses should be obtained by safety representatives or other personnel who arrive at the site first (after doing everything reasonable to aid the injured and prevent further damage or loss of evidence). As part of preplanning, security and safety personnel and others likely to arrive early at mishap sites should be prepared to cope with traumatic circumstances and place an appropriate priority on the importance of protecting evidence and obtaining names, addressees, and telephone numbers of witnesses. Preplanning for catastrophic mishaps should provide for designated personnel to receive periodic training in emergency and disaster assistance; i.e., evacuation, emergency assistance to victims, protection of mishap/disaster scene, threats and panic management, and collection and protection of evidence/witnesses. Instruction on the protection of hazardous areas should include factors such as toxic gas, radiation, explosives, electrical, flammables, breathing equipment, rescue equipment, and safety equipment.

1.9.2 Witness Identification - Witnesses should, for reference purposes, be identified by name, title, employer, and place of business. However, they may be given the option of not having their name published with the statement. Even so, the witnesses should be informed that their identities might have to be released in response to the courts or other requirements of law. If a witness has professional background, skill, or experience which is directly related to, or would aid in evaluating the testimony, this information should be recorded (written or voice recording).

1.9.3 Information Provided to Witnesses - Witnesses shall be informed that their testimonies are to be documented and will be retained as part of the investigation report background files and will not be released as part of the investigation report unless the testimony is particularly important to the findings or it is necessary to release the testimony in response to the courts or other requirements of law.

1.9.4 Witness Locations and Conditions - The location and conditions in which the witness viewed the events or occurrences should be entered on a witness location chart to be used in conjunction with the statement.

1.9.5 Witness Freedom to Describe - Witnesses should be allowed complete freedom in describing pertinent events relative to the mishap. Leading questions or interruptions may change the course of thought or association, causing the omission of important details.

1.9.6 Questions for Witnesses - When a witness has presented the factual evidence, specific questions should then be asked.

1.9.7 Corroboration of Testimony - Witness testimony should be corroborated whenever possible. It is advisable to interview all witnesses whose observations of the mishap were from different locations. Statements may then be compared to detect and discount inaccurate information. Statements and physical evidence at the scene of the mishap should also be correlated.

1.9.8 Privacy of Interview - Each witness should be interviewed privately since some witnesses may be influenced by the stories of others. Witnesses should be interviewed in the presence of other witnesses or supervisory personnel only if circumstances exist where it cannot be avoided.

1.9.9 Testimony Inaccuracies - Testimony by witnesses, especially those who have been injured or involved in the mishap, may contain inaccuracies. It is desirable to have verbatim transcripts of testimonies for evaluation.

1.9.10 Supplementary Statements - Witnesses should be encouraged to supplement their original statements if, upon reflection, they wish to supply additional information. Such additions, amendments, and corrections should be recorded without modifying the text of the original statement.

1.9.11 Signed Statement - It is desirable to have the witness sign the statement to verify the accuracy of the transcript. However, the witness may submit an unsigned statement or the interviewer may summarize a verbal statement.

F-1. NASA Mishap Reporting Requirements Matrix

F-2. Mishap Organizational Responsibilities Matrix

F-3. Mishap Appointing/Approving Official Matrix

(Note: Public Affairs mishap reporting requirements are in Appendices C and D.)

Each Center should assign and train a person(s) in each of their local organizations on how to use IRIS (including someone at the clinic or medical unit). This representative will have limited access to the system and be responsible for their organization's safety data and control data. The e-mail address of these representatives will be posted in the system so that the system can notify them of cases for which they must provide more information as a result of being the responsible organization.

Submitting an initial report using the 1627 Online Forms

There are three new online 1627 forms. These forms were designed to be friendlier to the person submitting the report.

• Initial Safety Incident Report (Form 1627A) -- This is similar to the current Telephonic Mishap Report form. It is used to collect a lot of narrative information (what, when, where, and how bad, but not who).
• Medical Safety Incident Report (Form 1627B) -- This is a newly developed form to collect safety-related information about the injured/ill person from an individual who knows the details about the injured/ill person (i.e., the clinic or the person's supervisor).
• Mishap Report (Form 1627) -- This is the full reporting form. It contains everything on the 1627A and 1627B forms along with other information, which is generally not readily available within a few hours of the incident.

