![[NASA Logo]](../Images/nasaball.gif)
| |
NASA Procedures and Guidelines |
This Document is Obsolete and Is No Longer Used.
|
|
P.1 PURPOSE
P.2 APPLICABILITY
P.3 AUTHORITY
P.4 REFERENCES
P.5 CANCELLATION
1.1 General
1.2 Fundamental Policy
1.3 Objectives and Principles
1.4 Authority and Responsibility
1.5 Program Elements
1.6 Public Safety
1.7 Risk Assessment
1.8 Control of Hazardous Conditions
1.9 Safety Program Reviews
1.10 Notice and Abatement of Unsafe or Unhealthful Conditions
1.11 Advisory Panels, Committees, and Boards
1.12 Coordination with Organizations External to NASA
1.13 Emergency Planning
1.14 Safety Motivation and Awards Program
1.15 Safety Management Information
1.16 Safety Lessons Learned
1.17 NASA Safety Reporting System (NSRS)
1.18 Safety Documentation
1.19 Safety Variance Process
2.1 Purpose
2.2 Applicability and Scope
2.3 Authority and Responsibility
2.4 Requirements
2.5 Access to NASA Facilities by
State or Federal Compliance Safety and Health Officers
2.6 Contractor Citations
2.7 Grants
3.1 Purpose
3.2 Applicability and Scope
3.3 Objective
3.4 Hazard Reduction Protocol
3.5 Responsibilities
3.6 Hazard Assessment
3.7 Safety Activity Phases
3.8 System Safety and Mission Success Hazard Analyses
3.9 System Safety and Mission Success Program Reviews
3.10 Documentation
3.11 Change Review
4.1 Purpose
4.2 Responsibilities
4.3 Planning and Implementation
4.4 Personnel Safety Certification
Program for Potentially Hazardous Operations and Materials
4.5 Mission Critical Personnel Reliability Program (PRP)
5.1 Purpose
5.2 Guideline Overview
5.3 Responsibilities
5.4 The Nuclear Launch Safety Approval Process
5.5 Report Requirements
6.1 Purpose
6.2 Objectives
6.3 Motor Vehicle Safety
6.4 Personal Protective Equipment
6.5 Control of Hazardous Energy (Lockout/Tagout Program)
6.6 Pressure and Vacuum Systems Safety
6.7 Electrical Safety
6.8 Hazardous Material Transportation, Storage, and Use
6.9 Hazardous Operations
6.10 Laboratory Hazards
6.11 Lifting Safety
6.12 Explosive, Propellant, and Pyrotechnic Safety
6.13 Underwater Operations Safety
6.14 Launch Vehicle and Spacecraft Operations Safety
6.15 Test Operations Safety
6.16 Non-Ionizing Radiation
6.17 Ionizing Radiation
6.18 Confined Spaces
7.1 Purpose
7.2 Aviation Safety Program
7.3 Program Responsibilities and Requirements
7.4 Aviation Safety Program Elements
7.5 Interfaces with Other Agencies
8.1 Purpose
8.2 Applicability and Scope
8.3 Objectives
8.4 Basic Requirements
8.5 Facility Managers
8.6 Facility Safety Management Plan
9.1 Purpose
9.2 Objectives and Goals
9.3 General
9.4 Responsibilities
9.5 Fire Protection Surveys and Inspections
9.6 Fire Protection Systems
9.7 Firefighting
9.8 Emergency (Pre-Fire) Planning and Procedures
9.9 Fire Safety Training
9.10 Reporting
9.11 Regulations, Codes, and Standards
A. Acronym and Abbreviation List
B. Glossary of Safety and Risk Management Terms
C. Safety Motivation and Awards Program
D. Analysis Techniques
E. Example Hazard Report
F. Sample Training Schedule
G. Activity and Fissile Material Limits Basic A
H. Sample Safety and Health Plan
I. Sample System Safety Plan for Systems Acquisition
J. Aviation Safety Panel Charter
K. Operations and Engineering Panel Charter
Change No. |
Date |
Description |
|
1
|
6/19/02
|
The Office of Safety and Mission Assurance (OSMA) requests the following administrative updates to NPR 8715.3, NASA Safety Manual, to support OSMA's completion of the action from the Associate Deputy Administrator dated May 22, 2002, entitled Actions for Councils and Boards Chairs. These administrative updates modify the existing board charters for the Aviation Safety and Operations and Engineering into panels and transfer them into NPG 8715.3 as appendices J and K. These administrative changes also update references and the cancellation paragraph. We will request removal of these charters from NPG 1000.3 via the process set up by the Office of Human Resources and Education. |
|
2
|
3/31/04
|
Deletions of paragraphs, references, etc., per Jennings memo dated 12/5/03, and administrative changes made throughout to change NPG to NPR, etc. |
Effective Date: January 24, 2000
P.1.1 This NASA Safety Manual is the central Agency document containing procedures that define the NASA Safety Program. This document serves as a general framework to structure the more specific and detailed requirements for Headquarters, Program, and Center Directors. This document does not stand alone but rather must be used in conjunction with the references listed in paragraph P.4 below.
P.1.2 This is primarily a safety document and is not meant to provide direction to occupational health personnel or to provide guidance for occupational health activities. Some health references are included to assist Center safety personnel in interactions with the occupational health personnel. Joint occupational safety and health requirements that implement 29 CFR 1960 are specified in NPR 8715.1, "NASA Safety and Health Handbook-Occupational Safety and Health Programs."
P.1.3 To address special processes and/or discipline-unique processes, the Safety and Assurance Requirements Division publishes standards that provide specific instructions that are beyond the scope and detail of this document. A listing of applicable NASA standards can be found in paragraph P.4.
The procedures in this document apply: (1) to all NASA organizations, elements, entities, or individuals; (2) to visitors on NASA property; (3) to all NASA equipment, property, systems, and facilities; (4) during all phases of the life cycle of systems or facilities; and (5) as specified in contract requirements.
This document is not a direct instruction to NASA contractors, but provides guidance to the responsible NASA contracting officer. It is applicable to contractors as appropriate through contract clauses in conformance with the NASA Federal Acquisition Regulation (FAR) Supplement. Non-NASA, non-contractor personnel will follow the provisions of this document when on NASA property. This document does not supersede more stringent requirements imposed by individual NASA organizations and other Federal, State, or local government agencies.
42 U.S.C. 2473(c) (1), Section 203(c)(1) of the National Aeronautics and Space Act of 1958, as amended.
5 U.S.C. Section 7902, 29 U.S.C. Sections 651 et seq., and 49 Appendix Section 1421, the Occupational Safety and Health Act of 1970 (Public Law (PL) 91-596), as amended.
Executive Order (E.O.) 12196 of February 26, 1980, Occupational Safety and Health Programs for Federal Employees.
29 CFR Part 1910, Occupational Safety and Health Standards.
29 CFR Part 1960, Basic Program Elements for Federal Employees, Occupational Safety and Health Programs and Related Matters.
NPR 1000.3, The NASA Organization, (Paragraph 4.17, Office of Safety and Mission Assurance, Code Q).
5 U.S.C. Section 7903, Protective Clothing and Equipment.
40 U. S.C. Section 619, Compliance with Nationally Recognized Codes (Section 6 (a) of P.L. 100-678, November 17, 1988), as amended.
42 U.S.C. 11001 et seq., Emergency Planning and Community Right-To-Know Act.
E.O. 113043 of April 16, 1997, Increasing Seat Belt Use in the United States.
5 CFR Parts 532, 550, Prevailing Rate Systems and Pay Administration (General).
14 CFR Part 1214.5, Mission Critical Space Systems Personnel Reliability Program.
21 CFR Part 1040, Performance Standards for Light Emitting Products.
49 CFR Parts 177, 571, Carriage by Public Highway; Federal Motor Vehicle Safety Standards.
EM 385-1-1, U.S. Army Corps of Engineers, Safety and Health Requirements.
NHS/IH-1845.3, Hazard Communication.
NHS/IH-1845.5, Occupational Exposure to Hazardous Chemicals in Laboratories.
NPD 1800.1, NASA Occupational Health Program Policy.
NPD 3810.1, Processing Claims Under the Federal Employees Compensation Act.
NPD 6000.1, Transportation Management.
NPD 7100.8, Protection of Human Research Subjects.
NPD 8070.6, Technical Standards.
NPD 8700.1, NASA Policy for Safety and Mission Success.
NPD 8710.1, Emergency Preparedness Program.
NPD 8710.2, NASA Safety and Health Program Policy.
NPD 8710.3, NASA Policy for Limiting Orbital Debris Generation.
NPD 8710.5, NASA Policy for Pressure Vessels and Pressurized Systems.
NPR 1441.1, NASA Records Retention Schedules.
NPR 8715.4, NASA Procedural Requirements for Inservice Inspection of Ground-Based Pressure Vessels and Systems.
NPR 2810.1, Security of Information Technology.
NPR 3451.1, The NASA Awards and Recognition Program.
NPR 4100.1, NASA Materials Inventory Management Manual.
NPR 4200.1, NASA Equipment Management Manual.
NPR 5100.4, Federal Acquisition Regulation Supplement (NASA/FAR Supplement).
NPR 7120.5, Program and Project Management Process and Requirements.
NPR 7900.3 , Aircraft Operations Management.
NASA-STD-6001, Flammability, Odor, Off-gassing and Compatibility Requirements and Test Procedures for Materials in Environments That Support Combustion.
NPR 8621.1, NASA Procedural Requirements for Mishap Reporting, Investigation, and Recordkeeping.
NPR 8715.1, NASA Safety and Health Handbook - Occupational Safety and Health Programs.
NPR 8715.2, NASA Emergency Preparedness Program Plan Procedural Requirements.
NPR 8500.1, NASA Environmental Management.
NPR 8831.2, Facilities Maintenance Management.
NPR 8580.1, Implementating the National Environmental Policy Act and Executive Order 12114.
NASA-STD-8719.7, Facility System Safety Guidebook.
NASA-STD-8719.8, NASA ELV Payload Safety Review Process Standard.
NASA-STD-8719.9, NASA Safety Standard for Lifting Devices and Equipment.
NSS 1740.10, NASA Safety Standard for Underwater Facilities and Non-Open Water Operations.
NASA-STD-8719.11, NASA Safety Standard for Fire Protection.
NSS 1740.12, NASA Safety Standard for Explosives, Pyrotechnics, and Propellants.
NASA-STD-8719.13, NASA Software Safety Manual.
NSS 1740.14, NASA Safety Standard for Guidelines and Assessment Procedures for Limiting Orbital Debris.
NSS 1740.16, NASA Safety Standard for Hydrogen and Hydrogen Systems.
National Aeronautics and Space Administration Charter of the NASA Aerospace Safety Advisory Panel, November 18, 2003.
JSC NSTSPM Directive No. 110, Space Shuttle Program (SSP) System Safety Review Panel (SSRP) Charter.
NSTS 1700.7B, Safety Policy and Requirements for Payloads Using the Space Transportation System and Addendum.
JSC Policy Charter, JPC 1152.4K, Space Shuttle Payload Safety Review Panel (PSRP).
ANSI/ASQC Q90001-1994.
Presidential Directive/National Security Council Memorandum Number 25 (PD/NSC-25), Scientific or Technological Experiments with Possible Large-scale Adverse Environmental Effects and Launch of Nuclear Systems into Space.
This document cancels NPR 1700.1(V1-B), dated June 1993.
1.1.1 This document provides the procedures that define the NASA Safety Program. Safety program responsibility starts at the top with senior management's role of developing policies and providing strategies and resources and is executed by the immediate task supervisor and line organization. All employees are responsible for their own safety, as well as that of others whom their actions may affect (Requirement 25001). Employees are empowered to call for the halt of any process or operation they believe is unsafe and request analysis by a qualified individual. If the activity is unsafe, the qualified individual will determine the corrective actions needed (Requirement 31814). Employees are also to report any systems designs, operations, processes, or software they feel are unsafe or do not meet safety requirements (Requirement 31815).
1.1.2 In general, the success or failure of an organization's safety efforts can be measured by the number of incidents involving injury or death to personnel, lost productivity (lost or restricted workdays), environmental damage, or loss of, or damage to, property. These failures can also be measured by increased development time, longer cycle time, operational delays, reduced quality, increased costs, loss of program capability, and loss of technical reputation or stature. Like many successful corporations, NASA has learned that aggressively preventing mishaps is good management and good business practice.
1.1.3 NASA undertakes many activities involving a high potential of risk. Management of this risk (which involves identifying and eliminating, minimizing, controlling, or accepting the risk) is one of NASA's most challenging activities and is an integral part of NASA's safety efforts. The focus of risk management and loss prevention priorities and attention are:
1.1.3.1 Public.
1.1.3.2 Astronauts and pilots.
1.1.3.3 NASA workforce.
1.1.3.4 High-value equipment and property.
1.2.1 The policy for the NASA Safety Program is provided in NPD 8710.2, "NASA Safety and Health Program Policy." For specific health program requirements, see NPD 1800.1, "NASA Occupational Health Program."
1.2.2 NASA's goal of a world-class safety program is based on the following four essential components:
1.2.2.1 Management commitment and employee involvement.
1.2.2.2 System and worksite hazard analysis.
1.2.2.3 Hazard prevention and control.
1.2.2.4 Safety and health training.
The objectives of NASA's Safety Program are to affect positively the overall success rate of missions and operations and to prevent injury to personnel, loss of or damage to property, loss of technical stature, or environmental harm. Requisite program principles include the following:
1.3.1 An aggressive and independent safety function for NASA to ensure that its programs/projects are accomplished with proper safety planning (Requirement 25005).
1.3.2 Planning, direction, development of requirements, policies, methodology, procedures, implementation, and evaluation of the safety program to ensure its goals are achieved effectively and efficiently (Requirement 25006).
1.3.3 Compliance with the safety standards issued by the Occupational Safety and Health Administration (OSHA) pursuant to Section 6 of Public Law (PL) 91-596 (the Occupational Safety and Health Act of 1970 as amended), 29 U.S.C. Section 655 (Requirement 25007). If no OSHA standards apply, NASA will develop its own supplementary or alternate NASA standards for safety and mission assurance to support its unique operations, materials, facilities, equipment, procedures, and practices. See NPD 8070.6, "Technical Standards," and NPR 8715.1, "NASA Safety and Health Handbook - Occupational Safety and Health Programs," for further information on the policy for all NASA Technical Standards.
1.3.4 Up-to-date configuration control on equipment and systems (Requirement 25008).
1.3.5 Technical reviews by the developing organization of the safety aspects of all development efforts and operations to ensure that they are being conducted in accordance with sound safety engineering principles (Requirement 25009).
1.3.6 Safety assessments of all systems prior to changes so as to preclude an increase in risk to personnel or equipment (Requirement 25010). Assessments of both qualitative and quantitative safety risks to people or property along with recommendations to either reduce the risks or accept them (Requirement 31816). Final risk acceptance is a management responsibility (Requirement 31817). However, employees have the right to be informed of the risk acceptance process if it affects their personal safety or health.
1.3.7 Investigation of all hazardous conditions, close calls, environmental incidents, and mishaps, without retribution to the employees, and the prompt publication of lessons-learned as part of accident prevention and a continuous improvement effort (Requirement 25011). Procedures for mishap and close call reporting are found in NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, Investigation, and Recordkeeping."
1.3.8 Safety oversight/insight and periodic inspection to ensure compliance with NASA safety policies and assess the effectiveness of NASA safety activities as required by NASA policy, Federal regulations, State regulations where applicable, and national consensus standards (Requirement 25012).
1.3.9 Safety research and development for new or unique safety functions and technologies to establish NASA as a national focal point for safety (Requirement 25013).
1.3.10 Reserved
The NASA Chief Health and Medical Officer is the NASA Designated Agency Safety and Health Official (DASHO), pursuant to Executive Order 12196, Section 1-102. The DASHO coordinates the NASA Occupational Safety and Health Programs (reference NPD 8710.2, "NASA Safety and Health Program Policy"). The authority and responsibility for safety policy and oversight of its implementation are vested in the Safety and Assurance Requirements Division within the Office of Safety and Mission Assurance (OSMA) (Requirement 25211). Responsibility for safety at NASA facilities rests with the Center Directors (Requirement 32643).
Center Directors and the Assistant Administrator for Institutional and Corporate Management shall ensure that --
1.5.1 The safety organization is placed at a high enough level and the program implementation authority is vested in a person sufficiently senior to manage the effort so the safety review function can be conducted independently (Requirement 25015). (High enough level is interpreted to mean that the Safety Assurance Functional Director can interface directly with the Center Director when problems arise.) Center Directors and the Assistant Administrator for Institutional and Corporate Management must also ensure that adequate resources are made available to support the safety efforts and that the safety responsibilities of each organizational element are properly emphasized and accomplished (Requirement 31818). Proper safety organizational alignment will support the importance of safety at all organizational levels.
1.5.1.1 Senior managers incorporate safety considerations into the planning and execution of programs, projects, and operations in their management function (Requirement 31819). The officials to whom they report will evaluate and document this in their performance evaluations (Requirement 31820).
1.5.1.2 Line managers are accountable for the safety of their workers (Requirement 31821). Their supervisors will incorporate measurable performance criteria in line manager's performance plans and evaluate and document results in their performance evaluations (Requirement 31822).
1.5.1.3 Employees must be trained to work safely and to follow prescribed workplace rules to protect their own and their fellow workers' safety and health (Requirement 31823). Managers and supervisors will assure this is included as part of the formal performance evaluation process and will further encourage safe performance through safety incentive awards programs (Requirement 31824).
1.5.2 Centers establish executive safety and health committees or boards in accordance with NPR 8715.1, "NASA Safety and Health Handbook -- Occupational Safety and Health Programs" (Requirement 25016). The board will provide executive oversight, strategic planning, and program implementation in support of the safety and health programs.
1.5.3 Policies, plans, procedures, and standards that define the parameters of the safety program are established, documented, maintained, communicated, and implemented to provide for the appropriate or adequate protection and prevention of loss and damage to personnel, property, material, equipment, and facilities of NASA, other agencies, and the public (Requirement 25017). The Annual Operating Agreements enacted and signed at each Center reflect the agreed support activity level of the Center safety organization to the program/projects and institutional operations at the Centers. (See NPD 8700.1, "NASA Policy for Safety and Mission Success.")
1.5.4 Appropriate safety and mission assurance risk-based acquisition management (R-BAM) requirements are included in procurement, design, development, fabrication, test, or operations of systems, equipment, and facilities and will serve as a basis for awarding any fee on contracts (Requirement 25018). Contractor operations and designs are evaluated for consistency and compliance with the safety provisions of the contract (Requirement 31855). These results are provided to the award fee boards and used to affect the fee determination, where applicable (Requirement 31856). NASA safety personnel are included as regular participants in the procurement process for the acquisition of hardware, software, services, materials, and equipment (Requirement 31857). (See Chapter 2.)
1.5.5 An effective systems safety and mission assurance program based on a continuous risk assessment process is established to include development of safety requirements early in the planning phase, review of the implementation of those requirements during the acquisition, development, and operational phases, and the use of a risk-based hazard assessment and tracking system to maintain status of the hazards during the process (See Chapter 3) (Requirement 25019).
1.5.6 Qualified personnel and appropriate training are provided to support the safe performance of potentially hazardous or critical technical operations and to ensure a qualified safety workforce is available to support the safety assurance function (Requirement 25020). To meet the requirements of the Voluntary Protection Program (VPP), the safety organization (or its support contractors) must employ a certified safety professional (Requirement 31858). Special circumstances involving access to mission critical space systems and other critical equipment may dictate the need for the Personnel Reliability Program (14 CFR Part 1214.5, Mission Critical Space Systems Personnel Reliability Program). (See Chapter 4.)
1.5.7 An ad hoc interagency review and approval process is implemented for the use of radioactive materials in spacecraft and the Space Transportation System to avoid unacceptable radiation exposure for normal or abnormal conditions, including launch aborts with uncontrolled return to Earth (See Chapter 5) (Requirement 25021).
1.5.8 All NASA operations are performed in accordance with existing safety standards and consensus standards, or special supplemental standards when there are no known applicable standards (Requirement 25022). For hazardous operations, special procedures are developed to provide for a safe work environment (Requirement 31859). (See Chapter 6.)
1.5.9 Aviation safety programs tailored to meet the specific operational needs of the NASA Centers are established and maintained to comply with national standards and NASA directives and guidance (Requirement 25023). (See Chapter 7.)
1.5.10 All facilities are designed, constructed, and operated in accordance with applicable/approved codes, standards, and procedures (Requirement 25024). (See Chapters 8 and 9.)
1.5.11 All accidents, incidents, mission or test failures, or other mishaps are promptly investigated for the dominant root cause (Requirement 25025). The emphasis will be on determining what happened without the threat of punitive actions. Continuous improvement is initiated through corrective actions and lessons learned, as specified in NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, Investigating, and Recordkeeping" (Requirement 31860). Events resulting in significant release of pollutants to the environment are coordinated with the cognizant NASA environmental management organization for appropriate response and reporting to regulatory authorities, as specified in NPR 8820.3, "Pollution Prevention" (Requirement 31861).
1.6.1 The first safety value of NASA is to protect the public from any adverse effects of NASA operations. NASA Center Directors, program/project managers, and line supervisors will strive to eliminate the risk or the adverse effect of NASA operations on the public (Requirement 25026). Where NASA can not do this, NASA will provide protection by exclusion or other protective measures (Requirement 31862). If there is a likelihood that the public and surrounding communities could be affected by NASA operations, NASA safety and emergency planning officials will establish cooperative programs with the local communities (Requirement 31863). Local NASA safety and emergency planning officials will perform the following:
1.6.1.1 Ensure community awareness regarding the nature and extent of actual and potential hazards arising from the NASA operations and the measures to be taken to protect the community (Requirement 31864).
1.6.1.2 Jointly develop emergency response plans, including protective action guides, to address the effects posed by hazards from radiological contamination, explosive/propellant mishaps, and toxic chemical spills (Requirement 31865).
1.6.1.3 Participate in community safety activities and cooperate with local authorities to develop response plans to contend with natural disasters such as tornadoes, hurricanes, and floods (Requirement 31866).
1.6.1.4 Coordinate emergency planning, response, and notification activities required by Section 313 of the Emergency Planning and Community Right-To-Know Act (42 U.S.C. Section 11023) involving local jurisdictions with the appropriate NASA environmental management organization, following the procedures established in NPR 8820.3, "Pollution Prevention" (Requirement 31867).
1.6.2 Occasionally, research personnel who are neither contractors or visitors are allowed access to NASA facilities to conduct individual research under grants or cooperative agreements. These research operations must not be allowed to interfere with or damage NASA facilities or operations (Requirement 25027). If their work involves exposure to hazardous operations, the Center safety office shall require them to follow all NASA precautions and to procure protective clothing and equipment at their own expense, if needed (Requirement 31868). Also, if these personnel will be operating or using potentially hazardous NASA equipment, they must receive training and be certified as a qualified operator in accordance with Chapter 4 of this document (Requirement 31869).
The primary purpose of risk assessment is to identify and evaluate risks to support decisionmaking regarding actions to ensure safety and mission success as well as to support decisionmaking in other areas, such as selection of contract type, development of fee incentives and surveillance plans, and information security. The decision (based on all relevant factors) to accept a hazard with its associated risk is a line management responsibility but will require coordination with the cognizant safety official (Requirement 25028). In all cases, when a decision is made to accept a hazard with its associated risk, that decision will be communicated to the next higher management level for review (Requirement 31870). The probability of a mishap coupled with the severity of the possible consequences should be a major consideration in that decision. This is discussed in detail in paragraph 3.5.
Risk assessment analysis should use the simplest methods that adequately characterize the probability and severity of undesired events. Qualitative methods that characterize hazards and failure modes should be used first. Quantitative methods should be used when qualitative methods do not provide an adequate understanding of failure causes, probability of undesired events, or the consequences of hazards or potential failures.
Systems shall be designed to preclude the occurrence of a hazard or to negate or reduce the effect of a hazard that cannot be eliminated (Requirement 25029). (See Chapter 3 for hazard reduction priority.) The level of protection required is a function of the hazard severity and probability, and may be achieved by a combination of availability, reliability, maintainability (restorability), and redundancy (Requirement 31871). Protection levels must include consideration for the possibility of operator error (Requirement 31872).
1.8.1 Failure Tolerance. Safety critical operations that control or are applied to a condition, event, signal, process, or item of which proper recognition, control, performance, or tolerance are essential to safe system operation, use, or function, shall be designed such that the operation or function is assured (Requirement 25030). Design for failure tolerance is driven by system probability of failure requirements in conjunction with incorporation of the proper levels of redundancy. Where there is sufficient time between a failure and the manifestation of its effect, design for restoration to safe operation using spares, procedures, or maintenance may be used as an alternative means of achieving failure tolerance. Where there is not sufficient time for recovery, functional redundancy must be provided (Requirement 31873).
1.8.1.1 An assessment of the probability of failure to provide the function and the estimated time to restore the function shall be used to specify the safety attributes of the design or operation where loss of life, serious injury, or catastrophic system loss is at risk (Requirement 25214). The probability of failure shall be demonstrated to a lower confidence level of 95 percent in concert with a demonstrated mean time to restore (where appropriate) not greater than 50 percent of the estimated time to repair (Requirement 31874). The time-to-repair estimate shall include the combination of the active time to repair and the logistics or administrative downtime that affects the ease or rapidity of achieving full restoration of the failed function (Requirement 31875). In the event where adequate demonstration data cannot be obtained directly to meet the required confidence limits, alternate methods of assuring a satisfactory level of risk must be proposed by the supplier and approved by the customer (Requirement 31876).
1.8.1.2 Use of redundancy to achieve failure tolerance requires specification of acceptable reliability and sufficient redundancy to tolerate two failures or operator errors (either fail-operational or fail-safe) where loss of life or mission critical event could occur and tolerate one failure or operator error (fail-safe) where system loss/damage or personal injury could occur (Requirement 25215). Use of redundancy shall include a verifiable requirement that common cause failures (e.g., contamination, close proximity) do not invalidate the failure tolerance (Requirement 31877). All redundancy in safety critical functions shall be verified under operational conditions (Requirement 31878).
1.8.2 Inhibits. An operation that requires control of a condition, event, signal, process, or item of which proper recognition, performance, or tolerance is essential to safe system operation, use, or function, shall be designed such that an inadvertent or unauthorized event cannot occur (Requirement 25216). Flight critical safety operations shall require three inhibits where loss of life or mission-critical events could occur, and two inhibits where personal injury or system loss or damage could occur (Requirement 31879). All inhibits or procedures in safety critical operations shall be verified under operational conditions (Requirement 31880). This is not to be confused with the lockout/tagout program, which is a program to isolate facility system hazards.
1.8.3 Loss of functional protection shall require termination of the operation at the first stable configuration (Requirement 25031).
1.8.3.1 For systems intended to be operated by humans, rescue and escape can be valid means of life protection, and if used, shall include testing for validation, training, and demonstration (Requirement 31881).
1.8.3.2 At least a single level of protection is required to protect hardware (Requirement 31882). For high-value or high visibility systems, the program shall consider additional protection against loss (Requirement 31883). The associated decision(s) and rationale shall be documented by the program (Requirement 31884).
1.9.1 General.
In addition to normal management surveillance, competent and qualified safety personnel through safety staff assistance visits, inspections, and process verification evaluations shall formally assess the Center safety program annually (Requirement 25032). The Center's safety staff or an independent outside source may perform the formal assessments. These assessments shall perform the following:
1.9.1.1 Evaluate the effectiveness of safety program management (Requirement 31885).
1.9.1.2 Evaluate the implementation of Public Law 91-596, "The Occupational Safety and Health of 1970,"as amended; E.O. 12196, "Occupational Safety and Health Programs for Federal Employees," as amended; OSHA Regulations at 29 CFR Part 1910, "Occupational Safety and Health Standards," and other pertinent Federally mandated requirements (Requirement 31886).
1.9.1.3 Identify hazards and deficiencies in the safety program (Requirement 31887).
1.9.1.4 Evaluate the effectiveness of the abatement process (Requirement 31888).
1.9.1.5 Determine the adequacy of safety standards and procedures (Requirement 31889).
1.9.1.6 Observe compliance with safety practices (Requirement 31890).
1.9.1.7 Verify corrective actions from previous assessments (Requirement 31891).
1.9.2 Review Categories. Three types of qualitative assessments are described below.
1.9.2.1 Safety staff assistance visits are informal onsite evaluations by specialists and safety personnel who, after making spot checks and/or sampling and holding discussions with appropriate levels of management, provide assessments to the affected organization.
1.9.2.2 Safety inspections are in-depth technical reviews conducted at the working or facility level to assess the compliance with safety policies and standards that apply to the particular workplace. The safety inspection team will provide formal reports to the appropriate management level responsible for correcting the deficiencies.
1.9.2.3 Process verification examinations are documented Headquarters-level reviews performed in accordance with pre-approved subject area outlines to verify, by examination and evaluation of objective evidence, whether required safety and mission assurance program elements are in place and functioning. Although the process verification team provides a written report, specific written responses are not required. Corrective actions are documented through normal reporting processes and follow-up assessments.
The receipt of information concerning unsafe conditions, whether received through a report from an employee and verified, or as a result of a workplace inspection, will require the issuance of a Notice of Unsafe or Unhealthful Condition (NF 1390) and may require a NASA Safety and Health Hazard Abatement Form (NF 1584) or equivalent forms (Requirement 25033). These forms are available to NASA employees and contractors at ftp://ftp.hq.nasa.gov/forms/pdf/nf1390.pdf for NASA Form 1390 and ftp://ftp.hq.nasa.gov/pdf/nf1584.pdf for NASA Form 1584. Imminent danger issues will be addressed in accordance with 29 CFR Section 1960.26, "Conduct of Inspections" (Requirement 31893). (See NPR 8715.1, "NASA Safety and Health Handbook -- Occupational Safety and Health Programs," for more information.)
1.10.1 Inspection requirements vary according to the type of unsafe or unhealthful conditions that are reported.
1.10.1.1 An allegation of an imminent danger condition will require an inspection within 24 hours (Requirement 31894).
1.10.1.2 An allegation of a potentially serious condition requires an inspection within three working days (Requirement 31895).
1.10.1.3 Any allegation of other than imminent or serious safety or health conditions shall be inspected within 10 working days (Requirement 31896).
1.10.1.4 Further inspections may not be necessary if the hazardous condition(s) can be abated immediately through normal management action and prompt notification to employees and safety and health committees if the abatement is permanent.
1.10.2 Written reports/notices of safety violations shall be issued not later than 15 working days after completion of the inspection and confirmation by the inspection official (Requirement 25035). Written reports/notices for health violations shall be issued not later than 30 working days after completion of the inspection and confirmation by the inspection official (Requirement 31898).
1.10.2.1 A copy of the notice shall be sent to the supervisor in charge of the workplace, the representative of the employees, and the safety and health committee of the workplace, if any (Requirement 31899).
1.10.2.2 Upon receipt of any notice of an unsafe or unhealthful working condition, the supervisor in charge of the workplace shall post such notice (when required by the safety or health office) at or near each place where the condition exists or existed (Requirement 31900).
1.10.2.3 Each notice shall remain posted (when required) until the unsafe or unhealthful working condition has been abated or for three (3) working days, whichever is later (Requirement 31901).
1.10.3 An Abatement Plan (NF 1584 or equivalent) is required for hazards that cannot be abated within 30 days (Requirement 25036). A copy shall be provided to the safety and health committee and employee representatives as applicable (Requirement 31902). A copy must be provided to the Safety and Assurance Requirements Division if Headquarters advocacy is required to secure funding (Requirement 31903). In all cases, operations will not proceed until alternative procedures are in place to provide temporary mitigation or reduction of the risk to acceptable levels.