The organization's safety representative can enter the data into IRIS and electronically submit the data to the local safety office. The local safety office will be notified electronically about the new case after it is entered. Additionally, the forms can be sent to the local safety office for entry if your procedures prevent others from entering the data. Hard copy forms may be obtained from the Center's safety office.

Submitting initial reports using hand/typewritten 1627 forms

The hand/typewritten forms are primarily for individuals who report incidents but do not have access to IRIS or MS Word. The 1627 forms can be filled-in by hand or typewriter. The online forms can be printed from any computer and copied so that blank copies are available. After manually completing the form, it can be sent to the organization's safety representative or to the local safety office for entry.

Submitting initial reports using the IRIS Screens

IRIS provides three screens for entering initial safety incident cases:

• Initial Safety Incident Report (Form 1627A) Screen
• Initial Medical Safety Incident Report (Form 1627B) Screen
• Full Safety Incident Report (Form 1627) Screen

These screens correspond to the online and printed 1627 forms. The first two screens (1627A and 1627B) are intended for use by persons outside your local safety office. When the user presses the "Submitted to Safety" button, the record becomes "certified," the safety office is notified, and the record is locked from being changed from either of these screens. The user can view the record but cannot change it.

The Full Safety Incident Report (Form 1627) screen has several additional features for use by safety personnel:

• Allows updating and dropping of cases,
• Allows addition of corrective action,
• Allows case statusing and assignment of case category,
• Allows addition of multiple persons injured in a single case,
• Allows addition of cause, contributing cause, objects/substance involved, and activity/unsafe act in progress,
• Allows addition of property damage data (estimated and final costs, etc.),
• Allows assignment of primary NASA investigator/monitor, and
• Allows closing the case.

1627A FORM

The 1627A form is intended for use by non-safety personnel who can provide initial information about a safety related incident.

The following fields appear at the top of all pages:
 

The following fields and buttons display at the bottom of every page:
 

The following fields appear only on Page 1 of the 1627A Screen and the user moves through the page in the following tab order:
 

The Find Cases Screen is available from the Full 1627, 1627A, and 1627B input screens. This screen opens automatically when the full 1627 screen is opened. The user can manually open this screen from any of the 1627 screens by pressing the screen's Find Button.

To use this screen, enter data into one or more of the Search Elements. After entering the data, press the Find Cases button. If any cases exist that match the search criteria, the matches will be displayed under Cases Found. One or more cases may match the search criteria. The View Cases button will load all of the matching cases into the 1627 screen that originally opened the Find Cases Screen. The View Cases button will also perform the functions of finding matching cases and loading matching cases to the 1627 screen.

Note: Only the cases for sites and organizations that are available to the current user will be found.

This page contains the narrative description about the incident.

This page contains the incident impact summary.

Check one or more of the following Impact Summary check boxes by clicking in the box with the mouse. At least one of the Impact Summary items must be selected for a new record to be valid.

The following table describes the general usage of the items.

Note: NPD 8621.1, "NASA Mishap Reporting and Investigating Policy," as revised or amended governs the definitions and usage of these items. The descriptions/definitions in NPD 8621.1 will supersede any of the following descriptions/usages in the following table:

As non-safety personnel are not as familiar with proper classification of incidents, many of the Impact Summary items in the following table may be changed/updated by the local safety office after the case is submitted to safety.
 

The validation rules for selecting a check box are as follows:

• If the user checks the "Close Call" checkbox then only "Damage Estimate Under $1,000" can be checked.
• If the user checks the "3 or more people hospitalized" checkbox then "Under 3 people hospitalized" can not be checked (and vise-versa).
• Only one of the damage estimate items can be checked.

1627B FORM

The 1627B form is intended for use by non-safety personnel who can provide initial medical information about the incident and the person involved.

Note: Do not use this form if 2 or more persons are injured or ill in the same case or if not enough information is available about the injured/ill person. Use the 1627A form which does not collect information about the person(s) involved or use the Full 1627 form which is the form that the local safety office uses to gather more detail than the 1627A or 1627B can provide.

The following fields appear at the top of all pages:
 

The following fields and buttons display at the bottom of every page:
 

The following fields appear only on Page 1 of the 1627B Screen and the user moves through the page in the following tab order:
 

This page is used to enter information about the
Appendix L. Acronyms