1.10.4 As part of the annual OSHA report to the DASHO, Centers shall send the Safety and Assurance Requirements Division a summary of all open Abatement Plans and open variances, and a listing of all Abatement Plans and variances closed during the previous reporting period (Requirement 25037). See paragraph 1.15.2.6 for more information.
1.11.1 General.
It is NASA's intent that maximum use be made of the Nation's most competent safety resources. In keeping with this philosophy, NASA may enlist consultants, interagency and interdisciplinary panels, and ad hoc committees, consisting of representatives from industry (management and union), universities, and government (management and union), to review and advise on the needs of the NASA Safety Program.
1.11.2 Aerospace Safety Advisory Panel (ASAP).
This panel was established by Public Law 90-67 to serve as a senior advisory body to the NASA Administrator. The panel reviews safety studies and operations plans referred to it, prepares reports, and advises the Administrator with respect to the hazards to proposed or existing facilities and operations. See the National Aeronautics and Space Administration Charter of the NASA Aerospace Safety Advisory Panel, November 18, 2003, for further details.
1.11.3 Operations and Engineering Panel (OEP).
This internal NASA panel reports to the Associate Administrator for Safety and Mission Assurance (AA/OSMA). The panel supports the AA/OSMA on special assignments related to facilities operations and engineering activities. The OEP evaluates processes and systems for assuring the continuing operational integrity of NASA test facilities, operations and engineering technical support systems, and problems and issues at Centers, and provides recommendations to management in these areas. The OEP also studies technical support system problem areas and develops alternate solutions or methods for arriving at a solution. See Appendix K, "Operations and Engineering Panel Charter," for further details
1.11.4 International Space Station Independent Assessment Panel (ISSIAP).
The ISSIAP was chartered in the International Space Station Management Agreement dated July 28, 1994. The ISSIAP provides an independent assessment function for AA/OSMA that encompasses the products and activities of all program participants throughout the entire life cycle of the International Space Station (ISS) program. The ISSIAP, to the maximum extent practicable, provides timely identification of program deficiencies and unacceptable risks, and makes recommendations concerning risk acceptability. The activities of the ISSIAP are complementary to the in-line safety, reliability, and quality assurance activities of the ISS program.
1.11.5 System Safety and Risk Management Assistance Committee (SSARMAC).
This committee, established by letter from the Director, Safety and Assurance and Requirements Division, in August 1997, is chartered to (1) enhance the development, review, and reengineering of system safety and risk management policies; (2) facilitate the identification and prioritization of system safety research and technology activities; (3) foster the exchange of system safety and risk management experiences and successes within NASA; and (4) serve as a forum for discussion of issues. One member or members (if separate system safety and risk management representatives are needed) will be appointed from each Center and the Jet Propulsion Laboratory.
1.11.6 The System Safety Review Panel (SSRP) is a mechanism for enhancing the Space Shuttle program (SSP) system safety management and engineering through informational interchanges, development of concepts to improve the SSP safety program, review of safety documentation, review of SSP integration and cargo integration, review of SSP element-level hazard identification and resolution activities, and recommendations to Level 2 management for hazard report disposition. See JSC NSTSPM Directive No. 110, "Space Shuttle Program (SSP) System Safety Review Panel (SSRP) Charter," for further details.
1.11.7 HEDS Assurance Board (HAB).
This board was created pursuant to the "Safety and Mission Assurance for the Human Exploration and Development of Space (HEDS) Enterprise" plan, dated April 3, 1996. Its purpose is to provide senior NASA management with timely, objective, non-advocacy assessments of program health and status and the relative safety posture of the HEDS Enterprise. The HAB assesses the work processes of the SMA community, reviews HEDS programs to ensure that proper attention is being paid to risk, and reviews the overall effectiveness of the hardware, software, and operational aspects of HEDS programs to assure safety and mission integrity. The HAB places special emphasis on the transition to the Space Flight Operations Contract and from NASA oversight to insight. The Board is chaired by the AA/OSMA, and includes the SMA directors from Johnson Space Center, Kennedy Space Center, and Marshall Space Flight Center; the Chair of the Space Flight Safety Panel; the HEDS Independent Assurance Director; and the SMA managers for the Space Shuttle program and the International Space Station program.
1.11.8 Space Flight Safety Panel.
This panel was established to promote flight safety in NASA space flight programs involving flight crews and to advise appropriate Associate Administrators on all aspects of the crewed space program that affect flight safety. See NPR 1000.3, paragraph 6.21, for further details.
1.11.9 Pre-launch Assessment Review (PAR) Panel
The PAR process is a series of incremental OSMA reviews held for each Space Shuttle mission and presented to senior SMA management. During this process, appropriate assessments are presented by program SMA personnel to certify that the SMA organizations have satisfactorily fulfilled the requirement to perform in-line assurance oversight and independent assessments of changes in risks associated with Space Shuttle hardware, software, processes, and operations. These assessments are performed to verify that the program properly addresses safety and mission assurance. The incremental PAR reviews and the readiness statements signed at the completion of the reviews relate directly to the presentation subject matter. The Certification of Flight Readiness endorsements by SMA organizations and AA/OSMA are based on results of the assessments made in support of the PAR process and the developed rationale for flight. The PAR is chartered by NSTS 22778, "Commit to Flight Assessment Review Process Operating Plan."
1.11.10 Payload Safety Review Panel.
This panel is established by the Manager, Space Shuttle Program, and the Manager, International Space Station Program, to review the flight safety aspects of Space Shuttle payloads and International Space Station experiments and cargo. The panel is responsible for conducting safety reviews as defined in NSTS/ISS 13830C, "Payload Safety Review and Data Submittal Requirements for Payloads using the Space Shuttle and International Space Station." The panel is responsible for assuring the implementation of NSTS 1700.7B, "Safety Policy and Requirements for Payloads Using the Space Transportation System," and NSTS 1700.7B Addendum, "Safety Policy and Requirements for Payloads Using the International Space Station." See JSC Policy Charter, JPC 1152.4K, "Space Shuttle Payload Safety Review Panel (PSRP)," for further details.
1.11.11 Ground Safety Review Panel.
This panel is established to review the ground safety aspects of Space Shuttle payloads and International Space Station flight hardware, experiments, and cargo. The panel is responsible for conducting safety reviews as defined in NSTS/ISS 13830C, "Payload Safety Review and Data Submittal Requirements for Payloads using the Space Shuttle and International Space Station," and SSP 30599, "Safety Review Process." The panel is responsible for assuring the implementation of KHB 1700.7, "Kennedy Space Center Payload Ground Safety Handbook." See KMI 1150.24, "Ground Safety Review Panel," for further details.
1.11.12 ISS Safety Review Panel.
This panel is established to review the safety aspects of International Space Station flight hardware during the launch, return, and on-orbit mission phases as well as the safety of any visiting vehicles. This panel is co-chaired by representatives of the Space Shuttle and International Space Station programs. The panel is responsible for conducting safety reviews as defined in SSP 30599, "Safety Review Process." The panel is responsible for assuring the implementation of SSP 50021, "Safety Requirements Document." More details can be found in the ISS Safety Review Panel Charter.
1.11.13 Ad Hoc Committees.
Center Directors and the Associate Administrator for Safety and Mission Assurance may establish ad hoc committees to provide safety oversight review of programs, projects, and other activities.
1.12.1 The Office of Safety and Mission Assurance, in close coordination with the Office of External Relations (for exchanges with the Department of Defense, intelligence agencies, and foreign entities) and in consultation with the NASA Office of General Counsel, shall establish guidelines for exchanging safety information (Requirement 25038). New and different methods and practices that may be beneficial to the NASA Safety Program should be brought to the attention of the responsible Headquarters Office by those that may encounter these practices used outside NASA.
1.12.2 Participation by NASA safety professionals in outside safety-related professional organizations is encouraged. Examples are functions and committees of the National Safety Council, National Fire Protection Association, DOD Explosive Safety Board, National Academy of Sciences, System Safety Society, Federal Agency Committee on Safety and Health (FACOSH), American Society of Safety Engineers, Field Federal Safety and Health Councils, and the Joint Army, Navy, NASA, Air Force (JANNAF) propulsion committee (and subcommittee).
1.13.1 The NASA Emergency Preparedness Plan is NASA's part of the Government program to maintain critical Government functions during national emergencies ranging in severity from fires and civil riots to a full-scale military attack on the United States. Emergency plans shall be in place, discussed with the appropriate personnel, and exercised periodically for all NASA activities so that reaction to emergency situations is rapid and effective (Requirement 25039). Such plans will cover the response to national and local emergencies, disasters, and mishaps, and the attendant communication of information.
1.13.2 NPD 8710.1, "Emergency Preparedness Program Policy," and NPR 8715.2, "NASA Emergency Preparedness Program Plan Procedural Requirements " establish NASA policy, requirements, and procedures in this regard. Center Directors are responsible for preparing their organizations to handle emergencies and disasters effectively and for developing the Center emergency plan (Requirement 25040).
The following paragraphs provide a policy overview and identify the responsibilities and the primary types of safety performance to be recognized.
1.14.1 NASA is committed to continued improvement of safety in all operations. NASA's policy is to stimulate the participation of employees in this effort. The presentation of awards is considered appropriate for recognizing outstanding safety-related performance/contributions and is an effective means of encouraging safety excellence.
1.14.2 NASA recognizes responsible individuals and organizations for the following:
1.14.2.1 Taking significant safety initiatives.
1.14.2.2 Making truly innovative safety suggestions.
1.14.2.3 Meeting major safety goals.
1.14.2.4 Making significant achievements leading to the safer and more effective use of resources or execution of NASA operations.
1.14.2.5 Encouraging and rewarding safety excellence among employees (applies to supervisors).
1.14.3 NASA safety awards shall recognize the safety achievements of NASA and other Federal Government employees supporting NASA objectives in all occupational categories and grade levels (Requirement 25041). NASA safety awards programs also may provide for the recognition of non-Government personnel (e.g., JPL employees) supporting NASA objectives.
1.14.4. The Space Flight Awareness (SFA) Employee Motivation and Recognition Program for NASA, supporting Government agencies, private industry, and international organizations, promotes safety, particularly for human space flight programs. The goal of this program is to instill in employees the need to reduce human errors and mistakes that could lead to space flight mishaps and mission failure.
Efficient communication of safety information is necessary to meet the needs of safety officials and the managers they support. This includes communications between and among operational and safety organizations. NASA safety organizations will pursue every practical means for communicating verbal and written safety management information, lessons learned, and statistics. Examples of NASA information systems are the Incident Reporting Information System (IRIS) and the Lessons Learned Information System (LLIS). Records and reports of accidents, occupational injuries, incidents, failure analyses, identified hazards, mishaps, appraisals, and like items contain information necessary for developing corrective measures and lessons learned.
1.15.1 Recordkeeping and Reporting Requirements.
NASA shall maintain detailed records of occupational injuries that are reported to OSHA in accordance with 29 CFR 1960, Subpart I, "Recordkeeping and Reporting Requirements," and NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, Investigating, and Recordkeeping" (Requirement 25043). Detailed information is provided in NPD 3810.1, "Processing Claims Under the Federal Employees Compensation Act." Safety forms and reports are retained per NPR1441.1, "NASA Records Retention Schedules."
1.15.1.1 Employees are allowed access to these data and their medical exposure records in accordance with Federal regulations (29 CFR 1960).
1.15.1.2 NASA also publishes a periodic Safety Program Status Report for internal Agency use.
1.15.2 Furnishing of Documents to NASA Headquarters.
The following documents shall be provided or made accessible (through internet web site) to the Director, Safety and Assurance Requirements Division:
1.15.2.1 Center executive safety committee or board documentation (e.g., minutes and reports) (Requirement 31904).
1.15.2.2 Results of external (such as OSHA) safety program management reviews (Requirement 31905).
1.15.2.3 Top-level Center or program safety procedure documents that implement Headquarters requirements (Requirement 31906). Electronic versions or web addresses are acceptable and should be forwarded in conjunction with the data for the annual report.
1.15.2.4 Major mishap reports as required by NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, Investigating, and Recordkeeping" (Requirement 31907).
1.15.2.5 Copies of comments sent to outside regulatory agencies (e.g., OSHA, Department of Transportation (DOT), Environmental Protection Agency (EPA)) concerning proposed rule-making that could affect the NASA Safety Program (Requirement 31908).
1.15.2.6 In conjunction with the input for the annual report, a summary of open safety abatement plans and variances and a listing of those closed during the reporting period (Requirement 31909).
1.15.2.7 Copies of safety variances granted at the Center or the program/project level (see paragraph 1.20) (Requirement 317910).
1.15.3 Safety managers will maintain an approximate census of Government and contract employees by organization or contractor company.
Safety lessons learned during the performance of management and technical functional activities or mishap or close call investigations shall be developed and disseminated to program managers and throughout NASA Centers and Headquarters by cognizant personnel to improve understanding of hazards, prevent the occurrence of accidents, and suggest better ways of implementing system safety programs (Requirement 25047). In addition to contributing appropriate information to the LLIS, safety managers will include this information in program, procurement, and Center newsletters to communicate more effectively with management. Lessons learned that indicate the need to revise source documents (e.g., policies, procedures, specifications, and standards) shall be submitted directly to the person(s) preparing the document (Requirement 31911). The LLIS will provide a library of lessons learned data for use by program managers, design engineers, operations personnel, and safety personnel. Procedures for disseminating lessons learned can be found at the following Internet address: http://llis.nasa.gov/.
The NSRS is a confidential, voluntary, and responsive safety reporting system that provides a direct channel for NASA employees and contractors to notify the Safety and Assurance Requirements Division of safety concerns. The NSRS enables safety personnel to identify safety problems and implement corrective actions independently. The nature of corrective actions may be engineering, manufacturing, administrative, procedural, or operational. All involved safety professionals having timely information about actual hazards is of the highest priority. The NSRS has been established to collect, evaluate, and communicate such information in a timely and accurate manner. It is intended to supplement, not replace, existing local hazard reporting systems when those systems do not resolve an individual's safety concerns.
Information about the NSRS and a copy of the NSRS form can be found at the following Internet address: http://www.hq.nasa.gov/office/codeq/nsrsindx.htm
The NSRS will be implemented at all NASA Centers (Requirement 25048). NASA contracting officers are encouraged to implement the NSRS program at contractor facilities by citing the NASA FAR Supplement Clause (NFS 1852.223-70). Pre-addressed postage-paid forms can be obtained at any Center Safety Office. Forms should be mailed to:
1.18.1 The goals of the Safety and Assurance Requirements Division documentation effort are to update and clarify top policy directives, separate policy from guidance, and reduce repetition and cross-linking between directives.
1.18.2 The documentation tree represents the Safety and Mission Assurance top level NASA Policy Directives, NASA Procedural Requirements, applicable NASA Technical Standards, and other top level documents in the NASA Safety Program. The Safety and Mission Assurance documentation tree is posted on the Internet at: http://www.hq.nasa.gov/office/codeq/qdoc.pdf.
1.19.1 The primary objective of the NASA safety variance policy is to define the roles of Headquarters, Centers, program managers, and safety personnel in such a way that Headquarters will maintain control over the requirements it sets while providing the Centers and program managers with the responsibility and freedom to accept risks necessary to accomplish their tasks. This is consistent with an ISO 9001 requirement of maintaining process control of services that an organization provides. It is NASA's preference to comply with requirements through an abatement process. Where this is impossible for whatever reason, then a variance may be considered.
1.19.1.1 The following definitions apply to the NASA safety variance approval policy:
a. Variance: Documented and approved permission to perform some act or operation contrary to established requirements.
b. Deviation: A documented variance that authorizes departure from a particular safety requirement that does not strictly apply or where the intent of the requirement is being met through alternate means that provide an equivalent level of safety with no additional risk. The OSHA term for deviation is alternate or supplemental standard only when it applies to OSHA requirements.
c. Waiver: A variance that authorizes departure from a specific safety requirement where a special level of risk has been documented and accepted.
d. Shall: The word "shall" indicates that the rule is mandatory. Noncompliance with a "shall" statement requires approval of a variance. Use of the word "shall" is preferred when writing mandatory NASA safety requirements; however, the words "will" and "must" are used at times to indicate mandatory requirements and have the same interpretation as "shall."
Note: Within NASA S&MA Directives (NPDs and NPRs), requirements are indicated by the word "Requirement" following a sentence. This indication designates a requirement regardless of the phrasing (shall, should, will, etc.) used. Any text not designated a requirement is for information and contextual purposes only.
e. Should: The word "should" indicates that the rule is a recommendation, the advisability of which depends on the facts in each situation. Implementation of a "should" statement is at the discretion of the local officials.
1.19.1.2 The NASA variance process does not apply to Federal and applicable State/local regulations (e.g., OSHA, Cal OSHA). Any variance of a Federal or State/local regulation must be approved by the appropriate Federal/State/local agency (e.g., NASA Alternate Safety Standard for Suspended Load Operations approved by OSHA) (Requirement 25234). The Safety and Assurance Requirements Division shall review all proposed safety variances of Federal regulations before submittal for approval (Requirement 31912).
1.19.1.3 The NASA Headquarters safety variance policy is provided in Table 1.1. It applies to all Agency safety requirements unless otherwise specified in the appropriate requirements document. Variance policies developed for specific safety programs shall follow this general policy as closely as possible (Requirement 25051).
1.19.1.4 When a variance is approved by Headquarters and is considered appropriate for use throughout the Agency, it shall be distributed as an interim change to the applicable requirements document(s) (Requirement 25052).
1.19.1.5 All requests for variance will be accompanied by documentation as to why the requirement can not be met, the risks involved, alternative means to reduce the hazard or risk, the duration of the variance, and comments from any affected employees or their representatives (if the variance affects personal safety) (Requirement 25053). Variances will normally be approved by the Safety and Assurance Requirements Division for up to 5 years. Variances approved at the Center or program level can remain in place as long as Headquarters status reporting is current.
Table 1.1 - NASA Safety Risk Acceptance and Approval Process Matrix
| Type of Document | Wording | Require-ment Specified In: |
Routing (see Note A) |
Approval Level and duration (see Note B) | After Action Reporting and Statusing Requirements |
| Federal | Policy | N/A | Through Program System Safety Manager or Center Safety Director, Center Director and NASA HQ/QS in-turn | Issuing Federal Agency | Assessed and statused annually with input for OSHA report |
| State | Policy | N/A | Through Program System Safety Manager or Center Safety Director and Center Director | Issuing State Agency | Assessed and statused annually with input for OSHA report |
| NPD | Policy | N/A | Through Program System Safety Manager or Center Safety Director and Center Director | NASA HQ IPO or Enterprise | Assessed and statused annually with input for OSHA report |
| NPR | Shall | N/A | Through Program System Safety Manager or Center Safety Director | Center Director * |
To NASA HQ/QS within 14 days and then assessed and statused annually with input for OSHA report |
| NPR | Should | N/A | Through Program System Safety Manager or Center Safety Director | Directorate level Facility Manager or Program Manager |
To NASA HQ/QS Quarterly and then assessed and statused annually with input for OSHA report |
| Standard | Shall | NPD | Through Program System Safety Manager or Center Safety Director and Center Director | NASA HQ IPO or Enterprise | Assessed and statused annually with input for OSHA report |
| Standard | Shall | NPR | Through Program System Safety Manager or Center Safety Director | Center Director * |
To NASA HQ/QS within 14 days and then statused annually with input for OSHA report |
| Standard | Should | N/A | Through Program System Safety Manager or Center Safety Director | Program or facility manager | Not required |
Note A: The lowest organizational or program level of management having responsibility to implement safety requirements (e.g. facility manager, program systems manager, first line supervisory personnel) will assess, prepare, and submit a variance request through the appropriate levels of authority to the official with final approval authority (Requirement 31913). Safety officials (both program and Center as applicable) will concur or nonconcur with the request but will not serve as the responsible approving official (Requirement 31914).
Note B: Using the guidelines of this matrix, the final approval is the responsibility of the listed manager or director who, by their position, has the authority to accept the risk. Variances approved against mandatory ("shall") requirements are valid for up to 5 years. Variances approved against advisory ("should") provisions at the directorate or program level can remain in place as long as annual assessment and reporting is maintained.
Example: A variance request to a requirement stated in an NPR (fourth row of matrix) that uses the word shall would be routed through the Center Safety Director for concurrence and approved or denied by the Center Director. A copy would then be sent to NASA HQ/QS within 14 days along with the detailed rationale for its approval and other documentation. Annual status reports will be provided to HQ/QS concurrently with the input to the annual OSHA report.
*Approval is allowed at this level if the specific requirement is not implementing Federal regulatory policy. In those cases, forward to NASA HQ/QS for variance request to applicable Federal agency.
This chapter describes the general approach for assuring that NASA contractors have effective safety and risk management programs. The chapter provides requirements for NASA officials with responsibility for assuring safety under NASA contracts
When NASA activities include contractor involvement, the NASA Safety Program must include contractors (Requirement 25054). NASA contracts must be written to hold contractors accountable for the safety of their employees, their services, and their products (as applicable) (Requirement 31915).
The contracting officer (CO) and the cognizant NASA safety official shall assure that the requirements of this NPR are included in NASA contracts (Requirement 25055). Those requirements must be coordinated with the program or project office, and other offices as needed (Requirement 31916).
2.3.1 Program and project managers shall perform the following:
a. Coordinate with the cognizant safety officials to develop and approve safety requirements and objectives for efforts to be contracted and advise CO`s of these specific safety concerns or issues related to the contract performance (Requirement 31917).
b. Develop safety requirements and objectives that are clearly delineated in the specifications (Requirement 31918). Provide specific tasks to the contracting officer for incorporation into the contract as required (Requirement 31919).
c. Tailor surveillance of contractor safety matters appropriate to the nature of the procurement (Requirement 31920). (Even a performance-based contract must have a surveillance plan) (Requirement 31921).
d. Where appropriate, include safety as an element under Mission Suitability and/or Past Performance in the Source Selection Plan (Requirement 31922).
2.3.2 CO`s shall perform the following:
a. Coordinate any matters regarding proposed deviations to safety requirements of NFS Subpart 1823.70, "Safety and Health," with the Director, Safety and Assurance Requirements Division, or his/her designated representative (Requirement 31923).
b. Establish safety performance, where appropriate, as an element to be evaluated in contracts with fee plans (Requirement 31924).
c. Require copies of Material Safety Data Sheets (MSDS) for new hazardous materials where requested by the local NASA safety office (Requirement 31925). Contractors` hazard analyses/safety risk assessment will be developed and provided to NASA for approval before the start of any hazardous deliverable work or support operations as directed by the Contracting Officer or the Contracting Officer`s Technical Representative (COTR).
2.3.3 Center safety and mission assurance officials must be familiar with the NFS (NPR 5100.4, "Federal Acquisition Regulation Supplement (NASA/FAR Supplement)"). In particular, they should be expert in Parts 1807, Acquisition Planning; 1823, Environmental, Conservation, Occupational Safety, and Drug-Free Workplace; 1842, Contract Administration; and 1846, Quality Assurance (Requirement 25058).
2.3.4 Safety and mission assurance personnel shall perform the following:
a. Participate in the development of the safety tasks and requirements in conjunction with program officials (Requirement 31926).
b. Participate in onsite visits and pre-bid conferences to ensure potential bidders understand safety provisions (Requirement 31927).
c. Assist the CO in evaluating the safety record of the prospective contractors (Requirement 32094).
d. Assist the CO as appropriate in evaluating the contractor`s performance regarding safety (Requirement 32095).
e. Assist the CO as appropriate in applying any special safety provisions to grants or cooperative agreements (see paragraph 2.7) (Requirement 32096).
2.4.1 Contracts will contain safety and mission success and risk management requirements as appropriate for design, development, fabrication, test, or operations of systems, equipment, and facilities (Requirement 25060).
2.4.2 Where appropriate, solicitations will require the submission and evaluation of safety and risk management documentation (e.g., corporate safety policies, implementation procedures, their safety performance experience, and their mishap rates by SIC codes) and draft program planning documents, such as safety and health plans, risk management plans, etc (See Chapter 3, Appendix H, and Appendix I for more information.) (Requirement 25061).
2.4.3 On a case-by-case basis and before contract performance begins, cognizant NASA Safety Officers will brief onsite contractors on local safety requirements and document these briefings (Requirement 25062). As a minimum, the briefing will include incident and accident reporting, base emergency evacuation procedures, fire reporting, medical emergency notification, hazardous material spill reporting and response, site entry/exit procedures, and hot work permit requirements (Requirement 32097). The cognizant NASA Safety Officer will also inform the onsite contractor of any adjacent NASA and other contractor operations that could pose a hazard to their operation and employees, and the CO and the cognizant safety officer shall ensure that the contract includes a provision to require the contractor to provide a written plan for mitigating those hazards (Requirement 32098).
2.4.4 Reserved
2.4.5 Reserved
2.4.6 Reserved
2.4.7 Center safety offices shall assist the program or project manager or other responsible official in implementing contractor safety surveillance and evaluation programs (Requirement 25066). The depth of insight and oversight employed will fit the extent of hazards and the importance of the program.
2.4.8 Reserved
2.4.9 Reserved
2.4.10 Reserved
2.4.11 Reserved
2.5.1 Compliance safety and health officers are persons authorized by the OSHA, U.S. Department of Labor (DOL), to conduct inspections. Federal (OSHA) or State compliance safety and health officers will be allowed on NASA Centers to review and survey contractor operations and investigate mishaps. If the State does not have a DOL-approved safety plan or the Center is under exclusive Federal jurisdiction, only Federal compliance officers shall have the right of access to NASA or contractor operations.
2.5.2 Unless exclusive Federal jurisdiction is claimed by Federal OSHA, both Federal and State OSHA investigators will be allowed to investigate a contractor mishap occurring on a NASA Center. The Safety and Assurance Requirements Division or the Occupational Health Division as applicable and the DASHO shall be notified of OSHA`s (Federal or State) impending investigation and shall be provided the results of their investigation (Requirement 32100).
Under the Occupational Safety and Health Act of 1970 (P.L. 91-596), as amended, an employer is responsible for providing employees with safe working conditions regardless of where the employees are working (Requirement 25072). Therefore, it is the contractor`s responsibility to submit a timely reply to any OSHA citation it receives. The contractor is responsible for settling citations issued against the operation unless specifically addressed in the contract.
A "special safety condition" addressing safety should be included in grants and cooperative agreements when performance involves NASA facilities, Government-Furnished Equipment (GFE), or hazardous or energetic materials or chemicals that may pose a significant safety or health risk when used. Program offices that select research projects that could contain possible safety issues shall identify the need for a safety special condition to be included in the grant or cooperative agreement award document (Requirement 25073). The special safety condition shall include the provision that all applicable OSHA requirements, host institution, and general industry accepted practices shall be followed during the research to eliminate or control the risks associated with the grant or cooperative agreement (Requirement 32101).
This chapter establishes procedures for the implementation of system safety processes to ensure the identification and reduction of program safety risks to an acceptable level to enhance mission success.
3.2.1 For simplicity, "programs" shall be interpreted to include programs, projects, and acquisitions (Requirement 25242). When the work is performed in-house at NASA, the term Contractor shall be interpreted to apply to the in-house activity (Requirement 32102).
3.2.2 NASA requires system safety tasks for systems acquisitions, in-house developments, facility design/modifications, and Agency operations and activities (Requirement 25243). For joint ventures between NASA and other parties including commercial services, interagency efforts, and international partnerships, application of these practices shall be as specified in related contracts, memoranda of understanding, NPDs, or other documents, and will consider the degree of NASA responsibility in the venture (Requirement 32103).
3.2.3 The program/project manager, in conjunction with the local safety and mission assurance organization, shall determine minimum mission success criteria (Requirement 25074). He or she will then determine the degree to which specific procedures and requirements contained in this chapter are implemented. They shall consider the potential for personnel injury, mission failure, equipment loss or facility damage, or property damage, the impact to cost and schedule, and the visibility of the program to the public (Requirement 32104). The process is called "tailoring." The final mission success planning activity will be documented and approved as an element of the risk management planning portion of the program plan. A safety plan may be requested as a separate document. A sample format is shown in Appendix H. (See NPR 7120.5, "Program and Project Management Process and Requirements," paragraph 4.5.1.2.)
3.2.4 Tailored system safety activities shall be planned and documented during the formulation phase for the following:
a. Aeronautical systems (Requirement 32105).
b. Human crewed and robotic space flight systems (Requirement 32106).
c. Payloads (spacecraft, internal and external payloads, and experiments flown on aircraft, Space Shuttles, International Space Station, Expendable Launch Vehicles (ELV`s), balloons, and sounding rockets) (Requirement 32107).
d. Major facilities acquisition programs (Requirement 32108).
e. Support equipment, including ground and airborne, test, maintenance, and training equipment (Requirement 32109).
f. Related safety-critical software (Requirement 32110).
3.2.5 A systematic approach to safety should also be applied to operations and supporting activities including construction, fabrication and manufacture, experimentation and test, packaging and transportation, storage, checkout, launch, flight, use, reentry, retrieval and disassembly, maintenance and refurbishment, modification, and disposal.
3.2.6 Programs with existing approved system safety tasks containing adequate definition of the risk assessment and management process are not required to comply with any new requirements of this chapter, but any changes made in their system safety task must comply with this chapter (Requirement 25077). This chapter shall not supersede or prevent the application of more stringent requirements imposed by programs (Requirement 32111).
The principal objective of a system safety activity is to provide for an organized, disciplined approach to the early identification and resolution of hazards impacting personnel, hardware, or mission success to a level as low as reasonably achievable (ALARA). The system safety activity will use the 5-step risk management approach shown in figure 3.1. (See NPR7120.5, "Program and Project Management Process and Requirements," paragraph 4.2.) The five steps of the risk management approach are as follows:
3.3.1 Identify and document the system safety and mission success risks (hazards) early in the program and continue to update the status of these risks and any newly identified risks through out the program or project.
Figure 3.1 Continuous Risk Management Process
3.3.2 Analyze the risks (hazards) for probability, impact/severity, and time frame. When that is complete, prioritize the risks.
3.3.3 Plan what should be done to eliminate or reduce the risks, and provide the planning and decisionmaking documentation to the appropriate levels of program management for a decision to eliminate, further reduce, or accept the risk. Institute hazard mitigation (corrective) actions.
3.3.4 Track the results of the corrective actions and continue to verify and validate their effectiveness.
3.3.5 Control or change the corrective action plans based on the effectiveness of the mitigation actions.
Hazards will be mitigated according to the following stated order of precedence: (Requirement 25079).
3.4.1 Eliminate hazards.
3.4.2 Design for minimum hazards.
3.4.3 Incorporate safety devices.
3.4.4 Provide caution and warning devices.
3.4.5 Develop administrative procedures and training.
(Note 1: Providing protective clothing and equipment is considered an administrative procedure.)
(Note 2: Some hazards may require the combination of several of these approaches to mitigation.)
3.5.1 Program/project managers (or equivalent) shall do the following:
3.5.1.1 Implement a tailored system safety and mission success activity based on the loss potential of the program and provide adequate resources to achieve the safety objectives (Requirement 25080). Depending upon complexity, a program will typically budget 3 to 5 percent of direct engineering and operations staff hours to support safety and mission assurance requirements.
3.5.1.2 Assign a System Safety Manager (SSM) (e.g., product assurance manager, flight safety manager, or flight assurance manager), in coordination with the Center Safety and Mission Assurance (SMA) Director, to have specific responsibility for executing the system safety tasks within the project (Requirement 25081). The onsite SSM will report to the program/project manager for program direction and to the Center SMA Director for policy and functional direction.
3.5.1.3 Implement and maintain the system safety and mission success planning portion of the risk management activity of the program plan with guidance and assistance from the local SMA organization (Requirement 25082). A separate stand-alone safety plan may be requested.
3.5.1.4 Ensure that system safety analyses appropriate to program complexity have been conducted (Requirement 25083). These analyses must include early interaction with the engineering, integration, and operations functions to ensure all hazards are identified and documented (Requirement 32112). The NASA Lessons Learned Information System (LLIS) will be used to supplement the normal program hazard assessment process.
3.5.1.5 Perform system safety and mission success reviews of the program (Requirement 25084). The greater the potential risks (e.g. complexity or visibility of the programs), the greater the independence and formality of the review required. Major programs such as the Space Shuttle or the International Space Station will have dedicated independent assessment activities (Requirement 32113).
3.5.1.6 Establish a formal, closed loop, risk acceptance process to identify and track program hazards with residual risk (Requirement 25085). Ensure residual risks are accepted in writing (Requirement 32114). Regardless of the size of the program, only the program/project manager or system acquisition manager is permitted to accept residual critical and catastrophic safety risks. A sample format for risk identification, assessment, and approval is in Appendix E. In all cases, where a decision is made to accept a risk, that decision will be coordinated with the governing SMA organization and communicated to the next higher level of management for review (Requirement 32115).
3.5.1.7 Issue program directives, specifications, and standards that provide uniform and systematic application of safety policy and requirements (Requirement 5086).
3.5.1.8 Assign sufficient numbers of personnel of appropriate experience and skills to perform system safety tasks (Requirement 25087). Provide training when necessary (Requirement 32116).
3.5.2 Assigned system safety managers shall do the following:
3.5.2.1 Possess appropriate technical and managerial training and expertise for conducting an effective safety process (Requirement 32117).
3.5.2.2 Advise the program/project manager regarding NASA requirements for and status of the tailored system safety task (Requirement 25089).
b. Organize the system safety effort to ensure maximum effectiveness in interacting with engineering, operations, integration, and program management (Requirement 32119).
c. Ensure specific safety requirements are integrated into overall programmatic requirements, and are reflected in applicable specifications and planning documents (Requirement 32120).
d. Determine which required hazard analysis tools and techniques (see Appendix D) will be used to ensure compliance with NASA and program safety policy and directives and when they will be used to produce safety and mission assurance documentation (Requirement 32121). Ensure the selected tools and techniques are used in an iterative process to identify all program hazards, causes, detailed control requirements, and control verifications (Requirement 32122).
e. Determine reporting requirements for all levels of the originating organization to support the system safety task (i.e., contractor, element, or NASA organization) (Requirement 32123). Establish criteria for submittal (milestone, periodic, event), format, and distribution, and ensure the program provides for submittal of the required reports (Requirement 32124).
f. Assist the program/project manager in documenting and communicating the acceptance of risks (Requirement 32125).
3.5.2.4 Conduct periodic independent reviews of the system safety tasks keyed to program milestones (Requirement 25091).
3.5.2.5 Assist and support independent review groups chartered to provide independent assessment of the program (Requirement 25092).
3.5.2.6 Maintain an up-to-date database of identified hazards throughout the life of the program (Requirement 25093).
3.5.2.7 Maintain the appropriate safety oversight or insight of the program tests, operations, or activities at a level consistent with mishap potential for the life of the program (Requirement 25094).
3.5.2.8 Establish an independent safety reporting path (see NPD 8700.1, "NASA Policy for Safety and Mission Success") to keep the OSMA apprised of the system safety status, particularly regarding problem areas that may require assistance from Headquarters (Requirement 25095).
3.5.2.9 Support the OSMA independent safety assessment process (e.g., Space Shuttle Pre-launch Assessment Reviews, International Space Station Design and Assessment Reviews) to determine readiness to conduct tests and operations having significant levels of safety risks, and provide real-time safety assessments to the OSMA, when appropriate, while tests and operations are in progress (Requirement 25096).
The hazard assessment process is a principal factor in the understanding and management of technical risk. Hazards are identified and resultant risks are assessed by considering probability of occurrence and severity of consequence. Risk may be assessed qualitatively or quantitatively. System safety is an integral part of the overall program risk management decision process. A sample format to document the risk process is provided in Appendix E.
3.6.1 Risk Assessment Code (RAC). The RAC is a numerical expression of comparative risk determined by an evaluation of both the potential severity of a condition and the probability of its occurrence. RAC`s are assigned a number from 1 to 7 in a risk matrix (see figure 3.2.). The RAC number will serve as a means to prioritize corrective actions, e.g., RAC 1 is unacceptable and mitigation actions must be taken immediately or operations terminated, RAC 2`s must be addressed before RAC 3`s, etc. (Requirement 25246). Differences between higher number RAC`s (beyond 4) probably cannot be discerned due to low risk levels. The cognizant safety and program officials may approve variations to the matrix.
3.6.1.1 Severity is an assessment of the worst potential consequence, defined by degree of injury or property damage, which could occur. The severity classifications are defined as follows:
Class I - Catastrophic - A condition that may cause death or permanently disabling injury, facility destruction on the ground, or loss of crew, major systems, or vehicle during the mission.
Class II - Critical - A condition that may cause severe injury or occupational illness, or major property damage to facilities, systems, equipment, or flight hardware.
Class III - Moderate - A condition that may cause minor injury or occupational illness, or minor property damage to facilities, systems, equipment, or flight hardware.
Class IV - Negligible - A condition that could cause the need for minor first aid treatment though would not adversely affect personal safety or health. A condition that subjects facilities, equipment, or flight hardware to more than normal wear and tear.
3.6.1.2 Probability is the likelihood that an identified hazard will result in a mishap, based on an assessment of such factors as location, exposure in terms of cycles or hours of operation, and affected population. The following is an example of Probability Estimation:
A - Likely to occur immediately. (X > 10-1 )
B - Probably will occur in time. (10-1> X > 10-2 )
C - May occur in time. (10-2>X > 10-3 )
D - Unlikely to occur. (10-3>X > 10-6 )
E - Improbable to occur. (10-6>X)
(derived from Mil Std 882-System Safety Program Requirements)
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 3.2 Risk Assessment Code Matrix
(See paragraph 3.6.1 for RAC usage.)
As presented in figure 3.3, the hazard assessment process begins in the formulation stage and continues, in varying degrees, throughout the program`s life cycle. This involvement begins with the early design concepts. The system safety and mission success hazard analysis effort shall be a continuing and iterative process influencing the system in a manner which manages risk as the design progresses and matures (Requirement 25097).
3.8.1 System safety analyses provide a means to systematically and objectively identify hazards, determine their risk level, and suggest the mechanism for their elimination or control. This iterative process begins in the conceptual phase and extends throughout the life cycle including disposal. The extent and depth of analysis required to meet the following five functions will be determined by system complexity and loss potential. Functions supported by the analyses include the following:
3.8.1.1 Providing the foundation for the development of safety criteria and requirements.
3.8.1.2 Determining whether and how the safety criteria and requirements provided to engineering have been included in the design.
3.8.1.3 Determining whether the safety criteria and requirements created for design and operations have provided an acceptable level of risk for the system.
3.8.1.4 Providing a roadmap (or methodology) for the development of safety goals and mission success criteria.
3.8.1.5 Providing a means for demonstrating that safety goals have been met.
3.8.2 During the hazard identification process, it is essential to remain non-judgmental about the associated probability, severity, and corrective action. Once identified, hazards are ranked by severity, probability of occurrence, and program impact (risk assessment). Sufficient analyses are performed to assess the likelihood of occurrence (usually qualitative for early assessments) for each undesired event identified.
3.8.3 There are several types of analyses necessary to identify all the hazards, some of which are specialized and others which, as designs mature, build on previously accomplished analyses.
3.8.3.1 The first safety analysis is the Preliminary Hazard Analysis (PHA), which shall be performed early (Requirement 32126). Other primary analyses shall include the Subsystem Hazard Analysis (SSHA), Component Level Fault Tree Analysis (FTA), Software Hazard Analysis (SWHA) (see NASA Standard 8719.13A, "Software Safety," for more information), System Hazard Analysis (SHA), Operating and Support Hazard Analysis (O&SHA), Job Hazard Analysis (JHA), Human Factors Engineering Analysis, the Safety Requirements Compliance Matrix, and Integrated Hazard Analysis (IHA), unless otherwise indicated by the PHA (Requirement 32127). Data from these analyses can be used to offer recommendations to reduce risks.
3.8.3.2 The hazard analyses should use data developed by other types of analyses when available, such as the Failure Modes and Effects Analysis/Critical Items Lists (FMEA/CIL), Operations Analysis, Human Factors Engineering Analysis, and Maintainability Analysis. The safety analyst may have to develop specific, limited data to support the hazard analyses if the other analyses are not performed. FMEA/CIL analyses support, but are not an alternative to, the system safety analyses in paragraph 3.8.3.1. See Appendix D for further information on these analysis processes and techniques.
The program/project manager or his designated agent shall conduct one or more system safety and mission success reviews depending on the complexity of the system (Requirement 25099). These reviews may be in conjunction with other program milestones. The purpose of these reviews is to evaluate the status of hazard analyses, residual risks, hazard controls, verification techniques technical safety requirements, and program implementation throughout all the phases of the system life cycle. These reviews shall focus on the evaluation of management and technical documentation and the safety residual risks remaining in the program at that stage of development (Requirement 32129).
3.10.1 The system safety task requires creation and maintenance of documentation that provides ready traceability from the baseline safety requirements, criteria, and effort planned in the conceptual phases through the life cycle of the program. All pertinent details of the hazard analysis and review shall be traceable from the initial identification of the hazard through its resolution and any updates, using the continuous risk management approach, until such time in the program as it is no longer applicable (Requirement 25100). Records shall be maintained per NPR1441.1, "NASA Records Retention Schedules" (Requirement 32130).
3.10.2 The SSM shall submit a report to management at each milestone (formulation, evaluation, implementation, or other equivalent milestones (PDR, CDR, DCR, and FRR, etc.)) detailing the results of the safety assessment to document the status of system safety tasks required by the program (Requirement 25101). In the report, the safety analyst shall do the following:
3.10.2.1 List residual risks baselined and potential risks that have yet to be resolved (Requirement 32132).
3.10.2.2 Document management and technical changes that affect the established safety baseline (Requirement 32133).
3.10.2.3 Document and verify adequate resolution of the hazards and obtain written acceptance of the risk from the program/project manager to complete the audit trail (Requirement 32134).
Systems are changed during their life to enhance capabilities, provide more efficient operation, and incorporate new technology. With each change, the original safety aspects of the system could be impacted, either increasing or reducing the risk. Any aspect of controlling a hazard could be weakened, new hazards could be created, or conversely, hazards could be eliminated. Even a change that appears inconsequential could have significant impact on the baseline risk of the system. Accordingly, proposed system changes should be subjected to a safety review or analysis as appropriate to assess the safety impact. HR`s will be updated when required to show any identified risk change (Requirement 25102). Each change initiator shall ensure that safety personnel assess the potential safety impact of the proposed change and any changes to the baseline risk (Requirement 32137). Changes proposed to correct a safety problem shall also be analyzed to determine the amount of safety improvement (or detriment) that would actually result from incorporation of the change (Requirement 32138). There shall be a documented statement of safety impact for every change that is proposed to a program baseline (even if the statement is "No Impact) (Requirement 32139).
Training must be provided to assist managers/supervisors and employees in their specific roles and responsibilities in the safety programs (Requirement 25103). Executive Order 12196, "Occupational Safety and Health Programs for Federal Employees," dated February 26, 1980, and 29 CFR 1960 (Subpart H) require that NASA establish comprehensive safety training programs. See NPG 8715.1, "Safety and Health Handbook - Occupational Safety and Health Programs."
This chapter describes the requirements for establishing safety training programs and minimum training certification levels necessary for personnel involved in potentially hazardous NASA operations. Much of this training is available on the Internet through the Site for On-line Learning and Resources (SOLAR) at: http://solar.msfc.nasa.gov. Instructor-based courses are available through the NASA Safety Training Center (NSTC). The list of training courses provided by the NSTC is also located on the SOLAR website. The NSTC can be reached by telephone at (281) 244-1284. This chapter also references personnel reliability program (PRP) requirements that may be imposed for certain mission critical job functions.
4.2.1 Reserved
4.2.2 Center Training and Personnel Development Offices and Safety Offices. Center training and personnel development offices and safety offices will be jointly responsible for determining safety and certification training needs and overseeing those training efforts (Requirement 25105). Typical responsibilities are as follows:
4.2.2.1 Identification of training needs (Requirement 32140).
4.2.2.2 Identification of budget requirements for training (Requirement 32141).
4.2.2.3 Development of training courses and materials (Requirement 32142).
4.2.2.4 Assurance that training records reflect employee safety training (Requirement 32143).
4.2.3 Center Safety Official. The Center Safety Official shall develop required safety certification programs for the Center (Requirement 25106).
4.2.4 Line Organizations. Each line organization shall manage the certification program for its employees and contractors in accordance with procedures in this document (Requirement 25107).
4.2.5 Medical Office. The medical office oversees or conducts the required personnel medical examinations in support of the safety certification effort and ensures compliance with Occupational Safety and Health Administration (OSHA) and other Federal, State, and local agency medical monitoring and recordkeeping requirements. The medical office shall determine the depth, scope, and frequency of medical examinations (Requirement 25108). The medical office is also responsible for medical certification in health hazard and related activities (Requirement 32144).
4.2.6 NASA Headquarters. The role of the Safety and Assurance Requirements Division is to assist its Center counterparts in ensuring that 29 CFR Part 1960 requirements are followed and that appropriate Agencywide uniformity exists in the NASA safety training program (Requirement 25109). The Safety and Assurance Requirements Division will act as a clearinghouse for information regarding available safety training courses and materials and it will develop, in conjunction with the Training and Development Division at NASA Headquarters, training courses suited to specific Agency safety needs (Requirement 32145). The Safety and Assurance Requirements Division, in conjunction with the Occupational Health Division at NASA Headquarters, will co-develop training courses and materials in areas of overlapping regulatory or programmatic responsibility (Requirement 32146).
4.3.1 A comprehensive safety training program will be formulated by each Center (Requirement 32147). Center subject matter experts will review NASA training materials at least annually and update materials as needed when regulatory agencies or changes in NASA policy documents generate technical changes (Requirement 32148). The following should be considered in developing the safety training program for all employees:
4.3.1.1 OSHA, National Fire Protection Association (NFPA), Federal Aviation Administration (FAA), Environmental Protection Agency (EPA), emergency actions and contingency responses, and other appropriate training requirements and guidelines.
4.3.1.2 Identification of employee training groups within the Center population and determination of present training levels.
4.3.1.3 Identification of specific tasks, hazardous conditions, or specialized processes and equipment encountered by employees that would require safety training, e.g., certification training, cryogenic liquid carrier driver or hazardous waste operations, etc.
4.3.1.4 For each Center, a safety training program with written training syllabi, course objectives, and lesson plans that include lesson objectives, measurable desired learning outcomes, and formal evaluation instruments.
4.3.1.5 Identification and documentation of the planned training to be given to each employee category and the intended approach (course, literature, etc.). Refer to Appendix F for a suggested sample training schedule and career development plan.
4.3.1.6 Determination of the availability of safety training resources. A lack of a specific training resource will require the development of specialized training course materials.
4.3.1.7 Published training schedules.
4.3.1.8 Review and evaluation of training needs and schedules, and revision when necessary.
4.3.1.9 Hazard recognition training.
4.3.1.10 Training for safety committee members.
4.3.2 The Center safety office will maintain a current copy of the Center Safety Training Plan (Requirement 25111).
4.3.3 Each NASA Center will annually review operations being performed at the Center to ensure that the implemented safety training program is working effectively and to identify and enter into the program all those jobs that are potentially hazardous in addition to the mandatory listing in paragraph 4.6. Employee safety committees, employee representatives, and other interested groups should be provided an opportunity to assist in the identification process.
Many NASA operations involve hazardous materials or chemicals, technology, or systems with potential hazards to life, the environment, or property. People who perform or control hazardous operations or use or transport hazardous material must possess the necessary knowledge, skill, judgment, and physical ability (if specified in the job classification) to do the job safely, and be certified to do so (Requirement 25113). The following paragraphs prescribe personnel certification requirements.
4.4.1 Exclusions.
4.4.1.1 This paragraph does not apply to personnel engaged in operations that already require skill certification by quality assurance organizations, such as soldering, brazing, crimping, potting, etc., or to personnel performing inspections using dye penetrant, magnetic particle, ultrasonic, radiograph, and magnaflux, etc.
4.4.1.2 Certification of equipment and facilities is not within the scope of this chapter but may be as important as personnel certification in relation to safety. Information concerning equipment and facilities certification for operational readiness is found in Chapters 6, 8, and 9.
4.4.1.3 This chapter shall not be used as a justification for allowing hazardous duty payments, environmental differential pay, or premium pay, nor will the fact that a job qualifies for hazardous duty pay imply that it is covered by this chapter. It has always been NASA safety policy to make all operations as safe as possible. Hazard duty pay differentials are covered in 5 CFR Part 532, "Prevailing Rate System," and 5 CFR Part 550, "Pay Administration."
4.4.2 Hazardous Operations Requiring Safety Certification.
Hazardous operation safety certification is required for those tasks that potentially have an immediate danger to the individual (death/injury to self) if not done correctly, or could create a danger to other individuals in the immediate area (death or injury), or are a danger to the environment (Requirement 32150). Detailed training and certification requirements may be found in specific NASA Standards, e.g., NASA-STD-8719.9, "NASA Safety Standard for Lifting Devices and Equipment," or NSS-1740.12, "NASA Safety Standard for Explosives, Pyrotechnics, or Propellants." Center safety officials or their designees can require additional hazardous operation safety certifications but must include the following:
4.4.2.1 Flight crew members (FAA licensing may not be sufficient) (Requirement 32151).
4.4.2.2 Firefighters (Requirement 32152).
4.4.2.3 Propellant or explosives users per NSS-1740.12 (Requirement 32153).
4.4.2.4 Propellant or explosives handlers (Requirement 32154).
4.4.2.5 Rescue personnel (Requirement 32155).
4.4.2.6 Self-contained breathing apparatus (SCBA) users (Requirement 32156).
4.4.2.7 Self-contained underwater breathing apparatus (SCUBA) users (Requirement 32157).
4.4.2.8 High-voltage electricians (Requirement 32158).
4.4.2.9 Altitude chamber operators (Requirement 32159).
4.4.2.10 High-pressure liquid/vapor/gas system operators (Requirement 32160).
4.4.2.11 Hyperbaric chamber operators (Requirement 32161).
4.4.2.12 Tank farm workers (Requirement 32162).
4.4.2.13 Wind tunnel operators (Requirement 32163).
4.4.2.14 Welders (Requirement 32164).
4.4.2.15 Laser operators/maintenance personnel (Requirement 32165).
4.4.2.16 Centrifuge operators (Requirement 32166).
4.4.2.17 Range safety officers (Requirement 32167)
4.4.2.18 Crane operators (Requirement 32168).
4.4.2.19 Riggers for hoisting operations (Requirement 32169)
4.4.2.20 Heavy equipment operators (Requirement 32170).
4.4.2.21 Confined space entry personnel (Requirement 32171).
4.4.2.22 Lockout/tagout personnelv (Requirement 32172).
4.4.3 Hazardous Materials Handlers Certification.
This safety certification is required for those individuals involved strictly with the handling, transport, or packaging of hazardous materials that will not otherwise disturb the integrity of the basic properly-packaged shipping container that holds the hazardous material (Requirement 25115). Operations that involve the reduction of palletized or otherwise combined items of packaged hazardous materials qualify as handling.
4.4.4 Certification Requirements.
All personnel engaged in potentially hazardous operations or hazardous material handling, as determined by line management or Center safety officials, will be certified as capable to operate the equipment or perform their jobs in a safe manner (Requirement 25116). All contractor personnel engaged in potentially hazardous operations or hazardous material handling shall be certified via a similar process (Requirement 32173).
4.4.4.1 For hazardous operations certification, the following is required as a minimum:
a. Physical examination as required (see paragraph 4.4.4.3) (Requirement 32175).
b. Initial training (classroom and/or on-the-job) (Requirement 32176). The level and structure of training is established according to the hazards of the job being performed.
c. Written examination (as needed) to determine adequacy and retention of training (Requirement 32177).
d. Periodic refresher training needs as determined by the Center safety official, including review of emergency response procedures (Requirement 32178).
e. Recertification period (as determined by the Center safety official, but shall not exceed a 4-year interval) (Requirement 32179).
4.4.4.2 For hazardous material handlers, the following is required as a minimum for certification:
a. Specific training in the Federal, NASA, and local rules for preparing, packaging, marking, and transporting hazardous material and/or equipment operation associated with the job (Requirement 32181). Drivers or operators of vehicles transporting hazardous materials shall be instructed in the specific hazards of the cargo or material in their vehicle and the standard emergency and first-aid procedures that should be followed in the event of a spill or exposure to the hazardous material (Requirement 32182). Training requirements can be found in Department of Labor (DOL) at 29 CFR Part 1910, "Occupational Safety and Health Standards," and Department of Transportation (DOT) regulations at 49 CFR Part 177, "Carriage by Public Highway." The risk of all hazardous chemicals produced or imported shall be evaluated (Requirement 32183). Information involving this risk must be available to all employees in accordance with 29 CFR 1910.1200, "Hazard Communication," and NHS/IH-1845.3, "Hazard Communication" (Requirement 32184).
b. Written examination (as needed) to determine the adequacy and retention of the training (Requirement 32185).
c. The recertification period will be as determined by the Center safety officials in the absence of any local, State, or Federal requirements (Requirement 32186).
4.4.4.3 Unless otherwise specified, the need for physical examinations to support operator certification requirements will be as determined by the cognizant health official and will be in compliance with the applicable codes, regulations, and standards covering the occupation or environment (Requirement 32187). The need for fitness-for-duty examinations should be based on the hazardous consequences of employee`s inability to perform the job correctly due to physical or mental deficiencies.
4.4.4.4 Personnel who are hazardous-operations-safety-certified or hazardous-material-handler-certified will be identified through the issuance of a card, license, or badge (to be immediately available) or a listing on a personnel certification roster or database (Requirement 32188). The roster indicates name, date, materials or operations for which certification is valid, name of certifying official, and date of expiration (Requirement 32189).
This program is detailed in 14 CFR Part 1214. The director of each NASA installation will designate mission critical areas for the Space Shuttle and other critical systems including the International Space Station, designated Expendable Launch Vehicles, designated payloads, Shuttle Carrier Aircraft, and other designated resources that provide access to space. Personnel having unescorted access to these areas must meet the suitability, qualification, and screening provisions outlined in the CFR (Requirement 25117). Contracts which cover mission critical operations or areas will reference NFS 1852.246-70, "Mission Critical Space System Personnel Reliability Program."
5.1.1 This chapter provides internal NASA procedural requirements for characterizing and reporting potential risks associated with a planned launch of radioactive materials into space, on launch vehicles and spacecraft, during normal or abnormal flight conditions. Procedures and levels of review and analysis required for nuclear launch safety approval vary with the quantity of radioactive material planned for use and the perceived and potential risk to the general public and the environment.
5.1.2 An analysis or evaluation may be required in accordance with paragraph 9 of Presidential Directive/National Security Council Memorandum Number 25 (PD/NSC-25), "Scientific or Technological Experiments with Possible Large-Scale Adverse Environmental Effects and Launch of Nuclear Systems into Space," dated December 14, 1977, as revised on May 8, 1996, in obtaining nuclear launch safety approval. Guidance on procedures, requirements, or licensing details for using, storing, shipping, or handling radioactive materials in ground processing facilities or activities or in preparation for space uses is not included in this chapter. (See paragraph 6.1.10.) The tracking of radiation exposures to workers is also not included in this chapter.
5.1.3 NASA missions involving the launch of radioactive materials must also comply with the provisions of the National Environmental Policy Act of 1969 (42 U.S.C. 4321 et seq.), following the policy and procedures contained in 14 CFR Subpart 1216.3, "Procedures for Implementing the National Environmental Policy Act (NEPA)," NPR 8580.1, "Implementating the National Environmental Policy Act, and Executive Order 12114" (Requirement 25118).
5.2.1 Compliance with space nuclear launch safety processes is the responsibility of senior NASA officials involved with the control and processing of radioactive materials for launch into space (Requirement 25119). Acceptability of the potential risk of launching and use of nuclear materials in space is determined by the NASA Administrator or designee, as appropriate (Requirement 32190).
5.2.2 Basic designs of vehicles, spacecraft, and systems utilizing radioactive materials should provide protection to the public, the environment, and users such that radiation doses resulting from exposures to the radiation sources are as low as reasonably achievable (ALARA). Nuclear safety considerations shall be incorporated from the initial design stages throughout all project stages to ensure the overall mission radiological health risk is acceptable (Requirement 25120).
5.2.3 All space flight equipment (including medical and other experimental uses) that contain or use radioactive materials shall be identified and analyzed (per paragraph 5.4) to identify the degree of introduced radiological risk (Requirement 25121).
5.2.4 NASA shall develop or ensure development of site-specific ground operations and radiological contingency plans commensurate with the risk represented by the planned launch of nuclear materials (Requirement 25122). Contingency planning, as required by the Federal Radiological Emergency Response Plan, will include provisions for emergency response, including support for source recovery efforts (Requirement 32191). NPD 8710.1, "Emergency Preparedness Program Policy," and NPR 8715.2, "NASA Emergency Preparedness Plan Procedural Requirements," address the NASA emergency preparedness policy and program requirements.
5.2.5 NASA shall apply the range safety requirements, with regard to safe launching of radioactive materials, specified in range safety standards (Requirement 25123).
5.3.1 The Office of Safety and Mission Assurance (OSMA) shall do the following:
5.3.1.1 Ensure that launches of radioactive materials are approved in accordance with paragraph 9 of PD/NSC-25, as applicable (Requirement 32192).
5.3.1.2 Assist in the reviews or evaluations of nuclear safety (Requirement 32193).
5.3.1.3 Reserved.
5.3.1.4 Reserved.
5.3.1.5 Prepare, coordinate, and provide the required notification of planned launches of radioactive materials to the Executive Office of the President, Office of Science and Technology Policy (OSTP) (Requirement 32196).
5.3.1.6 Designate a Nuclear Flight Safety Assurance Manager (NFSAM), and, after a request by the program or mission office, designate a NASA coordinator to support each empanelled ad hoc Interagency Nuclear Safety Review Panel (INSRP); and provide for the support to assist the program/project offices in meeting the required nuclear launch safety analysis/evaluation (Requirement 32197). Appointment of the NFSAM and INSRP coordinator(s) requires the concurrence of the affected Strategic Enterprise(s) (Requirement 32198). In appropriate circumstances, the NFSAM and NASA INSRP coordinator(s) may be separate individuals.
5.3.1.7 Review all radiological contingency and emergency planning as part of the OSMA Compliance Verification Process to ensure complicance with PD/NSC-25 (Requirement 025).
5.3.2 Enterprise/program/project offices shall do the following:
5.3.2.1 Designate an individual responsible for ensuring the implementation of the requirements for nuclear launch safety approval in accordance with paragraph 9 of PD/NSC-25. (Requirement 32200).
5.3.2.2 Confer with the NASA Headquarters NFSAM as soon as radioactive sources are identified for potential use on NASA spacecraft to schedule the nuclear launch safety approval activities (Requirement 32201).
5.3.2.3 Identify the amount of radioactive material and applicable process for documenting the risk represented by the use of radioactive materials planned for use on the launch in accordance with paragraph 5.4 and provide required reports in accordance with paragraph 5.5 (Requirement 32202).
5.3.2.4 Prepare or have prepared the nuclear safety analyses and obtain nuclear launch safety approval or launch concurrence or approval in accordance with paragraph 5.4 as required (Requirement 32203).
5.3.3 NASA Centers, facilities, and laboratories shall do the following:
5.3.3.1 Ensure, to the extent of responsibility applicable under defined licensing/permitting documentation or agreements, compliance with all pertinent directives, licenses, agreements, and requirements promulgated by appropriate regulatory agencies relative to the use of radioactive materials planned for a space launch (Requirement 32204).
5.3.3.2 Coordinate with appropriate program/project office(s) to ensure radioactive source reports that are submitted per paragraph 5.5.2 accurately reflect all known radioactive sources under the control of that Center which are intended for flight (Requirement 32205).
5.3.4 NASA launch and landing sites, in addition to the responsibilities of NASA Centers, facilities, and laboratories as per paragraph 5.3.3, shall perform the following:
5.3.4.1 For planned launches or landings of radioactive sources from the United States or its territories or possessions, as appropriate:
a. Develop and implement site-specific ground operations and radiological contingency plans to address potential ground handling accidents and potential launch/landing accident scenarios, and to support source recovery operations commensurate with the radioactive materials present (Requirement 32207).
b. Exercise contingency response capabilities as deemed necessary to ensure adequate readiness of participants and adequacy of planning to protect the public, site personnel, and facilities (Requirement 32208).
c. Ensure appropriate and timely coordination with regional Federal, State, territorial, and local emergency management authorities to provide for support to and coordination with offsite emergency response elements (Requirement 32209).
d. Make provisions for special offsite monitoring and assistance in recovery if radioactive materials could spread into areas outside the geographical boundaries of the launch site (Requirement 32210).
5.3.4.2 Establish a radiological control center (RADCC) for launches and landings with radioactive sources possessing a significant health or environmental risk, or having an activity of A2 mission multiple greater than 1,000 as determined per paragraph 5.4.2, or as specified in applicable interagency agreements (Requirement 32211). The RADCC will provide technical support and coordination with other Federal/State/territorial/local agencies in the case of a launch or landing accident that may result in the release of radioactive materials. The RADCC shall be staffed commensurate with the risk associated with the radioactive materials present (Requirement 32212). The RADCC shall be operational during launch and landing phases anytime there is a potential for an accident that could release radioactive material (Requirement 32213).
5.3.5 The NASA INSRP coordinator for an empanelled INSRP shall do the following:
5.3.5.1 Coordinate NASA's participation in activities required for the generation of the Safety Evaluation Report (SER) including coordination with program/project personnel to ensure adequate information is available to the INSRP (Requirement 32214).
5.3.5.2 Make arrangements for NASA employees to provide technical assistance to the INSRP (Requirement 32215). Coordinate the support needs of those selected to provide this assistance with NASA Headquarters Offices and through the NASA Center, Facility, and Laboratory Directors as may be appropriate (i.e.; travel, funding, technical) (Requirement 32216).
5.3.6 The Office of Security and Program Protection shall do the following:
5.3.6.1 Ensure appropriate coordination with the Department of Homeland Security (Federal Emergency Management Agency) to provide adequate emergency and recovery planning for all NASA missions with a threshold of 1,000 for A2 mission multiple as defined in paragraph 5.4.2 (Requirement 32194).
5.3.6.2 Ensure that radiological emergency and recovery plans are developed and ensure their implementation where NASA is the Lead Federal Aency as defined by the Natonal Response Plan - Nuclear/Radiological Incident Annex (Requirement 32195).
5.3.6.3 Upon request, provide the program manager and OSMA with mission specific information recommended for consideration in the launch or potention accident site emergency response and clean-up planning as a part of the nuclear launch approval process (Requirement 2).
5.4.1 The level of analysis, evaluation, review, and concurrence or approval required for radiological risk assessment varies with the total activity of radioactive materials planned for launch as follows:
5.4.1.1 For all planned launches of radioactive materials, the A2 mission multiple value shall be used to determine the level of assessment required. (Requirement 32217).
5.4.1.2 The NASA office responsible for the mission shall inform the NFSAM as soon as radioactive material is identified for potential use (Requirement 32218). Notification shall consist of the information contained in the report format described in paragraph 5.5.2 (Requirement 32219). This notification is required for NASA payload launches, on NASA launch vehicles, and when NASA facilities or sites are used (Requirement 32220).
5.4.1.3 If NASA participates in the launch of a vehicle or spacecraft from other countries or territories, and these vehicles or spacecraft contain a radioactive source, the program/project office shall consult with the NFSAM and the NASA Office of the General Counsel to determine what provisions, if any, of this chapter apply (Requirement 32221).
5.4.1.4 The total mission radioactive material activity shall be determined for all radioactive materials contained on the launch to calculate the total A2 mission multiple per paragraph 5.4.2 (Requirement 32222). The A2 mission multiple shall be the highest of the algebraic sum of the isotopes' A2 multiples at launch, anytime the spacecraft will be in earth orbit, or during near earth interplanetary flight (e.g., Earth Gravity Assists) (Requirement 32223).
5.4.2 Determination of A2 Mission Multiple.
The A2 multiplier for each radioactive source shall be based upon the International Atomic Energy Agency (IAEA), Safety Series Number 6, Regulations for the Safe Transport of Radioactive Material, 1985 Edition as amended in 1990, Section III, paragraphs 301 through 306, and then summed to determine the A2 mission multiple (Requirement 25130). Table I of Appendix G of this NPR contains the referenced IAEA document section which tabulates the A2 values for specific isotopes and forms of radioactive material. Except as noted, for radioisotopes whose A2 limit in Table I is "Unlimited" or is unlisted, the value of 3.7x10-2 teraBecquerals (TBq) (1.0 Curies (Ci)) shall be used as the A2 value (Requirement 32224). Exceptions are Sm-147 which shall use 9x10-4 TBq (0.024 Ci) and Th-232 which shall use 9x10-5 TBq (0.0024 Ci) as their respective A2 values (Requirement 32225).
The A2 mission multiple shall be determined as follows:
where n represents each source or line on the reports in paragraph 5.5.2 for each radioactive material on the launch vehicle and spacecraft (Requirement 32226).
5.4.3 Paragraphs 5.4.4 through 5.4.7 describe the internal NASA nuclear launch safety process.
Table 5.1 provides a summary of the reviews.
| A2 Mission Multiple | Launch Reported to NFSAM | Launch Concurrence/ Approval by | Launch Reported to OSTP | Required Level of Review and Reports | Approval/ Concurrence |
| A2 <0.001 | Yes | NFSAM | no | Paragraph 5.5.2 Report | Concurrence letter from NFSAM |
| 0.001<A2<10 | Yes | NFSAM | yes | Paragraph 5.5.2 Report | Concurrence letter from NFSAM |
| 10<A2<500 | Yes | AA/OSMA | yes | Paragraph 5.5.2 Report, Nuclear Safety Review | Concurrence letter from AA/OSMA |
| 500<A2<1,000 | Yes | NASA Administrator | yes | Paragraphs 5.5.1, Safety Analysis Summary, and 5.5.2, Report | Approval letter from NASA Administrator |
| 1000<A2 | Yes | Executive Office of the President | yes | Paragraphs 5.5.1, Safety Analysis Summary, and 5.5.2, Report | NASA Administrator requests approval via Director OSTP |
Table 5.1. Nuclear Launch Safety Approval Summary
5.4.4 For launches with A2 mission multiples of less than 0.001 (in addition to requirements in paragraph 5.4.1), the program manager shall request nuclear launch safety concurrence in writing (Requirement 25132). The request should be submitted to the NFSAM a minimum of 4 months prior to launch. The request should be accompanied by the Radioactive Materials Report required by paragraphs 5.4.1.1 and 5.5.2. The NFSAM will review the report and will inform the program manager in writing of concurrence/non-concurrence and any safety concerns not less than 2 months prior to launch (Requirement 32227).
5.4.5 For launches with A2 mission multiples of between 0.001 and 10 (in addition to the requirements in paragraph 5.4.1), the program manager shall request nuclear launch safety concurrence in writing (Requirement 25133). The request should be submitted to the NFSAM a minimum of 4 months prior to launch. The request should be accompanied by the Radioactive Materials Report required by paragraph 5.4.1.1 and 5.5.2. The NFSAM will review the request and will inform the program manager in writing of nuclear launch safety concurrence/non-concurrence (with any safety concerns) not less than 2 months prior to launch. Launches of these quantities of radioactive materials are reported quarterly to OSTP by the NFSAM (Requirement 32228).
5.4.6 For launches with A2, mission multiples of equal to or greater than 10 but less than 500 (in addition to the requirements contained in paragraph 5.4.1), the following apply:
5.4.6.1 Notification that a planned launch may contain radioactive materials in this range shall be made to the NFSAM and shall consist of the information contained in the Radioactive Materials Report required by paragraph 5.5.2, as a minimum (Requirement 25134). The report should be made as soon as the program identifies radioactive materials for potential use.
5.4.6.2 The NFSAM, in consultation with the program manager, shall make a preliminary scoping of the radiological risk to identify the extent of analyses needed as part of a pre-launch nuclear safety review (Requirement 32230). The NFSAM and the program manager shall determine a mutually agreed schedule for developing a nuclear safety review (Requirement 32231).
5.4.6.3 The program manager shall prepare or have prepared a nuclear safety review of the radiological risk of the proposed mission (Requirement 32232). The review shall contain, as a minimum, the following:
a. The report described in paragraph 5.5.2 (Requirement 32233).
b. Program excerpts describing the mission (Requirement 32234).
c. Probability of launch and in-flight accidents which could result in release of radioactive materials on the Earth (Requirement 32235).
d. Reasonable upper bound of health and environmental effects due to a radioactive material release (Requirement 32236).
e. Mission-specific information recommended for consideration in the launch or potential accident site emergency response and clean-up planning (Requirement 32237).
5.4.6.4 The nuclear safety review shall be provided to the AA/OSMA along with a request for nuclear safety launch concurrence (Requirement 32238). The request should be made approximately 5 months prior to launch.
5.4.6.5 The NFSAM shall notify OSTP of the planned launch as a part of the quarterly report of planned launches (Requirement 32239).
5.4.7 For launches with A2 mission multiples of equal to or greater than 500 but less than 1,000 (in addition to the requirements contained in paragraph 5.4.1), the following apply:
5.4.7.1 Notification that a planned launch may contain radiological materials in this range shall be made to the NFSAM and shall consist of the information contained in the Radioactive Sources Report required by paragraph 5.5.2 as a minimum (Requirement 32240). The report should be made as soon as the program identifies radioactive materials for potential use (Requirement 32241).
5.4.7.2 The NFSAM shall make a preliminary assessment of the radiological risk and provide a written assessment to the program manager (Requirement 32242). The NFSAM and the program manager shall determine a mutually agreed to schedule for nuclear launch safety analyses and review activities to be conducted to support a nuclear launch safety concurrence request (Requirement 32243).
5.4.7.3 The program manager shall prepare or have prepared a Safety Analysis Summary (SAS) that, in coordination with the NFSAM, addresses the radiological risk of the proposed mission (Requirement 32244). The level of detail in the SAS will be commensurate with the radiological risk. The program is encouraged to use other program documentation to provide mission and potential accident information in the SAS. As a minimum, the SAS shall contain the following:
a. Brief descriptions of the planned mission, schedule, launch vehicle, and spacecraft to include operations while in-orbit and during near-earth flight (Requirement 32245).
b. Description of all radioactive materials, their physical state/chemical form, and quantities (Requirement 32246).
c. Brief descriptions, probabilities, and resulting consequences of launch and in-flight accidents that could result in release of radiological materials on the Earth (Requirement 32247).
d. Estimate of any health and environmental effects due to a radioactive material release (Requirement 32248).
e. Mission specific information recommended for consideration in the launch or potential accident site emergency response and clean-up planning (Requirement 32249).
5.4.7.4 The NFSAM shall review the SAS and provide timely comments to the program, in accordance with the mutually agreed schedule (Requirement 32250). Approximately 5 months before launch, the SAS shall be forwarded to the NASA Administrator by the program, with concurrence of the AA/OSMA, with a request for nuclear launch safety approval from the NASA Administrator (Requirement 32251).
5.4.7.5 The NFSAM shall notify OSTP of the planned launch as a part of the quarterly report of planned launches (Requirement 32252).
5.4.8 For launches with A2 mission multiples equal to or greater than 1000 (in addition to requirements in paragraph 5.4.1), the following apply:
5.4.8.1 Notification that a planned launch may contain radioactive materials in this range shall be made to the NFSAM and shall consist of the information contained in the Radioactive Sources Report required by paragraph 5.5.2 as a minimum (Requirement 32253). The report should be made as soon as the program identifies radioactive materials for potential use (Requirement 32254).
5.4.8.2 The program manager, in coordination with the OSMA, shall request the NASA Administrator empanel an ad hoc INSRP for that mission (Requirement 32255). INSRP empanelling should occur soon after the program identifies radioactive materials for potential use. The time required for an INSRP can be lengthy and must be factored into the program master schedule (Requirement 32256). The membership and responsibilities of the empanelled INSRP shall be in accordance with PD/NSC-25 (Requirement 32257).
5.4.8.3 The program manager shall prepare or have prepared a Safety Analysis Report (SAR) (Requirement 32258). The level of detail and content of the SAR will be commensurate with the mission radiological risk. In cases where DOE provides the radioactive material, the DOE programmatic SAR may be adopted to satisfy this requirement, in accordance with the interagency agreement(s) for specific missions. In cases where launch vehicles, configuration, and radioactive materials are similar, the program manager, in consultation with the NFSAM and the INSRP, is encouraged to use a comparative analysis based upon previous mission(s) safety analyses that bound the anticipated risk for the new mission. Where radioactive materials are being provided from multiple sources, the program manager may provide a single or multiple SAR/SAS document(s) to best meet this requirement.
5.4.8.4 The program manager is encouraged to begin coordination with the empanelled ad hoc INSRP in the early stages of mission development. The program manager should invite the INSRP to review the development of launch and mission accident scenarios, probabilities of occurrence, dispersion, specification of associated environments, and health effects via documentation and program safety reviews. The INSRP normally reviews and evaluates all program documentation associated with the radioactive material safety for completeness and defensibility. The INSRP evaluation is documented in a Safety Evaluation Report (SER). The INSRP is normally assisted in its evaluation effort by expert consultants in various specialized areas from a number of Government agencies, national laboratories, industry, and academia.
5.4.8.5 The SAR shall be delivered to the INSRP according to a schedule mutually agreed upon by the INSRP and the program manager with the understanding that a SER should be completed at least 4 months before launch (Requirement 32260). The mutually agreed upon schedule should address the planned analysis schedule, base assumptions, analysis limitations/bounds, and model descriptions associated with the SAR development. Interim reviews should be held to review all individual analyses before completion and provide evaluation status of analyses as of a given date.
5.4.8.6 The INSRP prepares a SER of the radiological risk analyzed in the SAR (Requirement 32261). The SER, along with the SAR and other related documents, are considered by the NASA Administrator before requesting nuclear launch safety approval in accordance with PD/NSC-25.
5.4.9 For any orbiting spacecraft,being resupplied or modified in which the U.S. Government is the lead (e.g.; International Space Station), a nuclear launch safety approval for a mission is required when the total onboard A2 mission multiple will exceed 10 for the orbiting spacecraft (Requirement 25137). Safety analyses and reviews shall be performed to the level of detail and launch concurrence/approval requirements defined in paragraph 5.4.7 for in-flight accidents (Requirement 32262). An INSRP shall only be required when the A2 mission multiple will exceed 1,000 per paragraph 5.4.8 (Requirement 32263).
5.5.1 Nuclear launch safety analyses (e.g., SAS, SAR) and evaluation (e.g., SER) are described in the previous paragraphs.
5.5.2 Radioactive Materials Report
The Radioactive Materials Report shall be used by NASA program/project offices and NASA Centers/facilities/laboratories to report planned launches of radioactive materials and request for nuclear launch concurrence/approval (Requirement 32265). The NFSAM shall use this report format for the quarterly report used to notify OSTP of planned launches (Requirement 32266). Figures 5.1 and 5.2 show the format for the reports for planned launch and for resupplying radioactive materials to on-orbit spacecraft. Entries shall be made for each isotope source (Requirement 32267). Isotopes of similar size, chemical form, and activity level may be combined on a single line entry.
Figure 5.2 shows the format for the report for orbiting spacecraft which are resupplied (e.g., Space Station).
| Isotope | Date Arrived On-Board | Number of Sources | Total Activity at Arrival (Ci) | IsotopeHalf-life | Activity as of Mission Start (Ci) | A2 Limit for Isotope (Ci) | Current A2 Multiple for Each Isotope Source | Remarks |
|
|
||||||||
|
|
||||||||
Figure 5.2. Radioactive Materials On-Board Report
The Activity and Radioactive Material Limits table is located in Appendix G.
This chapter establishes safety procedures for NASA's operational safety program.
The objective of this chapter is to protect the public; flight, ground, laboratory, and underwater personnel; the environment; aircraft; spacecraft; payloads; and property from operations-related safety hazards. This is not inclusive of all regulations and requirements governing operations. References are indicated liberally throughout the text for detailed or working standards, specifications, and other references.
Each Center shall adopt procedures that comply with applicable Federal, State, and local motor vehicle safety regulations (Requirement 25139).
6.3.1 Motor Vehicle Operation.
6.3.1.1 Operators of motor vehicles shall not drive a motor vehicle for a continuous period of more than 10 hours, including non-NASA driving; nor shall the combined duty period exceed 12 hours in any 24-hour period, without at least 8 consecutive hours of rest (Requirement 32269). Variation in the above policy requires documented Center safety office approval (Requirement 32270).
6.3.1.2 If operation of the vehicle involves skills beyond those associated with normal, everyday operation of private motor vehicles, formal initial training, consisting of both classroom and operational testing, shall be conducted to ensure operator proficiency (Requirement 32271). Refresher training and testing shall be accomplished periodically as determined by the Center safety office (Requirement 32272).
6.3.1.3 All NASA motor vehicles used off NASA Centers shall be inspected to the standards of the State or other jurisdiction's vehicle safety inspection requirements (Requirement 32273).
6.3.2 Seat Belts.
6.3.2.1 Federal employees will use seat belts while on official business as required in Section 1 of Executive Order (EO) 13043 of April 16, 1997, "Increasing Seat Belt Use in the United States." The EO states seat belt use is required by Federal employees operating or in any vehicle with seat belts while on Federal business (Requirement 32274). All NASA employees shall comply with this mandatory requirement while traveling on official business (Requirement 32275).
6.3.2.2 Children unable to use the seat belts will be secured in DOT-approved child safety seats (Requirement 32276).
6.3.2.3 Passengers are forbidden to be carried in the cargo area of pickup trucks, flatbeds, or special purpose equipment such as fire trucks or escape trucks unless designated occupant positions are provided (see 49 CFR Part 571) and required seat belts are provided (Requirement 32277).
6.3.2.4 All occupants of motor vehicles (so equipped) operated on NASA property, including delivery vans and trucks of all sizes, will have their seat belt properly fastened around themselves at all times the vehicle is in motion (Requirement 32278).
6.3.3 Annual Seat Belt Report.
6.3.3.1 NASA is required by EO 13043 to prepare an annual status report to the Secretary of Transportation on NASA-wide seat belt use (Requirement 32279). The report includes seat belt usage rates and statistics of crashes, injuries, and related costs involving Federal employees on official business. The Safety and Assurance Requirements Division is responsible for the preparation and submittal of the report to DOT (Requirement 32280). DOT consolidates this data into an annual status report to the President for all Federal Agencies.
6.3.3.2 The Safety and Assurance Requirements Division will coordinate data for the annual report with the Office of Institutional and Corporate Management and the Office of Health and Medical Systems. The format and submittal date for the report will be as directed each year by the Secretary of Transportation.
6.3.4 Traffic Control Devices and Markings.
American National Standard Institute (ANSI) D6.1, "Manual on Uniform Traffic Control Devices for Streets and Highways," shall be used for guidance when setting traffic control devices or marking roads for motor vehicle operations on NASA property (Requirement 25142).
6.4.1 General
Personal protective equipment (PPE) shall be issued to NASA employees at Government expense in those situations where engineering controls, management controls, or other corrective actions have not reduced the hazard to an acceptable level or where use of engineering controls, management controls, or other techniques is not feasible (Requirement 32282).
6.4.2 Procurement.
6.4.2.1 Center Directors and the Assistant Administrator for Institutional and Corporate Management are authorized to purchase PPE after the purchase request has been reviewed by safety and health professionals to determine proper specifications and adequacy of abatement. It is recommended that local safety and health committees be involved in the decision.
6.4.2.2 The authority for the purchase of PPE with appropriated funds is 5 U.S.C. 7903, "Protective Clothing and Equipment."
6.4.2.3 Only clothing and equipment meeting Federal regulations, industrial standards, or NASA special testing requirements shall be used (Requirement 32286).
6.4.3 Issuance
6.4.3.1 Accountability shall be in accordance with NPR 4200.1, "NASA Equipment Management Manual" (Requirement 32288). Transients or visitors may be furnished PPE on a temporary basis if they are on site for NASA-related business purposes or at NASA's invitation. The host, guide, or area supervisor shall be responsible for obtaining, issuing, and recovering the PPE (Requirement 32289). Other non-NASA, contractor, and non-contractor personnel must procure their own PPE to provide an equivalent level of safety as required by NASA (Requirement 32290). (See paragraph 2.4.3.)
6.4.3.2 PPE shall be provided, used, stored, and maintained, and employees trained in its use, in accordance with 29 CFR 1910.132 through 1910.137 (Requirement 32291). NASA PPE will be stocked and issued as specifically directed in NPR 4100.1, "NASA Materials Inventory Management Manual" (Requirement 32292).
6.4.4 Examples of PPE. Items which may be purchased and issued by NASA include, but are not limited to, the following:
6.4.4.1 Safety goggles and safety spectacles (plain and prescription).
6.4.4.2 Welding helmets and shields.
6.4.4.3 Safety shoes.
6.4.4.4 Steel sole and/or toe safety boots.
6.4.4.5 Aprons, suits, and gloves (e.g., fire resistant materials, leather, rubber, cotton, and synthetics).
6.4.4.6 Protective head gear (e.g., hard hats and caps, liners, helmets, and hoods).
6.4.4.7 Face shields.
6.4.4.8 Specialty items of protective nature (e.g., cryogenic handlers suits, SCAPE suits, fire fighter suits, foul weather gear, harnesses, life belts, lifelines, life nets, insulated clothing for "cold test" exposure, supplied air suits, and electrical protective devices).
6.4.4.9 Concentration alarms, toxic gas indicators, explosive gas indicators.
6.4.5 Health-related PPE. If respirators are used, Centers are required to have a formal Respiratory Protection Program (Requirement 32294). The Occupational Health Division at NASA Headquarters provides guidance for purchasing, training, selection, and qualification for use of respiratory protective devices and other health-related PPE.
NASA will meet or exceed OSHA minimum performance requirements for the control of hazardous energy as outlined in 29 CFR 1910.147 (Requirement 25144). All NASA Centers shall establish a program for controlling hazardous energy during service and maintenance operations where the unexpected energizing or startup of equipment could cause injury to employees or equipment damage (Requirement 32295). The Center programs shall comply with all aspects of 29 CFR 1910.147 for electrical, pressure, hydraulic, pneumatic, and mechanical systems as a minimum (Requirement 32296).
NASA's program for ensuring the structural integrity of pressure vessels and pressurized systems (PV/S) and minimizing the associated mishap potential is outlined in NPD 8710.5, "NASA Policy for Pressure Vessels and Pressurized Systems." This NPD assigns responsibilities for the various aspects of the program; references the codes, standards, guides, and Federal regulations that must be followed; and establishes unique NASA requirements in areas such as certification/recertification, documentation, configuration management, and operator raining/certification. The NPD also addresses flight systems qualification and acceptance.
This paragraph provides directives for protecting persons and property from electrical hazards. It applies to all NASA uses of electrical power.
6.7.1 Hazards.
Electrical systems shall be designed in accordance with the National Electric Code, MIL-STD 454, "Standard General Requirements for Electronic Equipment," or Center-specific requirements if more specific (Requirement 32297). Electrical systems shall be operated and maintained to adequately control hazards that are likely to cause death or serious physical harm or severe system damage (Requirement 32298). All electrical systems shall be reviewed by the Center's safety office for appropriate location and for proximity of ignitable or combustible material such as gas, vapor, dust, or fiber (Requirement 32322).
6.7.2 Requirements.
6.7.2.1 All electrical work deemed hazardous by job safety analysis shall be performed by personnel familiar with electrical code requirements and qualified/certified for the class of work (Requirement 32300). All persons engaged in electrical work shall be instructed in accident prevention and fully informed of the hazards involved (Requirement 32301). They shall be trained in first-aid procedures that include cardiopulmonary resuscitation (Requirement 32302).
6.7.2.2 Supervisors shall ensure that no person works alone with high voltage electricity (Requirement 32303). One person, trained to recognize the electrical hazards, shall be delegated to watch the movements of the other working personnel to warn them if they get dangerously close to live conductors or perform unsafe acts and to assist in the event of an accident (Requirement 32304).
6.7.2.3 Transformer banks or high-voltage equipment (500+ volts) shall be protected by an enclosure to prevent unauthorized access. Metallic enclosures shall be grounded (Requirement 32305). Entrances not under constant observation shall be kept locked (Requirement 32306). Signs warning of high voltage and prohibiting unauthorized entrance shall be posted at entrances and on the perimeter of the enclosure (Requirement 32307). An authorized access list of qualified personnel shall be maintained (Requirement 32308).
6.7.2.4 Where electrostatic discharge (ESD) is a significant hazard to personnel or hardware, conductive floors or other methods will be used (Requirement 32309).
This paragraph provides direction for protecting persons and property during the transportation, storage, and use of hazardous materials. Every effort shall be made to ensure complete safety and compliance with applicable Federal, State, and local laws and regulations (Requirement 25147). Hazardous material is defined by law as "a substance or materials in a quantity and form which may pose an unreasonable risk to health and safety or property when transported in commerce" (49 CFR 171.8). The Secretary of Transportation has developed a list of hazardous materials that is found in 49 CFR 172.101. At a minimum, the Federal regulations (e.g., DOT, EPA, OSHA) for transport of hazardous materials on both Federal property and public roadways shall be met (Requirement 32310). Typical hazardous materials are those that may be highly reactive, poisonous, explosive, flammable, combustible, corrosive, radioactive; produce contamination or pollution of the environment; or cause adverse health effects or unsafe conditions. For more detailed requirements, see NHS/IH-1845.3, "Hazard Communication," and NHS/IH-1845.5, "Occupational Exposure to Hazardous Chemicals in Laboratories."
6.8.1 Transporting Hazardous Material.
6.8.1.1 NASA policy for transporting hazardous material or hazardous or radiological waste is contained in NPD 6000.1, "Transportation Management."
6.8.1.2 All contractor motor vehicles, rail cars, boats, and ships covered by NASA Bill of Lading and used for transportation of hazardous material shall comply with laws regarding inspections and markings and must have passed an inspection prior to loading to ensure that the vehicle or vessel is in safe mechanical condition (Requirement 32313). The mode of transportation shall be inspected to the applicable standards of the Federal Highway Administration, U.S. Coast Guard, Department of Transportation, and Federal Railroad Administration (Requirement 32314). All vehicles transporting hazardous materials on NASA and public roadways shall display all DOT-required placards, lettering, or numbering (Requirement 32315).
6.8.1.3 Hazardous material as defined in DOT's "Hazardous Material Regulations" at 49 CFR 171.8 shall not be transported in NASA administrative aircraft (Requirement 32316). To ensure hazardous material is not inadvertently loaded on administrative aircraft, all cargo for shipment should be routed through the Center's transportation office or, if enroute, cargo should be accepted only from a certified shipper or freight forwarding agency.
6.8.2 Storage, Use, and Disposal.
Storage, use, and disposal should comply with Federal and State regulations and address the requirements for release prevention, control, countermeasures, contingency planning, and a listing of restricted/prohibited materials for purchasing and use at Centers. Inventories shall be conducted at least annually and conditions of materials in storage assessed at least monthly, and those determined to be unsuitable for use removed from active inventory (Requirement 32317).
6.8.3 Material Safety Data Sheets (MSDS).
NASA procurement activities require the referencing of 29 CFR 1910.1200 and Federal Standard 313, "Federal Standard for Preparation and Submission of Material Safety Data Sheets," as revised, in commodity specifications, purchase descriptions, purchase orders, contracts, and other purchase documents (Requirement 32318). The receiving office at each Center shall provide copies of the MSDS for receipt of such commodities to the central office responsible for maintaining the MSDS records (Requirement 32319). Magnetic disk or paper copies of all MSDS will be maintained in the work area where the material is being used or stored (Requirement 32320). See NHS/IH-1845.3, "Hazard Communication." The NASA MSDS Inventory is accessible at: http://msds.ksc.nasa.gov.
NASA hazardous operations involve materials or equipment that, if misused or mishandled, have a high potential to result in loss of life, serious injury to personnel, or damage to systems, equipment, or facilities. Adequate preparation and strict adherence to operating procedures can prevent most of these mishaps. Each Center/program will provide the following actions for hazardous operations.
6.9.1 Hazardous Operating Procedure.
6.9.1.1 Each Center shall identify hazardous operations and identify, assess, analyze, and develop adequate safety controls (Requirement 32323). Generally, all hazardous operations shall require Hazardous Operating Procedures or a Hazardous Operating Permit (HOP) (Requirement 32324). HOP's consist of a detailed plan listing step-by-step functions or tasks to be performed on a system or equipment to ensure safe and efficient operations. HOP's list special precautions, start and stop time of the operation, and the approving supervisor(s). Certain operations (e.g., rigging, high voltage, etc.) depend on adherence to overall standards and general guidelines and specific training as opposed to HOP's for each specific operation. In these cases, specific personnel certification requirements must be established as listed in Chapter 4 (Requirement 32325). Personnel other than the certified operators shall be excluded from exposure to the operation (Requirement 2326). Where the risk of injury is high, personnel shall use the buddy system whereby an adjacent or nearby person not directly exposed to the hazard serves as an observer to render assistance (Requirement 32327).
6.9.1.2 Hazardous procedures shall be marked conspicuously on the title page, e.g., THIS DOCUMENT CONTAINS HAZARDOUS OPERATIONS, to alert operators that strict adherence to the procedural steps and safety and health precautions contained therein is required to ensure the safety and health of personnel and equipment (Requirement 32328).
6.9.1.3 All HOP's developed at NASA sites or for NASA operations shall have a concurrence from the responsible development official and an approval signature to certify that a review has been performed by the cognizant NASA or contractor safety representative as applicable (Requirement 32329). Deviations or changes to HOP's also require the approval of the cognizant NASA or contractor safety office (Requirement 32330). If approved by the contractor, a copy should be forwarded to the appropriate local NASA safety office for informational purposes.
6.9.2 Personnel Certification.
Personnel who certify individuals to perform or control hazardous operations, or to use or transport hazardous material, must ensure the individuals possess the necessary knowledge, skill, judgment, and physical ability to do the job in a safe and healthful manner (Requirement 32331). See Chapter 4 for Hazardous Operations Safety Certification.
This paragraph provides guidance for protecting persons and property in a laboratory environment. For the purposes of this document, a laboratory is a facility in which experimentation, testing, and analysis are performed on human subjects, organisms, biological and other physical materials, substances, and equipment (including ioinstrumentation). Included also are certain equipment, repair, and calibration operations, and processing of materials.
6.10.1 Design Requirements.
6.10.1.1 Design of laboratories will incorporate the requirements of the applicable State and Federal codes required for the individual Center, e.g., building, electrical, fire protection for laboratory facilities. Escape routes shall be provided, designed, and marked in accordance with the National Fire Protection Association (NFPA) 101, "Life Safety Code" (Requirement 32333). Occupational safety and health considerations such as ventilation, shower stalls, and eye wash stations shall be included in the design where applicable (Requirement 32334). For facility acquisition and construction safety guidance, see Chapter 8.
6.10.1.2 Areas with significant quantities of flammable, combustible, corrosive, and toxic liquids, solids, or gases shall be protected in accordance with the applicable provisions of NFPA 45, "Fire Protection for Laboratories Using Chemicals," as modified below (Requirement 32335). Laboratories not using or fitting the above chemical classification, yet housing unique, mission-critical, or high-value research equipment, shall conform to the provisions of NASA-STD 8719.11, "NASA Safety Standard for Fire Protection" (Requirement 32336).
6.10.1.3 Special facilities to ensure the integrity of both terrestrial environments and biological samples returned from space should be considered in the design of the laboratory if applicable.
6.10.1.4 Additional considerations shall be the biohazards resulting from use or handling of biological materials such as infectious microorganisms, viruses, medical waste, or genetically engineered organisms (Requirement 32338). See OSHA Standard 29 CFR 1910.1030, "Bloodborne Pathogens," for additional details.
6.10.2 Chemical and Hazardous Materials.
In addition to pertinent safety requirements found elsewhere in this document, the following requirements are specifically applicable to laboratories.
6.10.2.1 Laboratories meeting the definition as described in 29 CFR 1910.1450, "Occupational Exposure to Hazardous Chemicals in Laboratories," shall be operated in accordance with chemical hygiene plans as stated in NHS/IH-1845.3, "Hazard Communications," and NHS/IH-1845.5, "Occupational Exposure to Hazardous Chemicals in aboratories" (Requirement 32340).
6.10.2.2 Suitable facilities for quick drenching or flushing of the eyes and body of any person exposed to injurious corrosive materials shall be provided within the work area for immediate emergency use (Requirement 32341). Body flushing of persons exposed to cryogenic liquids is not recommended by medical officials. Access to these facilities must be kept clear (Requirement 32342). Eyewashes and/or safety showers shall be located within reasonable travel distance for emergency use, depending on circumstances and configuration, but generally no more than 75 feet from the hazard source (Requirement 32343).
6.10.3 Solar Simulators.
All personnel shall wear skin and eye protection while in direct view of a bare pressurized arc lamp, whether energized or not, unless the system is locked out or tagged out for maintenance or repair (Requirement 32344).
6.10.4 Ventilation.
Assuring proper ventilation is a responsibility assigned to the occupational health program. See NPD 1800.2, "NASA Occupational Health Program."
6.10.5 Glassware.
Because some laboratory operations use a considerable amount of glassware and ceramics, necessary safeguards shall be employed to minimize personnel injury. Refer to the "Guide for Safety in the Chemical Laboratory," Manufacturing Chemists' Association, Inc., and "Handling Glassware" (Requirement 32346).
NASA shall use the standards in NASA-STD-8719.9 (formerly NSS/GO 1740.9), "NASA Lifting Devices and Equipment Manual," for protecting persons and property during lifting operations (Requirement 25150). The standard establishes minimum safety requirements for the design, testing, inspection, personnel certification, maintenance, and use of overhead and gantry cranes, mobile cranes, derricks, hoists, special hoist-supported personnel lifting devices, Hydrasets, hooks, and slings for NASA-owned and NASA contractor-supplied equipment used in support of NASA operations at NASA Centers.
NASA shall use NSS-1740.12, "NASA Safety Standard for Explosives, Propellants, and Pyrotechnics," for protecting persons and property from hazards of explosives and explosive materials, including all types of explosives, propellants (liquid and solid), oxidizers, and pyrotechnics (Requirement 25151). ASTM Manual 36 "Safe Use of Oxygen and Oxygen Systems" and NSS 1740.16, "Safety Standard for Hydrogen and Hydrogen Systems," address the requirements for working with those substances. Explosive, propellant, and pyrotechnic operations shall be conducted in a manner that exposes the minimum number of people to the smallest quantity of explosives for the shortest period consistent with the operation being conducted (Requirement 32349). An Authority Having Jurisdiction (AHJ) for Explosives, Propellant, and Pyrotechnic operations will be designated in writing by the Center Director (Requirement 32350). For specific responsibilities of the AHJ, refer to NSS 1740.12, "NASA Safety Standard for Explosives, Propellants, and Pyrotechnics."
NSS 1740.10, "Underwater Facility and Non-Open Water Operations," shall be used as the minimum standard to establish the safety requirements for all NASA neutral buoyancy facilities, equipment, personnel, and operations involving underwater activities that provide simulation of a weightless environment (Requirement 25152). This standard also applies to NASA personnel participating in underwater operations at non-NASA facilities.
This paragraph provides policy and requirements for minimizing the risk to the public, operations personnel ,(including flight crews), public property, and Government property during launch vehicle (missile) and spacecraft launch and flight operations. It also covers the subjects of NASA Headquarters safety representatives, range safety, spacecraft safety, and space debris safety.
6.14.1 NASA Headquarters Safety Representatives.
A NASA Headquarters-designated (can be delegated) safety representative supports each launch of a NASA-managed crewed or robotic launch vehicle, including orbital and other vehicles as determined or delegated by the AA/OSMA (Requirement 25154). These representatives monitor the preparations of each NASA launch vehicle and NASA payload for flight, evaluate the readiness of the vehicle and payload, and provide the appropriate NASA manager a concurrence or non-concurrence on the readiness of the vehicle and payload to begin launch and flight operations (Requirement 32347). The representatives are assigned a position on the launch operations communications network and are responsible for determining the NASA Headquarters safety concurrence with the readiness for launch and communicating that status to the appropriate person on the network (Requirement 32348).
6.14.2 Range Safety.
Paragraph 6.14.2 of this NPR was cancelled in its entirety by NPR 8715.5, Range Safety Program, effective July 8, 2005. See NPR 8715.5, Range Safety Program, for requirements for range safety.
6.14.3 Space Debris Safety.
The NASA safety policy for space debris is contained in NPD 8710.3, "NASA Policy for Limiting Orbital Debris Generation." This policy requires each program involved in spacecraft launch and/or deployment to formally assess and minimize the potential for generation of orbital debris and summarize this in a formal report to Headquarters. NSS 1740.14, "Guidelines and Assessment Procedures for Limiting Orbital Debris," may be used for both the preliminary and final assessment.
This paragraph provides direction for protecting persons and property during test operations, for both human and unoccupied or robotic tests. Testing also includes hazardous training activities and demonstrations of test hardware or procedures. The requirements stated herein apply to test facilities; test equipment located within, or attached to, test facilities; equipment being tested; test personnel; test conduct; and test documents. Additional requirements are detailed in Chapters 1 and 3 and in other paragraphs of this chapter.
6.15.1 Test Plans.
Test plans shall be developed and evaluated to ensure test performance within safe operating limits (Requirement 25163). Evaluations will address the test article, test facility, operator involvement, test conditions, potential risk to adjoining facilities and personnel, etc.
6.15.2 Safety Documentation.
Safety documentation establishes the basis for safe test conduct by means of engineering analyses (including hazard analyses calculations). Established test controls will be clearly identified in test drawings, facility drawings, test procedures, etc. The level of safety documentation required will be tailored to the risks involved with the test.
6.15.3 Test System Requirements. Personnel responsible for developing test systems must do the following:
6.15.3.1 Design test systems such that test personnel or critical test hardware are not subjected to a test environment wherein a credible single-point failure (e.g., power loss) could result in injury or loss to the critical test hardware (Requirement 32372).
6.15.3.2 Construct all systems (electrical, mechanical, pneumatic, and/or hydraulic) so that no single failure could cause a critical condition (Requirement 32373).
6.15.3.3 Ensure that software that may interface with test systems meets the requirements stated in Chapter 3 (Requirement 32374). Software by itself is not hazardous; however, when interfaced with test hardware, software could command a hazardous condition in the hardware. See NASA-STD-8719.13, "NASA Software Safety Manual," for further information.
6.15.3.4 Calibrate and certify safety-critical instrumentation before test operations and as required by test documentation or the test organization's internal procedures (Requirement 32375).
6.15.3.5 Ensure all personnel involved in tests are informed of potential hazards, safety procedures, and protective measures (Requirement 32376).
6.15.3.6 Ensure the availability of appropriate emergency medical treatment facilities (Requirement 32376).
6.15.3.7 Conduct formal reviews of those engineering designs that are complicated or potentially hazardous to facilities (Requirement 32378).
6.15.3.8 Ensure test reports include anomalies, safety implications, and lessons learned (Requirement 32379).
6.15.4 Test Readiness Review.
Test Readiness Reviews must be conducted for tests involving new or modified hardware and/or procedures. These reviews shall determine the safety, technical, and operational readiness of the test (Requirement 32381).
6.15.5 Pre-test Meeting.
A pre-test meeting must be conducted with all involved personnel to discuss the research facility, design, instrumentation, safety, and operator training and certification (Requirement 32382). The meeting should also establish the test plan, identify test constraints to ensure facility safety, and determine test article readiness.
6.15.6 Human Research Subjects.
The requirements for the protection of human research subjects are contained in NPD 7100.8B, "Protection of Human Research Subjects," and 45 CFR Part 46, "Protection of Human Subjects." In addition to the requirements regarding confined spaces cited in paragraph 6.19, crewed test systems shall meet the following criteria:
6.15.6.1 Tests involving hazardous substances, where human test subjects or test team personnel may be exposed, will be reviewed for adequacy of test team safeguards, including direct communication between the test subjects and test conductors (Requirement 32383).
6.15.6.2 For tests requiring crew participation in a pressure suit, a facility environmental control system failure or failure in the distribution system affecting one pressure-suited occupant shall not affect any other pressure-suited occupant (Requirement 32384).
6.15.6.3 A means shall exist of immediately detecting an incipient fire or other hazardous condition in each crew compartment of any test area (Requirement 32385). Automatic detection shall be provided for critical areas not suitable for visual monitoring (Requirement 32386).
6.15.6.4 Crewed test systems shall be designed for timely and unencumbered rescue of incapacitated crew members (Requirement 32387).
6.15.6.5 Software controlling crewed test systems shall be thoroughly analyzed to ensure that no command could result in death or injury to the test subjects (Requirement 32388).
6.15.6.6 Crewed test systems shall be designed to provide for manual overrides of critical software commands to ensure the safety of test subjects during any system event or test scenario (normal operation, malfunction, emergency, etc.) (Requirement 32389). Such overrides shall support safe test termination and egress of test subjects as appropriate (Requirement 32390).
6.15.6.7 Medical resources and facilities needed for response will be alerted, on-call, and immediately available as needed (Requirement 32391).
Microwave and radar protection standards are covered in various ,State regulations, national consensus standards, and Federal standards including 29 CFR 1910.97. This paragraph provides directives for protecting persons and property during laser use in NASA operations. The primary laser hazard to humans is eye and/or skin damage from direct exposure to the beam or specular reflection, and in some cases, viewing the diffuse reflection. Laser operations during any open-air laser scenario conducted on Department of Defense (DOD) controlled ranges or test facilities or by DOD personnel will use Document 316-91, "Laser Range Safety," for guidance (Requirement 25165).
6.16.1 Requirements.
6.16.1.1 21 CFR Part 1040 provides that people shall not be exposed to laser radiation in excess of the maximum permissible limits and prescribes protective measures (Requirement 32393).
6.16.1.2 NASA procedures and requirements are as follows:
a. Prevent exposure of personnel to laser radiation exceeding the permissible exposure levels (Requirement 32395). Permissible exposure levels are in ANSI Z136.1, "American National Standard for Safe Use of Laser."
b. Ensure to the maximum extent practical, hazards to personnel are eliminated, or procedures are developed and equipment provided for those hazards that cannot be eliminated by engineering design (Requirement 32396). This must occur before laser systems become operational (Requirement 32397).
c. Procure or manufacture only laser products that comply with the performance standards of 21 CFR's 1040.10 and 1040.11, unless a specific exemption is obtained from the U.S. Department of Health and Human Services, Food and Drug Administration (FDA) (Requirement 32398).
d. Ensure that laser operation conforms to the principles and requirements set forth in ANSI Z136.1, "American National Standard for Safe Use of Laser," and ANSI Z136.2, "Safe Use of Optical Fiber Communication Systems Utilizing Laser Diode and LED Sources" (Requirement 32399).
e. Ensure that any laser that can cause injury or damage has a Center-approved safety permit, test plan, or test procedure review (Requirement 32400).
6.16.1.3 Where a planned laser operation has the potential of the beam striking an orbiting craft, the program manager or designated laser radiation safety officer shall contact the laser safety clearing house to obtain a "Site Window" clearance (Requirement 32401). The clearance is obtained from the Orbital Safety Officer, U.S. Space Command/J3SOO, 1 NORAD Road, Suite 9-101, Cheyenne Mountain AFB, CO 80914-6020, Stop 4, Phone: (719) 474-3056/4404/4444.
6.16.1.4 A qualified laser radiation safety officer shall review procedures for all tests that use lasers (Requirement 32402). An individual designated/approved by the Center safety organization will be on site to monitor all laser tests (Requirement 32403).
6.16.2 Ground Operations Using Class III-B and IV Lasers.
During ground operations using Class III-B and IV lasers, users shall do the following:
6.16.2.1 Operate Class III-B and IV lasers only in controlled environments or designated areas that have no unintended reflective or transmitting surfaces (Requirement 32404).
6.16.2.2 Post the laser operations area with standard warning placards as set forth in ANSI Z136.1 and ensure, the area is isolated to prevent inadvertent entry (Requirement 32405).
6.16.2.3 Require laser goggles or other approved methods of eye protection in accordance with requirements of ANSI Z136.1 (Requirement 32406).
6.16.2.4 Keep all flammable materials/vapors away from any laser during operation unless specifically authorized by the operation/test plan (Requirement 32407).
6.16.3 Airborne Operations Using Class III-B and IV Lasers.
6.16.3.1 Program managers must identify use of Class III-B and IV lasers early in the system acquisition process and track their use during the program life cycle (Requirement 32409). A realistic application of safety engineering to laser systems can avoid or reduce the costs involved in redesign, time lost in modification, and loss of mission capability. Program managers and safety evaluators shall assess the safety aspects, compliance with safety requirements, and resolution of laser safety-related problems (Requirement 32410).
6.16.3.2 Design of laser systems for NASA aircraft and spacecraft shall include a system of interlocks to prevent inadvertent exposure to laser beam output (Requirement 32411). When a test circuit switch is provided to override the ground interlock to aid ground test operations, maintenance or service, design must preclude inadvertent operation (Requirement 32412).
6.16.3.3 The crew shall not operate the laser except in accordance with the prescribed mission profile (Requirement 32413). The craft commander shall ensure that the laser system is used in accordance with the test plan (Requirement 32414).
6.16.3.4 For long-range laser shots, program managers shall designate as large an exclusion area as practical to minimize the risk to the people outside the area (Requirement 32415). A buffer area should be added around the exclusion area. Air Force AFOSH Standard 48-12, "Health Hazard Control for Laser Operations," includes a guide for operation of lasers from aircraft. It can be used to develop the buffer zone for space-based laser shots directed at the ground. (See Range Commanders Council (RCC) Document 316-91, "Laser Range Safety.")
6.16.3.5 Program managers shall ensure a hazard evaluation and written safety precautions are completed prior to airborne laser operations (Requirement 32416). Hazard analysis shall consider catastrophic events and the need for very reliable, high-speed laser shutdown should such events occur (Requirement 32417). (See ANSI Z136.1 for hazard evaluation and control information.)
6.16.3.6 Qualified personnel shall perform laser hazard evaluations to determine specific hazards associated with specific uses, establish appropriate hazard control measures, and identify crew and public-at-large protection requirements (Requirement 32418).
6.16.3.7 When completing the hazard evaluation, the program manager shall consider and document the atmospheric effects of laser beam propagation, the transmission of laser radiation through intervening materials, the use of optical viewing aids, and resultant hazards, e.g., electrical, cryogenic, toxic vapors (Requirement 32419).
6.16.4 Software.
6.16.4.1 Software shall provide safety precautions for fast-moving lasers and prevent misdirected laser operation (Requirement 32420).
6.16.4.2 Laser software development shall be subjected to a software safety analysis per Chapter 3 (Requirement 32421). Existing systems are exempt but shall be reviewed to ensure the provision of safety precautions (Requirement 32422). See NASA-STD-8719.13, "NASA Software Safety Manual," for further information.
6.16.5 Training.
Only trained and certified employees shall be assigned to install, adjust, and operate laser equipment (Requirement 25168). Personnel operating lasers shall be trained and certified in accordance with Chapter 4 of this NPR (Requirement 32423).
Policies and guidance for handling, use, and , storage of radioactive material are contained in directives under the purview of the oc , occupational health organizations. See NPD 1800.2, "NASA Oc , cupational Health Program."
6.18.1 A confined space is any space not normally occupied by personnel, has limited or restricted openings for ventilation, access and exit, and may contain chemicals that could produce dangerous air contamination. Entry into confined spaces requires written procedures and authorizations (Requirement 32424). No entry into confined spaces will be made until an assessment of that space has been made and a permit or operating procedures posted (Requirement 32425). Supervisors have overall responsibility for entry and work in confined spaces and for ensuring that the requirements of the references below are followed (Requirement 32426).
6.18.1.1 NASA Health Standard (NHS)/IH-1845.2, "Entry Into and Work in Confined Spaces."
6.18.1.2 OSHA 29 CFR 1910.146, "Permit Required Confined Spaces."
6.18.1.3 American National Standards Institute (ANSI) Z117.1, "Safety Requirements for Confined Space."
6.18.1.4 NIOSH Publication No. 87-113, "A Guide to Safety in Confined Spaces."
This chapter provides the basic requirements of the NASA Aviation Safety Program and provides guidance for managers and aviation safety personnel to establish/implement their aviation mishap prevention programs. NASA philosophy is that mishaps are preventable and that mishap prevention is an inherent function of leadership and management. NASA`s major involvement in aeronautics dictates a commitment to aviation safety, under not only the Aviation Safety Program but also in technology programs. Aviation safety must be enhanced through a comprehensive and proactive program covering all aspects of flight (Requirement 25269).
7.2.1 The NASA Aviation Safety Program requires aviation safety measures to be in effect at each level of aviation management (Requirement 32427). Under this concept, the director/aviation manager responsible for aviation safety and risk management at each level is assisted by an aviation safety officer (ASO)/manager who is an integral part of the aviation manager`s staff and not part of a separate safety organization. The program is supported by system safety personnel as required. Headquarters safety personnel will conduct reviews (staff assistance visits, safety inspections, and process verifications) to provide insight and monitor management`s effectiveness in aviation safety (Requirement 32428). Headquarters safety personnel will also provide technical and operational assistance to improve the overall safety program (Requirement 32429).
7.2.2 The highly diversified aviation activities within NASA require a tailored Aviation Safety Program for Headquarters and each flight activity (Requirement 32430). The primary responsibility for each Center`s Aviation Safety Program rests firmly with the Center Director (Requirement 32431). The Assistant Administrator for Institutional and Corporate Management is responsible for NASA Headquarters aviation operations. Aviation safety programs shall follow the applicable requirements for each respective flight activity set forth in this chapter and NPR 7900.3, "Aircraft Operations Management" (Requirement 32432).
The NASA Aviation Safety Program is Agencywide, covering several Headquarters Offices and all Centers. To ensure effective implementation, the NASA Aviation Safety Program shall conform to the NASA`s aviation management structure (Requirement 25172).
7.3.1 The NASA Administrator is the senior person responsible for Agencywide aviation safety (Requirement 25173).
7.3.2 The AA/OSMA has been delegated the authority to establish NASA Aviation Safety Program requirements and provide support and independent oversight of NASA aviation safety (Requirement 25174). The AA/OSMA shall provide the NASA Administrator an independent assessment of NASA`s aviation safety status and provide immediate information on critical safety issues (Requirement 32433). The Aviation Safety Panel (refer to Appendix J) is chartered by the AA/OSMA to assist in the independent oversight of NASA's aviation safety
7.3.3 The Director, Safety and Assurance Requirements Division, designates the NASA ASO. The NASA ASO provides overall aviation safety oversight and management support for aviation safety. Through this independent oversight function, the ASO shall ensure that Aviation Safety Program requirements are applied at the appropriate levels of responsibility throughout NASA (Requirement 25175).
7.3.4 NASA ASO shall perform the following:
a. Serve as the Agency independent focal point for NASA aircraft safety issues (Requirement 32434).
b. Provide systems safety oversight to ensure Headquarters and Center aircraft operations comply with NASA safety policy (Requirement 32435).
c. Coordinate all OSMA requirements affecting aviation safety or reporting (Requirement 32436).
d. Ensure there is an effective Agency mishap and incident reporting and corrective action system (Requirement 32437).
e. Identify aviation safety issues through mishap investigation and analysis (Requirement 32438).
f. Serve as ex-officio board member or provide a designee to major aircraft mishap investigations and provide independent oversight and expert guidance in investigation procedures and techniques (Requirement 32439).
g. Participate in the annual NASA ASO meeting (Requirement 32440).
h. Monitor and promote Agencywide awareness of and motivation for the Aviation Safety Program (Requirement 32441).
i. Attend selected program flight readiness and safety reviews (Requirement 32442).
j. Serve as an advisor to the Intercenter Aircraft Operations Panel (IAOP) and participate in IAOP activities, including meetings, reviews, and subpanel activities (Requirement 32443).
k. Develop the NASA Aviation Safety Reference Guide (QS-ASO-92-001) and ensure that it is current and meets the needs of NASA (Requirement 32444).
l. Monitor and act on the aviation safety needs of the Headquarters Enterprise and Program Offices, Aircraft Management Office (AMO), IAOP and its subpanels, and Centers (Requirement 32445).
m. Interface with other safety organizations (Requirement 32446).
n. Advocate aviation safety research (Requirement 32447).
o. Conduct aviation safety staff assistance visits and reviews (Requirement 32448).
p. Coordinate recommendations from mishap investigations that require corrective action from sources or agencies outside of NASA (Requirement 32449).
q. Participate in selected aircraft flight operations (Requirement 32450).
7.3.5 The Assistant Administrator for Institutional and Corporate Management, in accordance with NPR 7900.3, is responsible for policies and other matters related to NASA aircraft management (Requirement 25177). This includes developing guidelines for safe aircraft operations and implementing an Agencywide Aviation Safety Program in accordance with Agency policies.
7.3.6 Enterprise Associate Administrators and Institutional Program Officers have line management responsibility for aviation safety for their respective Centers/flight operations (Requirement 25178). This requires ensuring implementation of aviation safety programs for their Centers, allocating aviation resources to meet objectives/programs safely, promulgating safety awareness, conducting mishap investigations, and developing/implementing corrective action (Requirement 32451).
7.3.6.1 A senior single point of contact for aviation safety and aviation management shall be designated within these offices to provide liaison with the OSMA and the Office of Institutional and Corporate Management (Requirement 32452).
7.3.6.2 Except for NASA aircraft operations that are the function of the Office of Institutional and Corporate Management, the Associate Administrator for Aeronautics manages aviation safety-related technology and research programs.
7.3.7 The Aerospace Safety Advisory Panel (ASAP).
The ASAP was established as an advisory committee to NASA by Section 6 of the NASA Authorization Act, 1968 (PL 90-67, codified as 42 U.S.C. 2477). The ASAP reviews and evaluates program activities, systems, procedures, and management policies and provides assessment of these areas to NASA management and Congress. It is in this role that the ASAP provides independent advice on NASA aviation safety issues to the AA/OSMA and to the Administrator.
7.3.8 The Center Director is the primary NASA official responsible for ensuring the safe operation of all aircraft assigned to the Center, and for establishing and implementing an Aviation Safety Program tailored to the Center`s aircraft/airfield operations (Requirement 25180). They are assisted by NASA Headquarters staff assistance visits and the reports and recommendations of the IAOP and ASAP.
7.3.9 Center aviation manager of flight operations is the senior line person assigned aircraft operations responsibilities (Requirement 25181). The manager depends on the local ASO to identify mishap potential and assist in administering the mishap prevention program. However, the manager cannot delegate the line responsibility for the prevention of mishaps. A manager`s experience, leadership, and philosophy are decisive factors in ensuring safe operations. Aviation managers of flight operations shall ensure the following:
7.3.9.1 Flight rules, regulations, and other advisory material required for safe flight operations are obtained/published and updated, and all personnel comply with them (Requirement 32454). Where local conditions or special mission requirements dictate, special rules/procedures should be established and followed.
7.3.9.2 Restrictions to flight, notice to airmen (NOTAM), weather (WX), and other pertinent information are readily available prior to initiation of flight operations (Requirement 32455). Aviation Managers should not waive any safety requirements set by regulations, NPDs, or other authoritative sources, unless the risk is accepted. In these cases, managers should justify and document their actions in writing, with approval of the Center Director and appropriate Headquarters officials.
7.3.9.3 A crew rest policy is in effect (Requirement 32456).
7.3.9.4 Functional and effective foreign object damage (FOD) prevention and tool control programs are in effect (Requirement 32457).
7.3.9.5 Aerial demonstrations involving NASA aircraft, if conducted, encompass the Center top management`s approval to include flight routines, pilot assignment, training prerequisites, and weather limits (Requirement 32458).
7.3.9.6 Hazardous aircraft maintenance operations, such as fuel cell entry, radar testing, radiographic testing, and high noise engine run-ins, are coordinated with applicable health organizations (Requirement 32459).
7.3.10 Center Aviation Safety Officer.
Although the ASO`s also serve as pilots at most Centers, the ASO position is a primary responsibility. Because the ASO serves as the manager`s focal point for aviation safety matters, this individual should report directly to the senior aviation manager responsible for risk management. The ASO also acts on behalf of the Center Director when discharging this responsibility. The ASO shall foster aviation safety measures and use all resources available to promote mishap prevention (Requirement 25182). ASO selection should be based on education, experience, and ability. Ideally, this individual should be on flight status, be current in assigned aircraft, be a graduate of an approved aviation safety course, and have experience in aircraft mishap investigation. To accomplish these tasks, the ASO should refer to the NASA Aviation Safety Reference Guide to ensure appropriate elements are contained in the Center`s aircraft mishap prevention program.
7.3.11 Pilot-In-Command.
7.3.11.1 The NASA aircraft pilot-in-command (PIC) is responsible at all times for the safe operation of the aircraft and the safety of the passengers (Requirement 32460). The PIC is the final authority as to whether a flight shall be delayed or diverted for reasons of weather, aircraft conditions, or other safety-related considerations (Requirement 32461).
7.3.11.2 The PIC shall ensure that passenger briefings are conducted and include pertinent egress, safety, and emergency information (Requirement 32462).
7.3.12 Individual Responsibilities.
All personnel, including contract personnel associated with NASA flight operations, shall conduct aviation-related activities in a safe and responsible manner and in compliance with NASA aviation requirements and safety programs (Requirement 25184). Contracts involving or affecting aviation operations shall stipulate compliance with aviation safety requirements (Requirement 32463). Aviation safety is a personal responsibility of every person involved in aviation-related activities (Requirement 32464).
This paragraph discusses the general elements of an effective Aviation Safety Program. Each Center shall implement an aircraft mishap prevention program that includes the elements appropriate for their operation (Requirement 25185). Detailed elements are contained in the NASA Aviation Safety Reference Guide.
7.4.1 Aircraft Mishap Prevention Survey/Review.
A NASA Headquarters aviation safety review of each Center is required biennially (Requirement 32465). The IAOP, with the assistance of the AMO, conducts these formal reviews with independent safety oversight by the Safety and Assurance Requirements Division. Centers should conduct internal surveys during the alternate year. These reviews provide an objective evaluation of aircraft operations, maintenance, crew procedures, and facilities to ensure safe and efficient operation and aircraft usage consistent with assigned goals and Center requirements.
7.4.2 The Aviation Safety Reporting System.
7.4.2.1 A major program jointly sponsored with the Federal Aviation Administration (FAA) is the NASA Aviation Safety Reporting System (ASRS). This program is designed to identify and publicize deficiencies/discrepancies that have potential safety impact on the aviation community. The program does not address mishap reports but rather solicits reports of perceived safety hazards through a system of protected reporting. This system receives, stores, and distributes pertinent data. It also analyzes the data, conducts special studies, and reports on the results.
7.4.2.2 The Office of Management and Budget (OMB) Report Control Number for the ASRS is 04-R-9206, which has been assigned to the Ames Research Center Form 77.
7.4.2.3 All ASO`s shall use the services of the ASRS program, support its objectives, and integrate the program`s output into their local aviation safety program (Requirement 32469). They shall encourage pilots and other members of the aviation community to submit timely reports of hazardous conditions or incidents as prescribed under the ASRS program (Requirement 32470).
7.4.3 Aircraft Mishap Reporting and Investigation.
The principles of mishap reporting, investigation, identification of root causes, and corrective action are central to an effective aviation safety program and shall be conducted in accordance with NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, Investigating, and Recordkeeping" (Requirement 25186). Close call reporting, investigation, and dissemination of lessons learned is an essential element of mishap prevention.
7.4.4 Incentives and Awards.
All aviation personnel desire both satisfaction and recognition for their achievements. Safe behavior should be recognized and rewarded. Properly used, incentives and awards can be extremely effective in both motivating and maintaining safe behavior. Further information on awards is located in paragraph 1.15 and Appendix C.
7.4.5 Occupational Health, Medical Clearance, Emergency Egress, and Survival.
Close coordination with occupational health and medical officers and aviation personal equipment specialists shall be maintained (Requirement 25188). This enhances protection of aircrew and passengers by ensuring proper medical clearances for flight duties, adequate training, and properly maintained and functioning emergency survival equipment. The proper care and use of parachutes, egress systems, breathing equipment, protective equipment, and survival gear are subjects for safety surveillance. The aviation medical program and aviation life support equipment are important components of this safety program element.
7.4.5.1 The Aviation Medical Program. The objectives of the Aviation Medical Program are to promote aviation safety and prevent illness and injury of aviators and aviation support personnel. Specific aims are to promote the health and safety of aviation personnel through appropriate preventive medicine practices; ensure a safe, toxic-free environment for aviation personnel; and evaluate personal equipment and the man/machine interface for toxic and hazardous conditions. Managers shall ensure establishment and support of an aviation medicine program tailored to specific needs of aviation personnel supported (Requirement 32471).
7.4.5.2 Aviation Life Support Equipment. Aviation Life Support Equipment (ALSE) includes helmets, oxygen masks, parachutes, and survival gear. ALSE is a vital link to a comprehensive aviation safety program. The responsibility, accountability, inspection, and maintenance of this equipment should be delegated to support personnel who are familiar with the equipment, experienced and knowledgeable in aviation concept, and aware of the need for ALSE. ALSE school attendance is desirable and encouraged.
7.4.6 Facilities and Equipment.
Adequate flight facilities shall be established, maintained, and inspected (Requirement 25189). These include airfield, aircrew, maintenance, aircraft service life extension facilities, Crash Fire Rescue (CFR) facilities, and emergency facilities and equipment for offsite operations.
7.4.7 Cargo Safety.
Provisions shall be made for the safe handling and stowing of cargo, including hazardous materials, in NASA aircraft (Requirement 25190). Additionally, contract carriers and airlift services used by NASA are required to abide by sound safety practices and Department of Transportation (DOT) regulations, including 49 CFR 175, "Carriage by Aircraft," in the transportation of hazardous materials and cargo (Requirement 32473). Transportation officers shall ensure mixed cargo and passenger loads meet the requirements for safe practices (Requirement 32474).
7.4.8 Dissemination of Aviation Safety-Related Information and Material.
The best aviation safety material contributes very little to safety programs unless it is read or used by the people who are part of the Aviation Safety Program. Aviation safety managers should ensure that these materials are distributed throughout their Centers and other sites. Safety information that would be of interest Agencywide should be sent to the Safety and Assurance Requirements Division for distribution. This information may assist in saving lives and preserving valuable resources.
7.4.9 Aviation Safety Reference Guide.
Additional information on aviation safety is contained in the "Aviation Safety Reference Guide," QS-ASO-92-001.
NASA aviation activities interface with the aircraft industry, DOT/Federal Aviation Administration (FAA), the Department of Defense (DOD), and foreign governments. These resources shall be used fully in aviation safety matters (Requirement 25192). Centers shall have a process in place with outside organizations to exchange flight information that affects their assigned aircraft (Requirement 32475).
7.5.1 Interagency Committee for Aviation Policy (ICAP).
The ICAP was established by GSA Order ADM 5420.99, dated August 9, 1989, as directed by revised OMB Circular A-126, issued January 18, 1989. The committee`s goal is to coordinate Government-wide improvements in efficiency, effectiveness, economy, and safety of Federal executive agency public aircraft activities. NASA is represented on the executive committee by one primary and one alternate representative from the Office of Institutional and Corporate Management, and by representatives from both the Office of Institutional and Corporate Management and Office of Safety and Mission Assurance on the following subcommittees: Regulatory Policy; Safety, Standards, and Training; Data Management Systems; and Acquisition and Disposition. The NASA representatives will keep the NASA aviation community apprised of deliberations and actions forthcoming from the committee (Requirement 32476).
7.5.2 Department of Transportation.
NASA aviation safety has a direct interest in FAA flight services and facilities used by NASA aircraft. These include departure, enroute, and arrival procedures, the airways, restricted airspace, and local flying/training areas. Cooperation with FAA at the local level should foster a mutual understanding in developing safe aviation control procedures. Research and development (R&D) activities present opportunities for NASA/FAA cooperation to enhance safety.
7.5.3 Department of Defense.
Because NASA uses many military airfields and aircraft common to the military services, coordination with the Army, Navy, and Air Force is required (Requirement 32478). Use of the various military safety publications, cross-exchange of accident prevention data, and participation in joint safety efforts are also required (Requirement 32479). Safety and accident investigation provisions must be included in joint agreements with DOD agencies for joint use or loan of aircraft (Requirement 32480).
7.5.4 Industry.
Although this interface is normally through the contracting officer, special safety provisions in contracts shall require exchange of accident information concerning the types of aircraft involved (Requirement 32481). Safety personnel shall participate in design reviews and inspections during the acquisition phase to ensure proper safety coverage (Requirement 32482).
7.5.5 Foreign Governments.
Most foreign interface occurs during joint research or exchange programs and aviation shows and displays. The primary purpose of aviation safety is to save lives and property. Aviation safety must not have political or national boundaries (Requirement 32483). The NASA Aviation Safety Program shall have provisions for exchanges of safety information (Requirement 32484).
This chapter establishes safety procedures and guidelines to enhance the safety and mission success aspect of NASA`s facility acquisition, construction, and activation process. Facility operational safety requirements are covered in Chapter 6. Except in case of imminent danger, it is not the intent of this chapter to require upgrades to existing facilities just to meet new codes. Existing facilities undergoing major renovations must meet national consensus code in effect at the time of the renovations (Requirement 25272). Specific safety tasks to be accomplished to ensure safety during construction, operation, maintenance, and final disposition of the facility will be documented in the Facility Safety Management Plan (FSMP) in accordance with NPR 8820.2, "Facility Project Implementation Guide." The FSMP for each facility acquisition should be tailored to include those tasks appropriate considering the size and complexity of the project and associated safety risks. NASA-STD-8719.7, "Facilities System Safety Manual," provides a review of the facility life cycle and the safety tasks that shall be accomplished (as applicable) during acquisition, modification, test activities, facilities operations, maintenance, and disposal (Requirement 32485).
This chapter is not a direct instruction to NASA contractors who provide planning, architect-engineering (A-E) design, or construction contract services. It is guidance to the responsible NASA Center program/project management, contracting office, safety assurance, and fire protection organization personnel who implement the safety programs essential to meeting each facility acquisition and construction work package effort in accordance with NPR 8820.2, "Facility Project Implementation Guide." This chapter shall be applied to construction of facilities (CoF) projects and facilities maintenance projects (Requirement 25273). This chapter shall also be applied to Center-approved projects according to the degree of impact of safety policy and regulatory considerations on those projects (Requirement 32486). This chapter shall not supersede more stringent requirements imposed by individual NASA organizations and other Government agencies (Requirement 32487).
NASA`s facility acquisition safety and construction safety objectives are as follows:
8.3.1 Identify, track, and resolve hazards at the earliest possible phase to eliminate risk to personnel safety and mission success and to minimize the cost and need for a retrofit program (Requirement 32488).
8.3.2 Perform safety oversight functions to ensure compliance with NASA safety policies (Requirement 32489).
8.3.3 Provide for review of all proposed projects to ensure that all safety requirements are specified and funded (Requirement 32490).
8.3.4 Provide the necessary technical reviews that include safety aspects of all facility acquisition, design, and construction efforts to ensure that they are being conducted in accordance with sound safety engineering principles (Requirement 32491).
8.3.5 Monitor facility construction, modification, repair, and rehabilitation for compliance with appropriate safety, fire protection, and building codes and standards (Requirement 32492). NASA fire protection and safety personnel shall monitor the compliance effort in the various phases of the projects (Requirement 32493). For projects with safety or fire protection implications, this effort will be formal, with the safety office/fire protection office providing a formal sign-off (Requirement 32494).
8.3.6 Ensure that any final inspection effort (operational readiness inspection (ORI), operational readiness review (ORR), test readiness review (TRR), pre-final inspection (PFI), final inspection (FI), etc.) includes a safety and/or health representative as appropriate and that all facility safety and health issues are documented, resolved, or adequately controlled prior to acceptance, activation, and operation (Requirement 32495).
8.3.7 Maintain current building configuration during all phases of the facility acquisition, maintenance, operation, and disposal process (Requirement 32496). Test activities that require building modification, however minor, are of particular interest. Process any change to facility hardware, software, or procedures through the configuration management (CM) program (Requirement 32497).
8.3.8 Inspect all facilities, occupied or unoccupied, at least annually (Requirement 32498).
To achieve facility acquisition, construction, and activation safety assurance objectives, each NASA Center Director shall do the following:
8.4.1 Designate and assign facility safety program management responsibilities to a NASA Center safety and mission assurance organization that is independent from the specific facility (user) management (Requirement 32499).
8.4.2 Assure that the fire protection and safety organizations review all proposed NASA-owned, controlled, or operated facility configuration changes and construction work change orders that have a potential safety impact (Requirement 32500). This does not preclude the use of checklists and other guidelines to assist the project in determining the potential safety or fire impact and necessary protection requirements.
8.4.3 Incorporate safety criteria or requirements into the project design criteria before start of facility project design, in accordance with NPR 8820.2, "Facility Project Implementation Guide" (Requirement 32501).
8.4.4 Mandate compliance with NASA supplementary and alternate NASA technical standards for safety that may apply for all NASA-managed construction work (Requirement 32502). For construction undertaken at NASA by the U.S. Army Corps of Engineers, compliance with EM 385-1-1, "U.S. Army Corps of Engineers, Safety and Health Requirements," is mandatory (Requirement 32503). For related NASA-managed projects, EM 385-1-1 will be considered as an advisory document.
8.4.5 Ensure facility operation instructions and changes are developed based on the facility mission and operational requirements (Requirement 32504). All procedures shall include sufficient detail to identify residual hazards and cautions to NASA personnel (Requirement 32505). A written preventative maintenance program must be developed that includes schedules, procedures, and records (Requirement 32506). Deviation or changes to hazardous operating procedures (HOP`s) require the approval of the cognizant NASA/contractor safety or health offices (Requirement 32507). Those procedures and instructions identified as hazardous shall require fire protection and safety office approval as provided in Chapter 6 (Requirement 32508).
The Center Director or designee shall appoint a facility operations manager or facility coordinator to oversee proper operation of the facility (Requirement 25195). A safety coordinator may be appointed to assist the manager. The extent of each authority shall be detailed in writing to ensure complete safety coverage of all facility operations (Requirement 32509). The Center safety office will interface with the facility managers or safety coordinators as appropriate to ensure proper safety program implementation.
8.6.1 The Center Directors shall document and maintain a written facility FSMP for each major facility acquisition, modification, test activities, operations and maintenance, and disposal to monitor timely completion of all required life cycle safety program tasks (Requirement 32510). The FSMP should include a facility hazard analysis (FHA), hazard analysis tracking index (HATI), and hazard resolution verification (HRV). NASA-STD-8719.7, "Facilities System Safety Manual," provides a detailed explanation of these requirements. As part of the FHA, the risk assessment code (RAC) system for facilities is used to indicate the risk associated with each individual hazard that considers the severity and probability of a hazard. The FSMP may be contractually proposed or prepared in-house. This plan shall be used to implement tailored safety requirements, including organizational responsibilities, resources, milestones, methods of accomplishment, depth of effort, and integration with other program engineering and management activities and related systems (Requirement 32511). For minor or normal acquisitions and facility modification projects, the FSMP can be tailored but will include the appropriate local directives, instructions, and guidelines as a minimum (Requirement 32512).
8.6.2 The FSMP shall contain a realistic milestone schedule commencing with the functional requirements and facilities concept development phase to monitor timely completion of all required safety program tasks for the facility project design (Requirement 32513). The milestone schedule shall also include safety management during construction, and the operation and maintenance considerations (instructions, training, provisioning of parts, special tools, and supplies) cited in NPR 8831.2, "Facilities Maintenance Management," for complex facility projects or the use of specialized equipment (Requirement 32514). All FSMP milestones shall support the scheduled facility need date or occupancy date, as appropriate (Requirement 32515).
This chapter establishes the overall requirements for the NASA Fire Safety Program.
The objective of NASA fire safety policy is to protect human life, property, and the environment from the risk of fire-related hazards. The goals are zero loss of life from fires, a reduction in number of fires to zero, protection for facilities and equipment to preclude major losses, and a reduction in the magnitude of loss for those fires that occur.
NASA shall implement a comprehensive fire safety program at each NASA Center (Requirement 25197). This program is further defined by specific program requirements and procedures found in NASA-STD-8719.11, "Safety Standard for Fire Protection." The program generally provides for the following:
9.3.1 Providing appropriate automatic fire detection and suppression systems for all facilities containing significant hazards, mission essential equipment, or permanently housed personnel in accordance with 29 CFR 1910 Subpart L.
9.3.2 Complying with National Fire Protection Association (NFPA) and other nationally recognized building and fire safety codes and any applicable local codes in accordance with 40 U.S.C. Section 619, (Section 6(a) of Public Law 100-678, "Public Buildings Amendments of 1988," November 17, 1988), as amended.
9.3.3 Ensuring employees, other than trained professional firefighters, trained volunteers, or emergency response personnel, do not fight fires except in cases where the fire is incipient in nature.
9.3.4 Adhering to the more stringent of fire safety requirements imposed by local, State, or Federal agencies.
9.4.1 The Center Director is responsible for identifying and reducing fire risks, ensuring fire safety of its operations, and implementing the directives of this chapter (Requirement 32520). Centers are responsible for following applicable government laws and requirements for fire protection and life safety in construction and building codes as well as ensuring implementation of NASA operational fire safety procedures (Requirement 32521).
9.4.2 The Center Director shall appoint the Authority Having Jurisdiction (AHJ) for NASA fire protection in writing (Requirement 32522). That person shall be a safety or fire protection professional with requisite skills and knowledge to fulfill the role (Requirement 32523). For specific responsibilities of the AHJ, refer to NASA-STD-8719.11, "NASA Safety Standard for Fire Protection."
9.4.3 Each Center`s fire and safety organization shall review and approve all project design criteria and conceptual plans and design documents with life safety and/or fire protection/prevention implications (Requirement 32524).
Fire hazards will be identified through comprehensive fire risk evaluation, discrepancies documented, and abatement plans prepared for corrective action (Requirement 25199). Those items that cannot be corrected or funded locally must be forwarded to Headquarters for resolution (Requirement 32525). Engineering surveys and fire inspections will be conducted and documented (Requirement 32526).
9.6.1 Fire Protection Doctrine.
The nature of NASA`s mission is such that a significant number of specialized facilities and operations exist along with the more conventional structures and work routines. As a result, difficulties arise in the determination of the required level of fire safety. In most instances, conventional fire protection doctrine and existing codes and standards are appropriate. However, specialized facilities may have fire risks not specifically addressed by conventional means. In those instances, safeguards can be assured by following the requirements contained in this document and in NASA-STD-8719.11, "NASA Safety Standard for Fire Protection."
9.6.2 Extinguishing Systems.
Extinguishing systems and fire extinguishers shall comply as a minimum with the National Fire Protection Association (NFPA) codes and standards (Requirement 32528). All fire protection equipment shall be Underwriter Laboratories (UL) listed or Factory Mutual (FM) approved (Requirement 32529).
Firefighting organizations may be established or provided to ensure adequate protection to life and property. NFPA recommendations and OSHA regulations shall be used for determining type, size, and training of firefighting organizations (Requirement 25201). When agencies external to NASA provide fire protection, the agreed-upon arrangement must be documented and retained on file (Requirement 32530).
Specialized facilities and critical areas that constitute a major portion of NASA operations demand a unique, pre-planned response from the entire Agency. See NPD 8710.1, "Emergency Preparedness Program," NASA-STD-8719.11, "NASA Safety Standard for Fire Protection," and respective emergency preparedness plans for further information on specific critical areas and emergency plan procedures.
Training for NASA employees shall be in accordance with the requirements contained in Chapter 4 of this document; 29 CFR 1910.38, Employee Emergency Plans and Fire Prevention Plans; and NASA-STD-8719.11, "NASA Safety Standard for Fire Protection" (Requirement 25203).
Reporting shall be an integral part of fire safety (Requirement 25204). Effective reporting procedures disseminate the knowledge and experience gained by one Center to the rest of NASA and the Federal Government. Reporting of fire-related mishaps shall be in accordance with NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, I nvestigating and Recordkeeping" (Requirement 32531).
With the goal of protecting life and property, NASA organizations must comply with the most current requirements of the following documents in the design, construction, and operation of all NASA buildings and structures (Requirement 25205). (Conflicts shall be documented in accordance with the variance policy of paragraph 1.19 and sent to NASA Headquarters for review) (Requirement 32532). When standards are updated and superseded by newer, more stringent requirements, the AHJ will perform a risk assessment and determine on a case-by-case basis the need to incorporate the newer requirements and standards into existing facility and equipment operating procedures (Requirement 32533).
9.11.1 Federal Documents.
9.11.1.1 40 U.S.C. Section 619, "Compliance with Nationally Recognized Codes," (Section 6(a) of P.L. 100-678, November 17, 1988), as amended.
9.11.1.2 29 Code of Federal Regulations (CFR) Part 1910 Subpart L, Fire Protection.
9.11.2 NASA Documents.
9.11.2.1 NASA-STD-8719.11, "NASA Safety Standard for Fire Protection." This standard contains specific NASA requirements and guidelines for the implementation of a comprehensive fire protection program.
9.11.2.2 NASA STD 6001, "Flammability, Odor, Off-gassing and Compatibility Requirements and Test Procedures for Materials in Environments That Support Combustion." This Handbook contains methods to assess flammability of materials.
9.11.2.3 NASA-STD-8719.7, "Facility System Safety Manual."
9.11.3 Other Standards.
The use of NFPA standards, including their appendices, is mandatory unless the requirements of the local codes are more stringent (see paragraph 9.3.2) (Requirement 32541). Mandatory standards that need to be addressed are as follows:
9.11.3.1 A nationally recognized building code or the appropriate local building codes (Requirement 32542).
9.11.3.2 NFPA fire standards, codes, and their appendices (Requirement 32543).
9.11.3.3 NFPA Life Safety Code Handbook (Requirement 32544).
9.11.3.4 NFPA National Electric Code Handbook (Requirement 32545).
| A-E | Architect-Engineering |
| AA | Associate Administrator |
| AFB | Air Force Base |
| AFFTC | Air Force Flight Test Center |
| AFOSH | Air Force Occupational Safety and Health |
| AHJ | Authority Having Jurisdiction |
| ALARA | As Low As Reasonably Achievable |
| ALSE | Aviation Life Support Equipment |
| AMO | Aircraft Management Office |
| ANSI | American National Standards Institute |
| ARAR | Accident Risk Assessment Report |
| ARC | Ames Research Center |
| ASAP | Aerospace Safety Advisory Panel |
| ASO | Aviation Safety Officer |
| ASRS | Aviation Safety Reporting System |
| CDR | Critical Design Review |
| CFR | Code of Federal Regulations |
| Crash, Fire, Rescue | |
| CIL | Critical Items List |
| CoF | Construction of Facilities |
| COTR | Contracting Officers Technical Representative |
| CSFP | Critical Single Failure Point |
| CSC | Critical Software Command |
| DASHO | Designated Agency Safety and Health Official |
| DCMC | Defense Contracting Management Command |
| DCN | Document Control Number |
| DCR | Design Certification Review |
| DLAM | Defense Logistics Agency Manual |
| DoD | Department of Defense |
| DOE | Department of Energy |
| DoL | Department of Labor |
| DOT | Department of Transportation |
| ELV | Expendable Launch Vehicle |
| EM | Engineering Memorandum |
| Electronic Mail | |
| Exception Monitor | |
| EO | Executive Order |
| EPA | Environmental Protection Agency |
| ESD | Electrostatic Discharge |
| ETA | Event Tree Analysis |
| ETR | Eastern Test Range |
| EWR | Eastern and Western Test Range Regulation |
| FAA | Federal Aviation Administration |
| FAR | Federal Acquisition Regulation |
| FDA | Food and Drug Administration |
| FHA | Facility Hazard Analysis |
| Fault Hazard Analysis | |
| FI | Final Inspection |
| FM | Factory Mutual |
| FMEA | Failure Modes and Effects Analysis |
| FOD | Foreign Object Damage |
| FRR | Flight Readiness Review |
| FSMP | Facility Safety Management Plan |
| FTA | Fault Tree Analysis |
| GAO | General Accounting Office |
| GFE | Government Furnished Equipment |
| GFF | Government Furnished Facilities |
| GFP | Government Furnished Property |
| GPG | Goddard Procedures Guidebook |
| GRC | Glenn Research Center at Lewis Field |
| GSA | General Services Administration |
| GSE | Government Supplied Equipment |
| Ground Servicing/Support Equipment | |
| GSFC | Goddard Space Flight Center |
| HAB | HEDS Assurance Board |
| HEDS | Human Exploration and Development of Space |
| HOP | Hazardous Operating Procedure or Hazardous Operating Permit |
| HR | Hazard Report |
| IAOP | Intercenter Aircraft Operations Panel |
| ICAP | Interagency Committee for Aviation Policy |
| IHA | Integrated Hazard Analysis |
| Interface Hazard Analysis | |
| INSRP | Interagency Nuclear Safety Review Panel |
| IRIS | Incident Reporting Information System |
| ISSIAP | International Space Station Independent Assessment Panel |
| JANNAF | Joint Army, Navy, NASA, Air Force |
| JPL | Jet Propulsion Laboratory |
| JSC | Johnson Space Center |
| KHB | Kennedy Handbook |
| KSC | Kennedy Space Center |
| LaRC | Langley Research Center |
| LED | Light Emitting Diode |
| LLIS | Lessons Learned Information System |
| MSDS | Material Safety Data Sheet |
| MSE | Mission Safety Evaluation |
| MSFC | Marshall Space Flight Center |
| MSPSP | Missile System Prelaunch Safety Package |
| NASA | National Aeronautics and Space Administration |
| NDE | Nondestructive Evaluation |
| NEPA | National Environmental Policy Act |
| NF | NASA Form |
| NFPA | National Fire Protection Association |
| NFS | NASA FAR Supplement |
| NFSAM | Nuclear Flight Safety Assurance Manager |
| NHS | NASA Health Standard |
| NIOSH | National Institute of Occupational Safety and Health |
| NPD | NASA Policy Document |
| NPR | NASA Procedural Requirements |
| NOTAM | Notice to Airmen |
| NSRS | NASA Safety Reporting System |
| NSS | NASA Safety Standard |
| NSTC | NASA Safety Training Center |
| O&SHA | Operating and Support Hazard Analysis |
| OEP | Operations and Engineering Panel |
| OHA | Operating Hazard Analysis |
| OMB | Office of Management and Budget |
| ORI | Operational Readiness Inspection |
| ORR | Operational Readiness Review |
| OSHA | Occupational Safety and Health Administration |
| OSMA | Office of Safety and Mission Assurance |
| OSTP | Office of Science and Technology Policy |
| PAR | Prelaunch Assessment Review |
| PDR | Preliminary Design Review |
| PFI | Pre-Final Inspection |
| PHA | Preliminary Hazard Analysis |
| PIC | Pilot-in-Command |
| PL | Public Law |
| PPE | Personal Protective Equipment |
| SSP | Space Shuttle Program |
| SSRP | System Safety Review Panel |
| STS | Space Transportation System |
| SWHA | Software Hazard Analysis |
| PV | Pressurized Vessel |
| R&D | Research and Development |
| RAC | Risk Assessment Code |
| RADCC | Radiological Control Center |
| RCC | Range Commanders Council |
| RSO | Range Safety Office |
| SAR | Safety Assessment Report |
| SAS | Safety Analysis Summary |
| SCA | Sneak Circuit Analysis |
| SCAPE | Self-Contained Atmospheric Protective Ensemble |
| SCBA | Self-Contained Breathing Apparatus |
| SCR | System Concept Review |
| SCUBA | Self-Contained Underwater Breathing Apparatus |
| SEB | Source Evaluation Board |
| SER | Safety Evaluation Report |
| SHA | System Hazard Analysis |
| SMA | Safety and Mission Assurance |
| SOLAR | Site for On-line Learning and Resources |
| SPP | Safety Program Plan |
| SSARMAC | System Safety and Risk Management Assistance Committee |
| SSC | Stennis Space Center |
| SSHA | Subsystem Hazard Analysis |
| SSM | System Safety Manager |
| TRR | Test Readiness Review |
| UL | Underwriter Laboratories |
| V | Volt |
| WFF | Wallops Flight Facility |
| WSMR | White Sands Missile Range |
| WTR | Western Test Range |
| WX | Weather |
Acceptance Testing. Tests to determine that a part, component, subsystem, or system is capable of meeting performance requirements over the environmental and operating ranges prescribed in the specification documents.
Accepted Risk. A hazard whose risk is not completely mitigated and that has been accepted by top program and safety management.
Accident Prevention. Methods and procedures used to eliminate the causes that could lead to a mishap.
Action Centers. Emergency centers set up by the appropriate Center official or program official to coordinate all communications, responses, and other actions for mishaps that have international, national, or regional implications; high visibility; or major public interest.
Aviation Life Support Equipment (ALSE). Includes helmets, oxygen masks, parachutes, and survival gear used for aviator safety.
Applied Load (Stress). Actual load (stress) imposed on a system.
Arming. Bringing a device or system to a state or condition that will allow its subsequent activation.
Assessment. Review or audit process, using predetermined methods, that evaluates hardware, software, procedures, technical and programmatic documents, and the adequacy of their implementation.
Audit. Formal review to assess compliance with hardware or software requirements, specifications, baselines, safety standards, procedures, instructions, codes, and contractual and licensing requirements.
Authority Having Jurisdiction (AHJ). The AHJ is the organization, office, or individual responsible for approving equipment, an installation, or a procedure. The AHJ's are to be designated for fire protection and explosives by the Center Director. The fire protection AJH shall be a safety or fire protection professional.
Availability. Measure of the percentage of time that an item could be used as intended.
Biomechanics. Interdisciplinary science (comprising mainly anthropometry, mechanics, physiology, and engineering) of the mechanical structure and behavior of biological materials. It concerns primarily the dimensions and mass properties of body segments.
Buddy System. An arrangement used when risk of injury is high, where personnel work in pairs, with one person in the pair stationed nearby, not directly exposed to the hazard, to serve as an observer to render assistance if needed.
Catastrophic. (1) A hazard that could result in a mishap causing fatal injury to personnel, and/or loss of one or more major elements of the flight vehicle or ground facility. (2) A condition that may cause death or permanently disabling injury, major system or facility destruction on the ground, or loss of crew, major systems, or vehicle during the mission.
Certification Test. Test whose objective is to determine and then certify that system specifications are satisfied or personnel skills are present.
Certified Personnel. Personnel who have completed required training and whose specified knowledge or proficiency in a skill has been demonstrated and documented.
Configuration Item. An item that is designated for configuration management.
Contractor Safety Plans. Written plans prepared by the contractor detailing the overall safety program that will cover the employees, equipment, and facilities used to fulfill the contract.
Contributing Root Cause. A factor, event, or circumstance which led, directly or indirectly, to the dominant root cause, or which contributed to the severity of the mishap.
Controlled (Risk) Hazard. The likelihood of occurrence or severity of the associated undesirable event has been reduced to an acceptable level through the imposition of appropriate, readily implementable, verifiable controls, resulting in minimal residual risk.
Credible Condition (Event). Condition (event) that reasonably may be anticipated and planned for based on experience with or analysis of a system.
Crew Rating. Certifying the incorporation of enhanced environmental support, reliability, and safety features into the design and operation of hardware and software essential for the preservation of life during crewed tests or operations.
Critical. A condition that may cause severe injury or occupational illness, or major property damage to facilities, systems, or flight hardware.
Critical Lifting Operations. Lifting and lowering operations involving major programmatic or institutional hardware that is irreplaceable, or will cause serious program or mission delays if damaged, or is hazardous to personnel if dropped or uncontrolled, or will require special budgetary actions to repair damages suffered from lifting malfunctions.
Critical Single Failure Point (CSFP). A single item or element, essential to the safe functioning of a system or subsystem, whose failure in a life or mission essential application would cause serious program or mission delays or be hazardous to personnel.
Critical Software Command (CSC). A command that either removes a safety inhibit or creates a hazardous condition.
Design Burst Pressure. Pressure at which an element of a pressurized system would be expected to burst if it meets the exact design conditions.
Design Margin. Percent by which a factor of safety of 1.0 is exceeded or deficient.
Deviation. A variance that authorizes departure from a particular safety requirement where the intent of the requirement is being met through alternate means that provide an equivalent level of safety. OSHA refers to this as an alternate or supplemental standard.
Dominant Root Cause. Along a chain of events leading to a mishap, the first causal action or failure to act that could have been controlled systemically either by policy/practice/procedure or individual adherence to policy/practice/procedure.
Eliminated Hazard. A hazard that has been eliminated by completely removing the hazard causal factors.
Emergency. Unintended circumstance bearing clear and present danger to personnel or property which requires an immediate response.
Event Tree Analysis (ETA). An analysis that traces the effect of a mishap and leads to all possible consequences through visualization of the positive and negative sides for each event using a type of logic tree. Event trees are complements to fault trees. This is an inductive logic method for identifying the various possible outcomes of a given initiating event.
Exposure. (1) Vulnerability of a population, property, or other value system to a given activity or hazard; or (2) other measure of the opportunity for failure or mishap events to occur.
Facility Hazard Analysis (FHA). The FHA is a preliminary hazard analysis performed during the planning and decision phases of a facility design and acquisition program.
Factor of Safety (Safety Factor). Ratio of the design condition to the maximum operating conditions specified during design (see also Safety Margin and Margin of Safety).
Fail-Operational. Ability to sustain a failure and retain full operational capability.
Fail-Safe. Ability to sustain a failure and retain the capability to safely terminate or control the operation.
Failure. Inability of a system, subsystem, component, or part to perform its required function within specified limits.
Failure Analysis. A systematic examination of a failed item or system to identify the failure mode and cause.
Failure Cause. Physical or chemical process, design defect, quality defect, or other process that initiates a sequence of events leading to failure.
Failure Effect. Consequence of a failure mode on the operation, function, or status of an item or system.
Failure Mode. Particular way in which a failure can occur, independent of the reason for failure.
Failure Modes and Effects Analysis (FMEA). A bottoms up systematic, inductive, methodical analysis performed to identify and document all identifiable failure modes at a prescribed level and to specify the resultant effect of the modes of failure. It is usually performed to identify critical single failure points (CSFPs) in hardware. In relation to formal hazard analyses, FMEA is a subsidiary analysis.
Failure Rate. Number of failures per unit of time or other measure of opportunity for failures to occur.
Fault Detection. Process that discovers or is designed to discover faults.
Fault Hazard Analysis (FHA). Analysis performed during design resulting in the identification, evaluation, and control of hazards resulting from piece-part or component faults.
Failure Tolerance. Built-in capability of a system to perform as intended in the presence of specified hardware or software failures.
Fault Tree. A schematic representation resembling an inverted tree that depicts possible sequential events (failures) that may proceed from discrete credible failures to a single undesired final event (failure). A fault tree is created retrogressively from the final event by deductive logic.
Fault Tree Analysis (FTA). An analysis that begins with the definition or identification of an undesired event (failure). The fault tree is a symbolic logic diagram showing the cause-effect relationship between a top undesired event (failure) and one or more contributing causes. It is a type of logic tree that is developed by deductive logic from a top undesired event to all subevents that must occur to cause it.
Firmware. Computer programs and data loaded in a class of memory that cannot be dynamically modified by the computer during processing.
Flight Hardware. Hardware designed and fabricated for ultimate use in a vehicle intended to fly.
Fracture Mechanics. Engineering methods used to predict flaw-growth and fracture behavior of materials and structures containing cracks or crack-like flaws.
Functional Redundancy. A situation where a dissimilar device provides safety back-up rather than relying on multiple identical devices.
Ground Support Equipment. Ground-based equipment used to store, transport, handle, test, check out, service, and control aircraft, launch vehicles, spacecraft, or payloads.
Handlers of Hazardous Material. Individuals who handle but who do not open or otherwise disturb the integrity of the basic, properly packaged, shipping container that holds the hazardous material. As an example, this includes personnel who prepare, package, mark, or transport hazardous material. Personnel who reduce palletized or otherwise combined items into smaller increments, without exposing the hazardous material, are considered handlers.
Hazard. Existing or potential condition that can result in or contribute to a mishap.
Hazard Analysis. Identification and evaluation of existing and potential hazards and the recommended mitigation for the hazard sources found.
Hazard Analysis Report. System safety document that summarizes results of the hazard analyses performed on a system or activity.
Hazard Control. Means of reducing the risk of exposure to a hazard.
Hazard List. Listing of all identifiable and known hazards.
Hazard Prioritization. Used in risk management, ranking of hazards in order of risk severity by program and safety management for formal action to reduce the level of risk.
Hazard Probability. Likelihood of occurrence, stated in qualitative or quantitative terms, of the aggregate of conditions that result in a specific hazard.
Hazard Report (HR) Closure Classification. Report closures are classified as eliminated hazard, controlled hazard, or accepted risk hazard. An HR when closed will have one of the following classifications: Eliminated Hazard, Controlled Hazard, or Accepted Risk.
Hazard Report (HR) Status. Report status is cited as follows:
1. Closed. Corrective action to eliminate or control the hazard has been implemented or scheduled for implementation before the effectivity identified in the HR; or
2. Open. An HR status is open when corrective action to eliminate or control the hazard has not been completed and the corrective action is not scheduled to be performed.
Hazardous Event. Event that contributes to a hazard.Hazardous Material. Defined by law as "a substance or materials in a quantity and form which may pose an unreasonable risk to health and safety or property when transported in commerce" (49 U.S.C 1802). The Secretary of Transportation has developed a list of materials that are hazardous which may be found in 49 CFR 172.101. Typical hazardous materials are those that may be highly reactive, poisonous, explosive, flammable, combustible, corrosive, radioactive, produce contamination or pollution of the environment, or cause adverse health effects or unsafe conditions.
Hazardous Operation. Any operation involving material or equipment that has a high potential to result in loss of life, serious injury to personnel, or damage to systems, equipment, or facilities.
Hazardous Operation Safety Certification. Certification required for personnel who perform those tasks that potentially have an immediate danger to the individual (death/injury) if not done correctly, could create a danger to other individuals in the immediate area (death or injury), and present a danger to the environment.
High Value. Facilities/equipment valued at 1 million ($1,000,000) dollars and above.
Human Engineering. Area of engineering that applies scientific knowledge to the design of systems and operations to achieve effective human-system integration.
Human Factors Engineering. Area of engineering dealing with human biomedical and psychosocial characteristics. It includes, but is not limited to, principles and applications in the areas of human engineering, personnel selection, training, life-support, job performance aids, and human performance evaluation.
Imminent Danger. Condition or practice that could be reasonably expected to cause death or serious physical harm immediately or in the near term. These are classified as Risk Assessment Code (RAC) 1 using the typical NASA risk assessment matrix in Chapter 3.
Independent Inhibit. An inhibit that will continue to operate independent of other design features.
Independent Verification and Validation. Test and evaluation process by a third party.
Inhibit. Design feature that prevents operation of a function.
Integrated Hazard Analysis. Comprehensive evaluation of hazards, taking into account all subsystems and elements that are included in the overall system being analyzed, including the system, and operational and environmental envelopes.
Interface Hazard Analysis (IHA). Evaluation of hazards which cross the interfaces between a specified set of components, elements, or subsystems.
Interlock. Hardware or software function that prevents succeeding operations when specific conditions are satisfied.
Limit Load. Maximum combination of loads which a structure is expected to experience in a specified operational environment.
Margin of Safety. Deviation of the actual (operating) factor of safety from the specified factor of safety. Can be expressed as a magnitude or percentage relative to the specified factor of safety.
Minor Radioactive Sources. Quantities of minor radioactive sources are defined in terms of the level of review and reporting procedures required.
Mission Critical. Item or function that must retain its operational capability to assure no mission failure (i.e., for mission success).
Mission Safety Evaluation (MSE) Report. A formal report for a specified mission to document the independent safety evaluation of safety risk factors that represent a change, or potential change, to the risk baseline of the program.
NASA Safety Standard (NSS). A NASA safety document that requires conditions, or the adoption or use of one or more practices, means, methods, operations, or processes reasonably necessary or appropriate to provide for safe employment and places of operation. The document is promulgated by the NASA Office of Safety and Mission Assurance and implemented and enforced by the Center Safety and Mission Assurance organizations. In 1999 the NSS's were merged into the NASA Technical Standards library and became NASA-STD's.
Noncritical Lifting. A lifting operation whose failure or malfunction (loss of control, dropping a load, etc.) would not cause loss of life, loss of space vehicle, loss of payload, loss of mission essential hardware, or damage to flight or space hardware.
Nondestructive Evaluation (NDE). Test and inspection methods used to determine the integrity of equipment that do not involve destruction of the test object. Examples are ultrasonic, magnetic particle, eddy current, x-ray, dye penetrant, etc.
Nuclear Flight Safety Assurance Manager (NFSAM). The person in the Office of Safety and Mission Assurance responsible to assist the program/project offices in meeting the required nuclear launch safety analysis/evaluation.
Occupational Safety and Health Administration (OSHA). The Federal agency which promulgates and enforces workplace safety regulations and guidance.
Operating and Support Hazard Analysis (O&SHA). An analysis performed to identify hazards and recommend risk reduction alternatives in procedurally controlled activities during all phases of intended use.
Operating Hazard Analysis (OHA). An analysis that examines the operator interface during system operation and maintenance actions. Because the operator actions are not defined until late in the system development program, corrective action resulting from this analysis will seldom be a design change. This analysis also determines certification and training requirements and safety inputs to technical manuals, warning signs, and safety placards.
Operational Safety. That portion of the total NASA safety program dealing with safety of personnel and equipment during launch vehicle ground processing, normal industrial and laboratory operations, special high hazard tests and operations, aviation operations, use and handling of hazardous materials and chemicals from a safety viewpoint, and design, construction, and use of facilities.
Oversight/Insight. The transition in NASA from a strict compliance oriented style of management to one which empowers line managers, supervisors, and employees to develop better solutions and processes.
Potentially Serious. Condition or practice that could reasonably be expected to cause injury or illness over the operational lifetime of the system or process. These are classified as Risk Assessment Code (RAC) 2 using the typical NASA risk assessment matrix in Chapter 3.
Preliminary Hazard Analysis (PHA). A gross study of the initial system concepts. It is used to identify all of the energy sources that constitute inherent hazards. The energy sources are examined for possible accidents in every mode of system operation. The analysis is also used to identify methods of protection against all of the accident possibilities.
Pressure Vessel. Any vessel used for the storage or handling of a fluid under positive pressure. A pressure system is an assembly of components under pressure, e.g., vessels, piping, valves, relief devices, pumps, expansion joints, gages.
Proof Load Test. A load test performed prior to first use, after major modification of the load path, or at other prescribed times. This test verifies material strength, construction, and workmanship and uses a load greater than the rated load.
Radiological Control Center (RADCC). A temporary information clearinghouse established on an as-needed basis to coordinate actions that could be required for mitigation, response, and recovery of an incident involving the launching of nuclear material.
Range Safety. Application of safety policies, principles, and techniques to ensure the control and containment of flight vehicles to preclude an impact of the vehicle or its pieces outside of predetermined boundaries from an abort which could endanger life or cause property damage. Where the launch range has jurisdiction, pre-launch preparation is included as a safety responsibility.
Rated Load Test. A load test performed at predetermined intervals with a load equal to the rated load.
Redundancy. Use of more than one independent means to accomplish a given function.
Residual Risk. Risk that remains from a hazard after all mitigation and controls have been applied.
Risk. The combination of (1) the probability (qualitative or quantitative) that a program or project will experience an undesired event such as cost overrun, schedule slippage, safety mishap, or failure to achieve a needed technological breakthrough; and (2) the consequences, impact, or severity of the undesired event were it to occur.
Risk Contributors List. List of hazards and their associated severity and probability contributing to a risk.
Risk Management. An organized, systematic decisionmaking process that efficiently identifies, analyzes, plans, tracks, controls, communicates, and documents risk to increase the likelihood of achieving program/project goals.
Risk (Safety) Assessment. Process of qualitative risk categorization or quantitative risk (safety) estimation, followed by the evaluation of risk significance.
Safe Haven. A location that affords life saving protection in the event of a maximum credible event.
Safety. Freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.
Safety Analysis. Generic term for a family of analyses, which includes but is not limited to: preliminary hazard analysis, system (subsystem) hazard analysis, operating hazard analysis, software hazard analysis, sneak circuit, and others.
Safety Analysis Report (SAR). A safety report of considerable detail prepared by or for the program detailing the safety features of a particular nuclear system or source.
Safety Analysis Summary (SAS). A brief summary of safety considerations for minor sources; a safety report of less detail than the SAR.
Safety Assistance Visit. Onsite evaluations by specialists and safety personnel who, after making spot checks and sampling visits and holding discussions with appropriate levels of management, provide informal or formal reports to the affected organization.
Safety Assurance. The attainment of acceptable risk for the safety of personnel, equipment, facilities, and the public during and from the performance of operations.
Safety Critical. Term describing any condition, event, operation, process, equipment, or system that could cause or lead to severe injury, major damage, or mission failure if performed or built improperly, or allowed to remain uncorrected.
Safety Critical Function. A system, equipment, or facility function or process that, by not performing as intended, causes a safety critical condition or event.
Safety Critical Item. Single failure point or other element or item in a life or mission-essential application that, as determined by the results of failure modes and effects analysis or other safety analysis, is essential to the safe functioning of a system or subsystem.
Safety Device. A device that is part of a system, subsystem, or equipment that will reduce or make controllable hazards which cannot be otherwise eliminated through design selection.
Safety Evaluation Report (SER). A safety report prepared by the INSRP detailing the INSRP's assessment of the nuclear safety of a particular source or system based upon INSRP's evaluation of the program-supplied SAR and other pertinent data.
Safety Margin. Difference between as-built factor of safety and the ratio of actual operating conditions to the maximum operating conditions specified during design.
Safety Oversight. Maintaining functional awareness of program activities on a real-time basis to ensure risk acceptability.
Safety Program. The implementation of a formal comprehensive set of safety procedures, tasks, and activities to meet safety requirements, goals, and objectives.
Safeing. Sequence of events necessary to reconfigure a system to a lower level of risk.
System Safety and Risk Management Assistance Committee (SSARMAC). This committee, established by letter from the Director, Safety and Risk Management Division, in August 1997, is chartered to (1) enhance the development, review, and reengineering of system safety and risk management policies; (2) facilitate the identification and prioritization of system safety research and technology activities; (3) foster the exchange of system safety and risk management experiences and successes within NASA; and (4) serve as a forum for discussion of issues. One member or members (if separate system safety and risk management representatives are needed) will be appointed from each Center and the Jet Propulsion Laboratory.
Serious. When used with "hazard," "violation," or "condition," denotes there is a substantial probability that death or serious physical harm could result.
Significant Root Cause. The major anomalous event immediately preceding a mishap in the absence of which the mishap would not have occurred.
Single Failure Point. An independent element of a system (hardware, software, or human) the failure of which would result in loss of objectives, hardware, or crew.
Sneak Circuit. Unintended system design condition in electrical circuits or software source code not caused by a failure, which can inhibit wanted functions or cause unintended functions to occur through a stimulus, path, or a response relationship.
Sneak Circuit Analysis (SCA). A technique by which the system safety engineer can identify latent conditions (e.g., electrical, hydraulic, or other control systems) not caused by component failure that can inhibit desired functions or cause undesired functions to occur.
Software Hazard Analysis. Identification and verification of adequate software controls and inhibits; and the identification, analysis, and elimination of discrepancies relating to safety critical command and control functions.
Software Safety Critical. Software operations that, if not performed, performed out of sequence, or performed incorrectly, could directly or indirectly cause or allow a hazardous condition to exist.
Supervisor-in-Charge of the Workplace (Establishment). A building manager, building operator, facility manager, facility operations manager (FOM), facility engineering head, or other designated official who normally initiates requests for repairs or maintenance for a particular building of a facility or area within a facility.
System Concept Review (SCR). A review conducted when sufficient system functional requirements have been established. Safety verifies the adequacy of the system requirements definitions, ensures designers are acquainted with interface technical requirements, reviews design approaches to be optimized and complete, and evaluates system interfaces for risks.
System Safety. Application of engineering and management principles, criteria, and techniques to optimize safety and reduce risks within the constraints of operational effectiveness, time, and cost throughout all phases of the system life cycle.
System Safety Manager (SSM). A designated management person who, qualified by training and/or experience, is responsible to ensure accomplishment of system safety tasks.
System Safety Review Panel (SSRP). A mechanism for enhancing the Space Shuttle Program (SSP) system safety management and engineering through informational interchanges, development of concepts to improve the SSP safety program, review of safety documentation, review of SSP integration and cargo integration, review of SSP element-level hazard identification and resolution activities, and recommendations to Level 2 management for hazard report disposition.
Users of Hazardous Material. Users are those personnel who open the incremental hazardous material shipping container, thereby exposing the material to mix, transfer, burn, freeze, pour, vent, react, dispose, or otherwise use or alter the material.
Vacuum System. An assembly of components under vacuum, including vessels, piping, valves, relief devices, pumps, expansion joints, gages, etc.
Vacuum Vessel. A vessel in which the internal pressure has been reduced to a level less than that of the surrounding atmosphere.
Validation. (1) An evaluation technique to support or corroborate safety requirements to ensure necessary functions are complete and traceable; or (2) the process of evaluating software at the end of the software development process to ensure compliance with software requirements.
Variance. Documented and approved permission to perform some act or operation contrary to established requirements.
Verification (Software). (1) The process of determining whether the products of a given phase of the software development cycle fulfill the requirements established during the previous phase (see also validation); or (2) formal proof of program correctness; or (3) the act of reviewing, inspecting, testing, checking, auditing, or otherwise establishing and documenting whether items, processes, services, or documents conform to specified requirements.
Waiver: A variance that authorizes departure from a specific safety requirement where a certain level of risk has been documented and accepted.
1. The following awards represent NASA`s primary means for recognizing outstanding safety performance:
a. NASA Honor Awards. These awards are approved by the Administrator and represent the highest honorary recognition bestowed by NASA. Government and non-Government personnel making significant safety contributions may be nominated for these awards following the guidelines provided in NPR 3451.1, "The NASA Awards and Recognition Program."
b. NASA Space Flight Awareness, Flight Safety Award. This award is managed by the Space Flight Safety Panel in accordance with NPR 1000.3, paragraph 6.21. It is bestowed in recognition of contributions to space flight safety made through design, device, or practice. The purpose of the award is to acknowledge the individuals whose personal efforts, above and beyond their job commitment, result in significant, direct contributions to space flight safety. The award is given to both individuals and groups. Every Government and industry employee supporting NASA`s human space flight programs is eligible for this award.
c. Center Safety Awards. The majority of NASA safety awards are issued at the local level as part of each Center`s overall safety effort. Safety programs at NASA Centers shall include an awards program, designed in accordance with this document, to recognize and encourage safety in all operations.
2. NASA safety awards shall be properly designed to motivate and maintain safe behavior. The following principles shall be considered when developing safety awards:
a. The manner in which the award is presented is important. The award should be presented publicly to effectively satisfy the individual`s/group`s need for recognition and thereby provide an incentive for other personnel.
b. Any award based on competition must be carefully designed to avoid possible negative aspects. (For example, employees involved in a competition to reduce on-the job injuries have been known to avoid seeking medical attention for an injury so that it would not be reported.)
c. The safety awards program should be part of the participating safety program and include all personnel.
d. The responsible NASA safety organization shall clearly define the purpose of each award, those who are eligible, and the criteria for selection.
e. Award presentations and the safety contributions made by award recipients shall be sufficiently publicized to heighten employee safety awareness and to encourage active employee participation in all efforts designed to improve safety performance.
f. Awards shall be granted on the basis of merit without regard to age, color, handicap, marital status, national origin, politics, participation or non-participation in a labor organization, race, religion, or sex.
g. NASA awards for safety excellence shall be granted based on specific published criteria. Nominations shall be evaluated against the individual awards criteria and not against any unwritten standards or interpretations.
3. In conjunction with safety awards, NASA safety programs may distribute items of minimal value to individuals as a means of promoting safe work practices and heightening safety awareness. The following apply to the purchase and distribution of safety promotional items:
a. Procurements made with Federally-appropriated funds are subject to the rulings of the General Accounting Office (GAO). Safety promotional items usually are interpreted by GAO as personal gifts, and therefore have not been allowed. It is recommended that non-appropriated funds be used for the procurement of safety promotional items whenever possible.
b. Safety promotional items shall be distributed for valid reason and shall not be given with such frequency that they lose meaning.
c. All items shall be clearly identified as NASA safety program items via printed markings and/or safety logos.
The purpose of safety analysis is to provide a means to systematically and objectively identify hazards, determine their risk level, and provide the mechanism for their elimination or control. Safety analysis is an iterative process that begins with the concept and extends throughout the life cycle including disposal.
1. Functions supported by the analysis include the following:
a. Providing the foundation for the development of safety criteria and requirements.
b. Determining whether and how the safety criteria and requirements provided to engineering have been included in the design.
c. Determining whether the safety criteria and requirements created for design and operations have provided an acceptable level of risk for the system.
d. Providing part of the means for imposing pre-established safety goals.
e. Providing a means for demonstrating that safety goals have been met.
The extent and depth of analysis required to meet these five functions will be determined by system complexity and loss potential.
2. During the hazard identification process, it is essential to remain nonjudgmental about the associated probability, severity, and corrective actions. Once identified, hazards shall then be ranked by severity, probability of occurrence, and program impact (risk assessment). Sufficient analysis must be performed to assess the likelihood of occurrence (usually qualitative for early assessments) for each identified undesired event.
3. There are several types of analyses necessary to identify all the hazards; some are specialized and others, as designs mature, build on previously accomplished analyses.
4. Analyses such as the ones described below shall be employed to the extent and depth determined by the system safety manager as necessary to fully assess the risk to personnel, equipment, and property.
a. Preliminary Hazard Analysis (PHA). In many ways the PHA is the most important of the safety analyses because it is the foundation on which the rest of the safety analyses and the system safety tasks are built. It documents which generic hazards are associated with the design and operational concept. This provides the initial framework for a master listing (or hazard catalog) of hazards and associated risks that require tracking and resolution during the course of the program design and development. The PHA also may be used to identify safety-critical systems that will require the application of failure modes and effects analysis and further hazard analysis during the design phases.
b. The program shall require and document a PHA to obtain an initial listing of risk factors for a system concept. The PHA effort shall be started during the concept exploration phase or earliest life cycle phases of the program. A PHA considers hardware, software, and the operational concepts. Hazards identified in the PHA will be assessed for risk based on the best available data, including mishap data from similar systems, other lessons learned, and hazards associated with the proposed design or function. Mishap and lessons learned information are available in the Incident Reporting Information System (IRIS) and the Lessons Learned Information System (LLIS). The risk assessment developed from the PHA will be used to ensure safety considerations are included in tradeoff studies of design alternatives; development of safety requirements for program and design specifications, including software for safety-critical monitor and control; and definition of operational conditions and constraints.
c. Extensions and refinements of the PHA should coincide with the development of the design after the conceptual phase. A system generally consists of several discrete subsystems that should be individually analyzed in subsystem hazard analysis (SSHA). The results of the SSHA`s in turn feed into the SHA, which will integrate its subsystems and identify hazards that cross the subsystem interfaces. The number of systems and subsystems in a program is a function of the complexity of individual projects and will be determined by the program. In relatively simple programs, the SHA may also serve as the integrated hazard analysis (IHA) if it also addresses risks. The hazard listing in the safety assessment report (SAR) must be updated to indicate the closure of hazards and newly identified hazards. The SHA should be completed coincidentally with the critical design review (CDR).
d. Operating and Support Hazard Analysis (O&SHA). The O&SHA is performed primarily to identify and evaluate the hazards associated with the use of environment, personnel interface, procedures including automated command and control, and supporting facilities/equipment involved in the operation of a system/element. "Operation" for the purposes of this appendix may include, but is not limited to, activities such as testing, installation, maintenance, transportation, contingency operations, and others. This analysis considers the planned system configuration or state at each phase of activity, the facility interfaces, the planned environments (or their ranges), the supporting tools or other equipment specified for use, operational/task sequence, concurrent task effects and limitations, biotechnological factors, regulatory or specified personnel safety and health requirements, and the potential for unplanned events including hazards introduced by human errors (see paragraph g., Human Factor Engineering Analysis). The O&SHA shall identify the safety requirements (i.e., constraints, limitations, conditions) to eliminate hazards or to reduce the associated risk to a level that is acceptable under either regulatory or specified criteria. An O&SHA is also used to validate design safety by verifying that the system will perform as expected if the operator correctly performs each step of approved procedures. The O&SHA should be updated when any system design or operational changes are included to ensure any needed hazard control changes.
e. Integrated Hazard Analysis (IHA). A complex program will require analysis of the widely divergent elements or system designs that must be assembled and operated together. The IHA ensures that hazards, along with their causes and controls, that cross element, system, or operational interfaces are identified, assessed, and resolved to an acceptable level. For purposes of the IHA, integration should be considered an element of a system. This analysis should start with an integrated PHA and progress in parallel with other system or element safety analyses. This analysis is broader in scope in that it looks at an entire program rather than a portion of it. The IHA process should act as a conduit to facilitate notification of affected systems or elements when a hazard, cause, or control crosses an interface.
f. System Hazard Analysis (SHA). An SHA is a top-level hazards analysis to verify system compliance with safety requirements contained in system specifications and other applicable documents. It is used to identify previously unidentified hazards associated with the subsystem interfaces and system functional faults; assess the risk associated with the total system design, including software, and specifically of the subsystem interfaces; and recommend actions necessary to eliminate identified hazards and/or control their associated risk to acceptable levels.
g. Software Safety Analysis (SSA). A PHA identifies the safety-critical characteristics of a system. If the PHA identifies hazards that are functions assigned to an inhibit or software control of the system undergoing analysis, that software must undergo safety analysis. When a system software component has been identified as safety-critical, the software safety analysis process shall begin with the development of safety objectives. The safety objectives shall be derived by examining the properties of each critical function and expressing them in terms of system responses and consequences. These objectives shall be unique to each safety-critical software component. Software safety analysis verifies that the software contains no errors or deficiencies that could contribute to risks to people or property. Software safety analysis consists of four phases: requirements analysis, design analysis, code analysis, and testing. The safety analysis effort shall begin with the requirements analysis phase of software development. This will ensure that all safety-critical requirements are specified and designed into the final software product. This approach to software safety analysis will provide optimum software safety with the least impact to the cost and schedule of the software development effort. The analysis techniques must be structured to allow for revisions and updates as the system matures.
h. Subsystem Hazard Analysis (SSHA). An SSHA is a hazards analysis to verify subsystem compliance with safety requirements contained in subsystem specifications and other applicable documents. It is used to identify previously unidentified hazards associated with the design of subsystems including component failure modes, critical human error inputs, and hazards resulting from functional relationships between components and equipment comprising each subsystem, and to recommend actions necessary to eliminate identified hazards or control their associated risk to acceptable levels.
i. Human Factors Engineering Analysis. The program manager should apply human factors engineering analysis for human error avoidance during the development and acquisition of NASA systems, equipment, software, and facilities to achieve the effective integration of the human element into system performance. A human error avoidance effort shall be provided to develop or improve the crew-equipment/software interface; to achieve required effectiveness of human performance during system operation and maintenance; to make economical use of personnel resources, skills, and training; and to minimize the possibility of human-induced error. Two-fault tolerance is required for all human errors that could result in a catastrophic hazard. The human error avoidance assessment shall be an integral part of the PHA, SHA, SSHA, and O&SHA as required. Human engineering principles shall be applied to the design to eliminate or mitigate potential hazards associated with the man-machine interface. Extensions or transformations of the results of system safety efforts for use in the human error avoidance task are not considered duplication.
5. The following tools and techniques shall be selected as appropriate to help identify the primary causes of an identified hazard:
a. Failure Modes and Effects Analysis (FMEA)/Critical Items List (CIL). The FMEA is usually performed by the assigned reliability office to identify critical items in hardware. The FMEA should be used to assist safety personnel to perform hazard analyses and supplement, not replace, hazard analyses. Safety personnel can use the FMEA to help verify that all safety-critical hardware has been addressed in the hazard analyses. The FMEA in hardware systems is an important technique for evaluating the design and documenting the review process. All credible failure modes and their resultant effects at the component and system levels are identified and documented. Items which meet defined criteria are identified as critical items and are placed on the CIL. Each entry of the CIL is then evaluated to see if design changes can be implemented so the item can be deleted from the CIL. Items that cannot be deleted from the CIL must be accepted by the program/project based on the rationale for acceptance of the identified risk. The analysis follows a well-defined sequence of steps that encompasses (1) failure mode, (2) failure effects, (3) causes, (4) detectability, (5) corrective or preventative actions, and (6) rationale for acceptance.
b. Fault Tree Analysis (FTA). The FTA is a technique by which the system safety engineer can rigorously evaluate specific hazardous events. It is a type of logic tree that is developed by deductive logic from a top undesired event to all subevents that must occur to cause it. It is primarily used as a qualitative technique for studying hazardous events in systems, subsystems, components, or operations involving command paths. The FTA can be used to verify that the FMEA has identified all Critical Single Failure Points (CSFPs) consistent with the Top Event hazardous condition. It also can be used for quantitatively evaluating the probability of the top event and all subevent occurrences when sufficient and accurate data are available. Quantitative analyses shall be performed only when it is reasonably certain that the data for part/component failures and human errors for the operational environment exist. The individual failure paths or minimal cut sets shall be generated and evaluated for acceptable risk.
c. Sneak Circuit Analysis (SCA). The SCA is a technique by which the system safety engineer can identify latent conditions (e.g. electrical, hydraulic, or other control systems) not caused by component failure that can inhibit desired functions or cause undesired functions to occur. A full-scale SCA may not be feasible depending on project constraints. Therefore, an SCA can be done on catastrophic hazards as identified by system-level FMEA or hazards analyses.
d. Event Tree Analysis (ETA). The ETA is a technique by which the system safety engineer can evaluate possible outcomes using a type of logic tree. It is an inductive logic method for identifying the various possible outcomes of a given initiating event.
1. Hazard reports (HR`s) for safety hazards shall be written prior to each major milestone to document residual risks identified in the hazard analysis process against program requirements. The HR is a tool by which residual risks are identified in such a manner that each level of technical management in a program can evaluate the risks and formally accept them based on documented rationale. HR`s will be updated to reflect program changes and modifications that affect the identified risk.
2. Specific data requirements will vary among programs, but the HR data elements within a program will be standardized. The following is recommended as a minimum data element set. This process is not intended to apply to those Federally-mandated requirements, e.g., OSHA, DOT, FAA, etc.
a. Report Number. Each HR will be given a unique alpha-numeric number that identifies the system/subsystem for which it is written. Provision will be made for a revision letter and Document Control Number (DCN).
b. Date. Date of preparation/revision of the HR.
c. Status.
Closed: Corrective action to eliminate or control the hazard has been implemented or scheduled for implementation before the effectivity identified in the HR. Program management accepts the risk pending completion of corrective action and verification. Baselining (written approval of the HR within the configuration management system) is required to approve an HR as closed.
Open: An HR status is open when corrective action to eliminate or control the hazard has not been completed and the corrective action is not scheduled to be performed.
d. Title. Provide a short descriptive (not generic) title for the hazard.
e. System. Identify the system/subsystem/component at the level at which the hazard is being written.
f. Effectivity. This element helps to narrow and define the applicability of the hazard. It will vary by type of program and could be specific to a test, flight, or vehicle. It could also be applicable to a series (or fleet) of tests, vehicles, or flights.
g. Operation Phase. A discrete period defined by the program for tests or operations during which the hazard could occur. A hazard could occur during one or more phases such as pre-launch, stage one, on-orbit, recovery, etc.
h. Description of the Hazardous Condition. Describe the condition which can/will lead to loss of flight or ground personnel, loss of safety-critical system, loss of life or injury to the public, loss of equipment/flight vehicle, or loss of public property. The hazardous condition shall be described in terms of one or more generic hazards, such as fire/explosion, impact, etc. The description should explicitly specify the equipment involved, e.g., "Impact between separating upper stages could result in loss of trajectory control for final stage."
i. Risk Acceptance Rationale. Provide a brief summary of the technical rationale for accepting the residual risks identified in the HR.
j. Submittal Signatures. The specific signatures required on a HR will vary with the size of the program and whether it is contracted or performed in-house at NASA. The following signatures should be required as a minimum:
(1) Originating activity design engineer.
(2) Originating activity safety engineering manager.
(3) Assigned NASA Field Installation system/subsystem engineer.
(4) Assigned NASA Field Installation safety engineer.
k. Risk Assessment Section. The risk assessment section of the HR comprises several linked data elements. These are: cause(s), effect(s), safety requirements, control(s), verification(s), classification, severity, and likelihood of occurrence. While an HR is generated to address one hazardous condition, the condition may result from several related or mutually exclusive hazard causes. In turn, each cause could result in multiple effects and multiple safety requirements. Multiple controls may be required to control the cause, the effect, or both, and each control may use several verification methods to assure the control is in place. Each discrete effect, safety requirement, and control will be hard-linked to its cause, and each discrete verification method will be hard-linked to its control. Based on the data, the risk (severity and likelihood of occurrence) will be assessed for each cause, and the cause will be assigned a classification based on the risk. For each hazard cause, the worst case effect will determine the severity level to be assigned. For each hazard cause, the controls that are in place are assessed to determine the likelihood of occurrence from the program risk assessment matrix when the likelihood of occurrence has been derived using probabilistic methods, the numerical probability will be used. Eliminated hazard cause will not be documented in this part of the HR, but should be included in background data to maintain visibility of improvements made during the hazard analysis and reporting process. The assigned reference number of the eliminated cause and linked data will not be deleted, but will be annotated as "Eliminated."
l. Causes. Describe the unsafe acts or conditions that may lead to the hazardous event. Hazard causes shall be identified down to the level at which controls are to be applied and shall consider environments, hardware failures, secondary failures/conditions, software errors, procedural errors, operationally induced external and internal failures, and human errors/limitations. In addition to the program engineering and operations data, generation of the causes and linked data should consider waivers and deviations with safety impact; test, processing, and operational problems/anomalies; alerts and, trending data; and interface/integrated hours.
m. Effect(s). Describe the potential worst case outcomes of the hazard cause.
n. Requirement(s). Provide narrative descriptions of the requirement(s) that define criteria to be met when controlling the hazard. In addition to listing safety requirements used to control the hazard, provide other requirements used to control each cause and effect. The reference must include document number and title. The lowest level requirements should be used as primary references and the higher level requirements as secondary priority.
o. Control(s). Provide narrative description(s) of the appropriate design, safety devices, alarm/caution and warning devices, or special automatic/manual procedures used to control the hazard. Documentation references by document number and title are required for each control.
p. Verification(s). Identify the method(s) used to verify the hazard control(s). Verification methods include analyses, tests, inspections, and operations and maintenance requirements. Verification reference documents will be identified by number and title. Procedures and/or specifications will be referenced to document verification.
q. Severity. Describe severity for each cause by assessing the most severe effect and documenting it as catastrophic, critical, moderate, or negligible (see Chapter 3 for more information).
r. Likelihood of Occurrence. This part of the HR is completed for each cause.
(1) When probabilistic risk assessment methods are used, list the numerical probability of occurrence for this cause.
(2) When qualitative risk assessment methods are used, the controls that are in place must be assessed and documented for likelihood of occurrence in accordance with the defined program risk assessment matrix. The following are recommended probability definitions (see Chapter 3 for more information).
A - Likely to occur immediately.
(X > 10-1 )
B - Probably will occur in time.
(10-1> X > 10-2 )
C - May occur in time. (10-2>
X > 10-3 )
D - Unlikely to occur. (10-3>
X > 10-6 )
E - Improbable to occur. (10-6>
X)
s. Classification. Each hazard cause will be assigned a classification of controlled, accepted risk, or (extremely rare) unacceptable risk. A risk of the latter magnitude should never reach the HR baseline stage, but provision is made for its use when the HR is used for information reporting. See the Glossary for definition of the classification terms.
3. Overall HR Risk Assessment and Closure.
a. Quantitative.
(1) The quantitative approach involves the use of probabilistic risk assessment methods to compute the risk probability for the hazard.
(2) A numerical probability alone may not be sufficient to make a closure determination. Extremely low probabilities are easy to call, but higher probabilities may require further controls. The program shall devise a method/policy for determining closure.
b. Qualitative.
(1) When qualitative risk assessment methods are used, a risk picture, using a program-defined risk assessment matrix, shall be included as part of the HR and presented to program management as a check to ensure the proper severity and likelihood of occurrence. An example of the risk assessment matrix is shown in figure 3-1. This matrix uses the severity and suggested likelihood of occurrence definitions from Chapter 3. The risk matrix will be completed by documenting each hazard cause severity and likelihood of occurrence in the appropriate block. The controls are considered to be in place when the matrix is marked.
(2) Hazard closure classifications will be either eliminated, accepted as is, or controlled. Unacceptable risks require reduction prior to HR baselining and are a constraint to tests and operations.
4. Interfaces. Identify system interface(s) that are affected by and cause hazard conditions within the report, including facilities, ground support equipment (GSE), and other parts of the program.
5. References. Include pertinent reference information to other program documentation that affect, and are affected by, data elements within the HR. These include, but are not limited to, FMEA/CIL, requirement and specification documents, procedures, test and operational limitation and criteria rules, and flight rules.
6. Background/Remarks. Include information that increases understanding of the hazard, describes changes to the hazard, and identifies supportive documentation, etc. Use it to document the chronology of major events associated with the hazard, including related flight history, test and check-out, failure summaries, changes to the design or operation, etc.
7. Status of Open Work. Identify open work, responsible agency, action required, and the due date. Completion due dates will be supplied only for open work that is a constraint to a critical milestone in the program.
8. Preparing Engineer and Date. Identify the preparing engineer/analyst and the date the HR was prepared.
Employee Training
Schedule
|
Year - Quarter |
|||||||
Type
Employee
|
99-1 |
99-2 |
99-3 |
99-4 |
00-1 |
00-2 |
00-3 |
00-4 |
New Employee Orientation |
|
|
|
|
|
|
|
|
All Employees |
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
Management |
||||||||
|
|
|
|
||||||
|
|
|
|
|
|
||||
Supervisors |
||||||||
|
|
|
|
|
|
||||
Employee Representatives |
||||||||
|
|
|
|
|
|
||||
Laboratory Workers |
||||||||
|
|
|
|
|
|
||||
Motor Vehicle Operators |
||||||||
|
|
|
|
|
|
||||
Material Handlers |
||||||||
|
|
|
|
|
|
||||
1. Values of A1 and A2 for individual radionuclides, which are the basis for many activity limits elsewhere in this NPR, are given in Table I.
DETERMINATION OF A1 AND A2
2. For individual radionuclides whose identities are known, but which are not listed in Table I, the determination of the values of A1 and A2 shall require competent authority approval or, for international transport, multilateral approval. Alternatively, the values of A1 and A2 in Table II may be used without obtaining competent authority approval.
3. In the calculations of A1 and A2 for a radionuclide not in Table I, a single radioactive decay chain in which the radionuclides are present in their naturally occurring proportions and in which no daughter nuclide has a half-life either longer than 10 days or longer than that of the parent nuclide shall be considered as a single radionuclide, and the activity to be taken into account and the A1 or A2 value to be applied shall be those corresponding to the parent nuclide of that chain. In the case of radioactive decay chains in which any daughter nuclide has a half-life either longer than 10 days or greater than that of the parent nuclide, the parent and such daughter nuclides shall be considered as mixtures of different nuclides.
4. For mixtures of radionuclides whose identities and respective activities are known, the following conditions shall apply:
(a) For special form radioactive material:
(b) For other forms of radioactive material:
where B(i) is the activity of radionuclide i and A1(i) and A2(i) are the A1 and A2 values for radionuclide i, respectively.
TABLE I. A1 and A2 VALUES FOR RADIONUCLIDES
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 225Ac (b)* 227Ac 228Ac |
Actinium (89) | 0.6 40 0.6 |
10 1000 10 |
1 x 10-22 x 10-1 2 x 10-55 x 10-4 0.4 |
10 |
| 105Ag 108Agm 110Agm 111Ag |
Silver (47) | 2 0.6 0.4 0.6 |
50 10 10 10 |
2 0.6 0.4 0.6 |
50 10 10 10 |
| 26Al | Aluminum (13) | 0.4 | 10 | 0.4 | 10 |
| 24lAm 242Amm 243Am |
Americium (95) | 2 2 2 |
50 50 50 |
2 x 10-45 x 10-3 2 x 10-45 x 10-3 2 x 10-45 x 10-3 |
|
| 37Ar 39Ar 4lAr 42Ar (b) |
Argon (18) | 40 20 0.6 0.2 |
1000 500 10 5 |
40 20 0.6 0.2 |
1000 500 10 5 |
| 72As 73As 74As 76As 77As |
Arsenic(33) | 0.2 40 1 0.2 20 |
5 1000 20 5 500 |
0.2 40 0.5 0.2 0.5 |
5 1000 10 5 10 |
| 211At | Astatine (85) | 30 | 800 | 2 | 50 |
* Note: (b) indicates a footnote at the end of Table I: this form is used to avoid confusion with the superscript m.
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 193Au 194Au 195Au 196Au 198Au 199Au |
Gold (79) | 6 1 10 2 3 10 |
100 20 200 50 80 200 |
6 1 10 2 0.5 0.9 |
100 20 200 50 10 20 |
| 131Ba 133Bam 133Ba 140Ba (b) |
Barium (56) | 2 10 3 0.4 |
50 200 80 10 |
2 0.9 3 0.4 |
50 20 80 10 |
| 7Be 10Be |
Beryllium (4) | 20 20 |
500 500 |
20 0.5 |
500 10 |
| 205Bi 206Bi 207Bi 210Bim (b) 210Bi 212Bi (b) |
Bismuth (83) | 0.6 0.3 0.7 0.3 0.6 0.3 |
10 8 10 8 10 8 |
0.6 0.3 0.7 3 x 10-28 x 10-1 0.5 0.3 . |
10 8 10 10 |
| 247Bk 249Bk |
Berkelium (97) | 2 40 |
50 1000 |
2 x 10-45 x 10-3 8 x 10-2 2 |
|
| 76Br 77Br 82Br |
Bromine (35) | 0.3 3 0.4 |
8 80 10 |
0.3 3 0.4 |
8 80 10 |
| 11C 14C |
Carbon (6) | 1 40 |
20 1000 |
0.5 2 |
10 50 |
| 41Ca 45Ca 47Ca |
Calcium (20) | 40 40 0.9 |
1000 1000 20 |
40 0.9 0.5 |
1000 20 10 |
| 109Cd 113Cdm 115Cdm 115Cd |
Cadmium (48) | 40 20 0.3 4 |
1000 500 8 100 |
1 9 x 10-2 2 0.3 0.5 |
20
8 |
| 139Ce 141Ce 143Ce 144Ce (b) |
Cerium (58) | 6 10 0.6 0.2 |
100 200 10 5 |
6 0.5 0.5 0.2 |
100 10 10 5 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 248Cf 249Cf 250Cf 251Cf 252Cf 253Cf 254Cf |
Californium (98) | 30 2 5 2 0.1 40 3 x 10-38 x 10-2 |
800 50 100 50 2 1000 6 x 10-41 x 10-2 |
3 x 10-38 x 10-2 2 x 10-45 x 10-3 5 x 10-41 x l0-2 2 x 10-45 x 10-3 1 x 10-32 x 10-2 6 x 10-2 1 |
|
| 36Cl 38Cl |
Chlorine (17) | 20 0.2 |
500 5 |
0.5 0.2 |
10 5 |
| 240Cm 241Cm 242Cm 243Cm 244Cm 245Cm 246Cm 247Cm 248Cm |
Curium (96) | 40 2 40 3 4 2 2 2 4 x 10-2 1 |
1000 50 1000 80 100 50 50 50 5 x 10-5 |
2 x 10-25 x 10-1 0.9 1 x 10-22 x 10-1 3 x 10-48 x 10-3 4 x 10-41 x 10-2 2 x 10-45 x 10-3 2 x 10-45 x 10-3 2 x 10-45 x 10-3 1 x 10-3 |
20 |
| 55Co 56Co 57Co 58Com 58Co 60Co |
Cobalt (27) | 0.5 0.3 8 40 1 0.4 |
10 8 200 1000 20 10 |
0.5 0.3 8 40 1 0.4 |
10 8 200 1000 20 10 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 5lCr | Chromium (24) | 30 | 800 | 30 | 800 |
| 129Cs 131Cs 132Cs 134Csm 134Cs 135Cs 136Cs 137Cs (b) |
Caesium (55) | 4 40 1 40 0.6 40 0.5 2 |
100 1000 20 1000 10 1000 10 50 |
4 40 1 9 0.5 0.9 0.5 0.5 |
100 1000 20 200 10 20 10 10 |
| 64Cu 67Cu |
Copper (29) | 5 9 |
100 200 |
0.9 0.9 |
20 20 |
| 159Dy 165Dy 166Dy (b) |
Dysprosium (66) | 20 0.6 0.3 |
500 10 8 |
20 0.5 0.3 |
500 10 8 |
| 169Er 171Er |
Erbium (68) | 40 0.6 |
1000 10 |
0.9 0.5 |
20 10 |
| 147Eu 148Eu 149Eu 150Eu 152Eum 153Eu 154Eu 155Eu 156Eu |
Europium (63) | 2 0.5 20 0.7 0.6 0.9 0.8 20 0.6 |
50 10 500 10 10 20 20 500 10 |
2 0.5 20 0.7 0.6 0.9 0.8 2 0.5 |
50 10 500 10 10 20 10 50 10 |
| 18F | Fluorine (9) | 1 | 20 | 0.5 | 10 |
| 52Fe (b) 55Fe 59Fe 60Fe |
Iron (26) | 0.2 40 0.8 40 |
5 1000 20 1000 |
0.2 40 0.8 0.2 |
5 1000 20 5 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 67Ga 68Ga 72Ga |
Gallium (31) | 6 0.3 0.4 |
100 8 10 |
6 0.3 0.4 |
100 8 10 |
| 146Gd (b) 148Gd 153Gd 159Gd |
Gadolinium (64) | 0.4 3 10 4 |
10 80 200 100 |
0.4 3 x 10-48 x 10-3 5 0.5 |
10
100 |
| 68Ge (b) 71Ge 77Ge |
Germanium (32) | 0.3 40 0.3 |
8 1000 8 |
0.3 40 0.3 |
8 1000 8 |
| 172Hf (b) 175Hf 18lHf 182Hf |
Hafnium (72) | 0.5 3 2 4 |
10 80 50 100 |
0.3 3 0.9 3 x 10-28 x 10-1 |
8 80 20 |
| 194Hg (b) 195Hgm 197Hgm 197Hg 203Hg |
Mercury (80) | 1 5 10 10 4 |
20 100 200 200 100 |
1 5 0.9 10 0.9 |
20 100 20 200 20 |
| 163Ho 166Hom 166Ho |
Holmium (67) | 40 0.6 0.3 |
1000 10 8 |
40 0.3 0.3 |
1000 8 8 |
| 123I 124I 125I 126I 129I 131I 132I 133I 134I 135I |
Iodine (53) | 6 0.9 20 2 Unlimited |
100 20 500 50 80 |
6 0.9 2 0.9 Unlimited |
100 20 50 20 10 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 111In 113Inm 114Inm (b) 115Inm |
Indium (49) | 2 4 0.3 6 |
50 100 8 100 |
2 4 0.3 0.9 |
50 100 8 20 |
| 189Ir 190Ir 192Ir 193Irm 194Ir |
Iridium (77) | 10 0.7 1 10 0.2 |
200 10 20 200 5 |
10 0.7 0.5 10 0.2 |
200 10 10 200 5 |
| 40K 42K 43K |
Potassium (19) | 0.6 0.2 1 |
10 5 20 |
0.6 0.2 0.5 |
10 5 10 |
| 8lKr 85Krm 85Kr 87Kr |
Krypton (36) | 40 6 20 0.2 |
1000 100 500 5 |
40 6 10 0.2 |
1000 100 200 5 |
| 137La 140La |
Lanthanum (57) | 40 0.4 |
1000 10 |
2 0.4 |
50 10 |
| LSA | Low specific | activity material | (see paragraph. | 131 of Parent | Document) |
| 172Lu 173Lu 174Lum 174Lu 177Lu |
Lutetium (71) | 0.5 8 20 8 30 |
10 200 500 200 800 |
0.5 8 8 4 0.9 |
10 200 200 100 20 |
| MFP | For mixed fission | products, use | formula for | mixtures or | Table II |
| 28Mg (b) | Magnesium (12) | 0.2 | 5 | 0.2 | 5 |
| 52Mn 53Mn 54Mn 56Mn |
Manganese (25) | 0.3 Unlimited 1 0.2 |
8
20 |
0.3 Unlimited 1 0.2 |
8
20 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 93Mo 99Mo |
Molybdenum (42) | 40 0.6 |
1000 10 |
7 0.5 |
100 10 |
| 13N | Nitrogen (7) | 0.6 | 10 | 0.5 | 10 |
| 22Na 24Na |
Sodium (11) | 0.5 0.2 |
10 5 |
0.5 0.2 |
10 5 |
| 92Nbm 93Nbm 94Nb 95Nb 97Nb |
Niobium (41) | 0.7 40 0.6 1 0.6 |
10 1000 10 20 10 |
0.7 6 0.6 1 0.5 |
10 10 10 20 10 |
| 147Nd 149Nd |
Neodymium (60) | 4 0.36 |
100 10 |
0.5 0.5 |
10 10 |
| 59Ni 63Ni 65Ni |
Nickel (28) | 40 40 0.3 |
1000 1000 8 |
40 30 0.3 |
1000 800 8 |
| 235Np 236Np 237Np 239Np |
Neptunium (93) | 40 7 2 6 |
1000 100 50 100 |
40 1 x 10-32 x 10-2 2 x 10-45 x 10-3 0.5 |
1000 10 |
| 185Os 191Osm 191Os 193Os 194Os (b) |
Osmium (76) | 1 40 10 0.6 0.2 |
20 1000 200 10 5 |
1 40 0.9 0.5 0.2 |
20 1000 20 10 5 |
| 32P 33P |
Phosphorus (15) | 0.3 40 |
8 1000 |
0.3 0.9 |
8 20 |
| 230Pa 23lPa 233Pa |
Protactinium (91) | 2 0.6 5 |
50 10 100 |
0.1 6 x 10-51 x 10-3 0.9 |
2 20 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 201Pb 202Pb 203Pb 205Pb 210Pb (b) 212Pb (b) |
Lead (82) | 1 40 3 Unlimited 0.6 0.3 |
20 1000 80 10 |
1 2 3 Unlimited 9 x 10-32 x 10-1 .3 | 20 50 80 8 |
| 103Pd 107Pd 109Pd |
Palladium (46) | 40 Unlimited 0.6 |
1000
10 |
40 Unlimited 0.5 |
1000 10 |
| 143Pm 144Pm 145Pm 147Pm 148Pmm 149Pm 151Pm |
Promethium (61) | 3 0.6 30 40 0.5 0.6 3 |
80 10 800 1000 10 10 80 |
3 0.6 7 0.9 0.5 0.5 0.5 |
80 10 100 20 10 10 10 |
| 208Po 209Po 210Po |
Polonium (84) | 40 40 40 |
1000 1000 1000 |
2 x 10-25 x 10-1 2 x 10-25 x 10-1 2 x 10-25 x 10-1 |
|
| 142Pr 143Pr |
Praseodymium (59) | 0.2 4 |
5 100 |
0.2 0.5 |
5 10 |
| 188Pt (b) 191Pt 193Ptm 193Pt 195Ptm 197Ptm 197Pt |
Platinum (78) | 0.6 3 40 40 10 10 20 |
10 80 1000 1000 200 200 500 |
0.6 3 9 40 2 0.9 0.5 |
10 80 200 1000 50 20 10 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 236Pu 237Pu 238Pu 239Pu 240Pu 241Pu 242Pu 244Pu (b) |
Plutonium (94) | 7 20 2 2 2 40 2 0.3 |
100 500 50 50 50 1000 50 8 |
7 x 10- 4 20 2 x 10-45 x 10-3 2 x 10-4 5 x 10-3 2 x 10-4 1 x 10-22 x 10-1 2 x 10-45 x 10-3 2 x 10-45 x 10-3 |
1 x 10-2 500 5 x 10-3 |
| 223Ra (b) 224Ra (b) 225Ra (b) 226Ra (b) 228Ra (b) |
Radium (88) | 0.6 0.3 0.6 0.3 0.6 |
10 8 10 8 10 |
3 x 10-28 x 10-1 6 x 10-2 1 2 x 10-25 x 10-1 2 x 10-25 x 10-1 4 x 10-2 1 |
|
| 81Rb 83Rb 84Rb 86Rb 87Rb Rb (natural) |
Rubidium (37) | 2 2 1 0.3 Unlimited Unlimited |
50 50 20 8 |
0.9 2 0.9 0.3 Unlimited Unlimited |
20 50 20 8 |
| 183Re 184Rem 184Re 186Re 187Re 188Re 189Re Re (natural) |
Rhenium (75) | 5 3 1 4 Unlimited 0.2 4 Unlimited |
100 80 20 100 5 |
5 3 1 0.5 Unlimited 0.2 0.5 Unlimited |
100 80 20 10 5 |
| 99Rh 101Rh 102Rhm 102Rh 103Rhm 105Rh |
Rhodium (45) | 2 4 2 0.5 40 10 |
50 100 50 10 1000 200 |
2 4 0.9 0.5 40 0.9 |
50 100 20 10 1000 20 |
| 222Rn (b) | Radon (86) | 0.2 | 5 | 4 x 10-31 x 10-1 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2(TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 97Ru 103Ru 105Ru 106Ru (b) |
Ruthenium (44) | 4 2 0.6 0.2 |
100 50 10 5 |
4 0.9 0.5 0.2 |
100 20 10 5 |
| 35S | Sulfur (16) | 40 | 1000 | 2 | 50 |
| 122Sb 124Sb 125Sb 126Sb |
Antimony (51) | 0.3 0.6 2 0.4 |
8 10 50 10 |
0.3 0.5 0.9 0.4 |
8 10 20 10 |
| 44Sc 46Sc 47Sc 48Sc |
Scandium (21) | 0.5 0.5 9 0.3 |
10 10 200 8 |
0.5 0.5 0.9 0.3 |
10 10 20 8 |
| SCO | Surface | contaminated | objects (see parag. | 144 of Parent | Document) |
| 75Se 79Se |
Selenium (34) | 3 40 |
80 1000 |
3 2 |
80 50 |
| 31Si 32Si |
Silicon (14) | 0.6 40 |
10 1000 |
0.5 0.2 |
10 5 |
| 145Sm 147Sm 151Sm 153Sm |
Samarium (62) | 20 Unlimited 40 4 |
500
1000 |
20
4 |
500 Unlimited 100 10 |
| 113Sn (b) 117Snm 119Snm 121Snm 125Sn 126Sn (b) |
Tin (50) | 4 6 40 40 0.6 0.2 0.3 |
100 100 1000 1000 10 5 8 |
4 2 40 0.9 0.5 0.2 0.3 |
100 50 1000 20 10 5 8 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 82Sr (b) 85Srm 85Sr 87Srm 89Sr 90Sr (b) 91Sr 92Sr (b) |
Strontium (38) | 0.2 5 2 3 0.6 0.2 0.3 0.8 |
5 100 50 80 10 5 8 5 |
0.2 5 2 3 0.5 0.1 0.3 0.5 |
5 100 50 80 10 2 8 10 |
| T (all forms) | Tritium (1) | 40 | 1000 | 40 | 1000 |
| 178Ta 179Ta 182Ta |
Tantalum (73) | 1 30 0.8 |
20 800 20 |
1 30 0.5 |
20 800 10 |
| 157Tb 158Tb 160Tb |
Terbium (65) | 40 1 0.9 |
1000 20 20 |
10 0.7 0.5 |
200 10 10 |
| 95Tcm 96Tcm (b) 96Tc 97Tcm 97Tc 98Tc 99Tcm 99Tc |
Technetium (43) | 2 0.4 0.4 40 Unlimited 0.7 8 40 |
50 10 10 1000 10 |
2 0.4 0.4 40 Unlimited 0.7 8 0.9 |
50 10 10 1000 10 |
| 118Te (b) 121Tem 121Te 123Tem 125Tem 127Tem (b) 127Te 129Tem (b) 129Te 131Tem 132Te (b) |
Tellurium (52) | 0.2 5 2 7 30 20 20 0.6 0.6 0.7 0.4 |
5 100 50 100 800 500 50 10 10 10 10 |
0.2 5 2 7 9 0.5 0.5 0.5 0.5 0.5 0.4 |
5 100 50 100 200 10 10 10 10 10 10 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 227Th 228Th (b) 229Th 230Th 231Th 232Th 234Th (b) Th (natural) |
Thorium (90) | 9 0.3 0.3 2 40 Unlimited |
200 8 8 50 1000 5 |
1 x 10-22 x 10-1 4 x 10-41 x 10-2 3 x 10-58 x 10-4 2 x 10-45 x 10-3 0.9 Unlimited 0.2 |
20 5 |
| 44Ti (b) 200Ti 201Ti 202Ti 204Ti |
Titanium (22) Thallium (81) |
0.5 0.8 10 2 4 |
10 20 200 50 100 |
0.2 0.8 10 2 0.5 |
5 20 200 50 10 |
| 167Tm 168Tm 170Tm 171Tm |
Thulium (69) | 7 0.8 4 40 |
100 20 100 1000 |
7 0.8 0.5 10 |
100 20 10 200 |
| 230U 232U 233U 234U 235U 236U U (natural) U (enriched 5% or less) U (enriched more than 5%) U (depleted) |
Uranium (92) | 40 3 10 10 Unlimited c 10 Unlimited Unlimited Unlimited c 10 Unlimited |
1000 80 200 200 200 200 |
1 x 10-22 x 10-1 3 x 10-48 x 10-3 1 x 10-32 x 10-2 1 x 10-32 x 10-2 Unlimited c 1 x 10-32 x 10-2 Unlimited Unlimited d Unlimited c,d 1 x 10-3 d 2 x 10-2 Unlimited d |
|
| 48V 49V |
Vanadium (23) | 0.3 40 |
8 1000 |
0.3 40 |
8 1000 |
TABLE I. Al AND A2 VALUES FOR RADIONUCLIDES (Continued)
| Symbol of radionuclide |
Element and atomic number |
A1 (TBq) | Al (Ci) | A2 (TBq) (approx. a) |
A2 (Ci) (approx. a) |
| 178W(b) 181W 185W 187W 188W (b) |
Tungsten (74) | 1 30 40 2 0.2 |
20 800 1000 50 5 |
1 30 0.9 0.2 |
20 800 20 10 5 |
| 122Xe (b) 123Xe 127Xe 131Xem 133Xe 135Xe |
Xenon (54) | 0.2 0.2 4 40 20 4 |
5 5 100 1000 500 100 |
0.2 0.2 4 40 20 4 |
5 5 100 1000 500 100 |
| 87Y 88Y 90Y 91Ym 91Y 92Y 93Y |
Yttrium (39) | 2 0.4 0.2 2 0.3 0.2 0.2 |
50 10 5 50 8 5 5 |
2 0.4 0.2 2 0.3 0.2 0.2 |
50 10 5 50 8 5 5 |
| l69Yb 175Yb |
Ytterbium (70) | 3 30 |
80 800 |
3 0.9 |
80 20 |
| 65Zn 69Znm (b) 69Zn |
Zinc (30) | 2 2 4 |
50 50 100 |
2 0.5 0.5 |
50 10 10 |
| 88Zr 93Zr 95Zr 97Zr |
Zirconium (40) | 3 40 1 0.3 |
80 1000 20 8 |
3 0.2 0.9 0.3 |
80 5 20 8 |
a The curie values quoted are obtained by rounding down from the TBq figure after conversion to Ci.
This ensures that the magnitude of Al or A2 in Ci is always less than that in Tbq.
b Al and/or A2 value limited by daughter product decay.
c Al and A2 are unlimited for radiation control purposes only. For nuclear criticality safety this material is subject to the control placed on fissile material.
d These values do not apply to reprocessed uranium.
Alternatively, an A2 value for mixtures may be determined as follows:
where is f (i) is the fraction of activity of nuclide i in the mixture and A2 (i) is the appropriate A2 value for nuclide i.
5. When the identity of each radionuclide is known but the individual activities of some of the radionuclides are not known, the radionuclides may be grouped and the lowest A1 or A2 value, as appropriate, for the radionuclides in each group may be used in applying the formulas in paragraph 304. Groups may be based on the total alpha activity and the total beta/gamma activity when these are known, using the lowest A1 or A2 values for the alpha emitters or beta/gamma emitters, respectively.
6. For individual radionuclides or for mixtures of radionuclides for which relevant data are not available, the values shown in Table II shall be used.
TABLE II. GENERAL VALUES FOR A1 AND A2
Contents A1 A2
TBq (Ci)a TBq (Ci)a
Only beta or gamma emitting 0.2 (5) 0.02 (0.5)
nuclides are known to be
present
Alpha emitting nuclides are 0.1 (2) 2 x 10-5 (5 x 10-4)
known to be present or no relevant data are available
a The
curie values quoted in parentheses are approximate values and are not higher
than the TBq values
The offeror shall submit a detailed safety and health plan, as part of its proposal, showing how the contractor intends to protect the life, health, and well-being of NASA and contractor employees as well as property and equipment. The plan must include a detailed discussion of the policies, procedures, and techniques that will be used to ensure the safety and health of contractor employees and to ensure the safety of all working conditions throughout the performance of the contract. The plan must similarly address safety and health for subcontractor employees for any proposed subcontract whose value is expected to exceed $500,000 including commercial services and services provided in support of a commercial item. Also, when applicable, the plan must address the policies, procedures, and techniques that will be used to ensure the safety and health of NASA employees and the public. This plan, as approved by the contracting officer, will be included in any resulting contract. In addition, if a contractor is to work or be located on-site at a NASA facility or Center, the contractor will ensure the protection of personnel, property, equipment, and the environment in the production of contractor products and or the pursuit of any of its activities. In order for NASA to understand the contractor's method for compliance with pertinent NASA policies and requirements and Federal, State, and local regulations for safety, health, environmental protection, and fire protection, the contractor shall develop and subsequently implement a safety and health program in accordance with a safety and health plan generated by the contractor and approved by NASA. The plan will also assure the proper integration of the on-site contractor as a full participant in the Center's Safety and Health Program. This plan shall contain the information requested in the outline of contractor safety and health plan as follows:
Contents of the Contractor Safety and Health Plan
1.1 Policy. Provide the contractor's corporate safety policy statement with the plan. Compare the contractor's policy statement with those of NASA and OSHA and discuss any differences.
1.2 Goals and Objectives. Describe specific goals and objectives to be met. Discuss status of safety program using the Performance Evaluation Profile (PEP) as safety performance criteria. Describe the contractor's approach (including milestone schedule) to achieve and maintain level 5 of the PEP in all areas (see contents of PEP).
1.3 Management Leadership. Describe management's procedures for implementing its commitment to safety and health through visible management activities and initiatives including a commitment to the exercise of management control to ensure workplace safety and health. Describe processes and procedures for making this visible in all contract and subcontract activities and products. Include a statement from the project manager or designated safety official indicating that the plan will be implemented as approved and that the project manager will take personal responsibility for its implementation.
1.4 Employee Involvement. Describe procedures to promote and implement employee (e.g., non-supervisory) involvement in safety and health program development, implementation, and decisionmaking. Describe the scope and breadth of employee participation to be achieved so that approximate safety and health risk areas of the contract are equitably represented.
1.5 Assignment of Responsibility. Describe line and staff responsibilities for safety and health program implementation. Identify any other personnel or organization that provides safety services or exercises any form of control or assurance in these areas. State the means of communication and interface concerning related issues used by line, staff, and others (such as documentation, concurrence requirements, committee structure, sharing of the work site with NASA and other contractors, or other special responsibilities and support). As a minimum, the contractor will identify the following:
a. Safety Representative. Identify by title the individual who will be responsible for the contractor's adherence to Center-wide safety, health, environmental, and fire protection concerns and goals, and who will participate in meetings and other activities related to the Center's Safety and Health program.
b. Company Physician. Provide the identification of a company physician to facilitate communication of medical data to the head of the NASA clinic. The contractor shall identify a point of contact (such as the company physician) by name, address, and telephone number to the NASA Center Clinic, mail code ____. Any changes that occur in the identity of the point of contact will be promptly conveyed to the NASA Clinic.
c. Building Fire Wardens. Each building occupied by the contractor shall assign an individual to facilitate the Center's fire safety program including coordination of related issues with NASA facility managers and emergency planning and response officials and their representatives.
d. Designated Safety Official. Identify by title the official(s) responsible for implementation of this plan and all formal contacts with regulatory agencies and with NASA.
1.6 Provision of Authority. Describe consistency of the plan with applicable NASA requirements and contractual direction as well as applicable Federal, State, and local regulations and how this will be maintained throughout the life of the contract.
1.7 Accountability. Describe procedures for ensuring that management and employees will be held accountable for implementing their tasks in a safe and healthful manner. The use of traditional and/or innovative personnel management methods (including discipline, motivational techniques, or any other technique that ensures accountability) will be referenced as a minimum and described as appropriate.
1.8 Program Evaluation. Describe the method for internal program evaluation. The program evaluation may consist of either (1) participation in a PEP survey at the request of the Government or (2) a written report which documents the contractor's procedures for determining the existence and criticality of the contractor's hazardous operations in a manner that proper risk management techniques can be applied and notable safety risk documented. The report will also include but is not limited to the following: identification of the contractor's hazardous operations and products; ranking the risk in a severity classification; approach to identifying and implementing specific risk evaluation tasks, managing the risks, and documenting the results; and responsibilities and methods for internal audits and evaluations of the overall safety and health program including personnel who conduct the audit and evaluation, to whom the report is made, and the frequency (at least annually) with which it is performed. These evaluations shall include subcontracted tasks. Correlation of the program evaluation to the applicable criteria of the PEP will be clearly described.
When a written program evaluation is requested, it will be delivered to the Government no later than 30 days after the end of each contract year or at the end of the contract, whichever is applicable. Distribution of these program evaluations will be the same as that for the safety and health plan. The PEP survey will be scheduled and administered at the discretion of the Government.
1.9 The contractor will describe its approach to document its safety and health program performance to provide the Government with the necessary visibility and insight. This includes the identification, acquisition, and processing of safety and health data; development of procedures; recordkeeping; statistical analyses including metrics; and the furnishing of data and reports to the Government. Electronic access by the Government to this data is preferred as long as Privacy Act requirements are met and Government safety and health professionals and their representatives have full and unimpeded access for review and audit purposes. For contractor activities conducted on NASA property, the contractor will identify what records it will make available to the Government in accordance with the Voluntary Protection Program criteria of OSHA as implemented in [local Center's] Requirements Handbook for Safety, Health, and Environmental Protection, as revised. For the purpose of this plan, safety and health documentation includes but is not limited to logs, records, minutes, procedures, checklists, statistics, reports, analyses, notes, or other written or electronic document which contains in whole or in part any subject matter pertinent to safety, health, environmental protection, or emergency preparedness. The contractor will acknowledge the following as standing requests of the Government to be handled as described below.
a. Roster of Terminated Employees. NASA will expect that terminated employees be reported to the Center occupational health program office. Identify personnel terminated by contractor. Send the report to the Occupational Health Officer no later than 30 days after the end of each contract year or at the end of the contract, whichever is applicable. At the contractor's discretion, the report may be submitted for personnel changes during the previous year or cumulated for all years.
Information required:
(1) Date of report, contractor identity, and contract number.
(2) For each person listed, provide name, social security number, assigned Center badge number, and date of termination.
(3) Name, address, and telephone number of contractor representative to be contacted for questions or other information.
b. Material Safety Data. Describe the procedure by which the contractor shall prepare and/or deliver to NASA, Material Safety Data for hazardous materials brought onto Government property or included in products delivered to the Government. These data are required by the Occupational Safety and Health Administration (OSHA) regulation, 29 CFR 1910.1200, "Hazard Communication," and Federal Standard 313 (or FED-STD-313), "Material Safety Data, Transportation Data and Disposal Data for Hazardous Materials Furnished to Government Activities," as revised. A single copy of each Material Safety Data Sheet (MSDS) will be sent upon receipt of the material for use on NASA property to the Center's Central Repository, Mail Code ____, along with information on new or changed locations and/or quantities normally stored or used. If the MSDS arrives with the material and is needed for immediate use, the MSDS shall be delivered to the Central Repository by close of business of the next working day after it enters the site.
c. Hazardous Materials Inventory. The contractor shall compile an annual inventory report of all hazardous materials it has located on Government property and which is within the scope of 29 CFR 1910.1200, "Hazard Communication," and Federal Standard 313 (or FED-STD-313), "Material Safety Data, Transportation Data and Disposal Data for Hazardous Materials Furnished to Government Activities," as revised. The call for this annual inventory is issued by the [responsible NASA official], mail code ____. This information shall provide the following:
(1) the identity of the material.
(2) the location of the material by building and room.
(3) the quantity of each material normally kept at each location.
1.10 Government Access to Safety and Health Program Documentation. The contractor shall recognize in its plan that it will be expected to make all safety and health documentation (including relevant personnel records) available for inspection or audit at the Government's request.
1.11 The contractor may be requested to participate in the review and modification of safety requirements that are to be implemented by the Government including any referenced documents therein. This review activity will be implemented at the direction of the NASA Contracting Officer's Technical Representative in accordance with established NASA directives and procedures.
1.12 Procurement. Identify procedures used to assure that the contractor's procurements are reviewed for safety considerations and that specifications contain appropriate safety criteria and instructions. Set forth authority and responsibility to assure that safety tasks are clearly stated in subcontracts.
Describe the method by which hazards within the contractor's workplace shall be systematically identified during the duration of the contract. The identified method should explain the information collection process for assembling, through a combination of surveys, analyses, and inspections of the workplace, investigations of mishaps and close calls, and the collection and trend analysis of safety and health data such as: records of occupational injuries and illnesses; findings and observations from preventive maintenance activities; reports of spills and inadvertent releases to the environment; facilities related incidents related to partial or full loss of systems functions; employee reports of hazard; etc. Every hazard identified by any of the techniques identified below shall be ranked and processed in accordance with Center procedure. All hazards on NASA property, which are immediately dangerous to life or health, shall be reported immediately to the NASA safety office. All safety engineering products, which address operations, equipment, etc., on NASA property will be subject to the review and concurrence of the NASA Safety Office unless otherwise specified in the approved safety and health plan. The contractor is expected to have processes to address similar instances in contractor facilities utilizing contractor resources to manage such instances.
2.1 Hazard Identification. Describe the procedures and techniques to be used to compile an inventory of hazards associated with the work to be performed on this contract. This inventory of hazards shall address the work specified in this contract as well as operations and work environments which are performed in the vicinity or in close proximity to contract operations. The results will be reported to the Government in a manner suitable for inclusion in facilities baseline documentation as a permanent record of the facility. Specific techniques to be considered include:
a. Comprehensive Survey. A "wall to wall" engineering assessment of the work site including facilities, equipment, processes, and materials (including waste).
b. Change Analysis. Typically addresses modifications in facilities, equipment, processes, and materials (including waste); and related procedures for operations and maintenance. Change analyses periodically will be driven by new or modified regulatory and NASA requirements.
c. Hazard Analysis. May address facilities, systems/subsystems, operations, processes, materials (including waste), and specific tasks or jobs.
2.2 Inspections. This paragraph includes requirements for assignments, procedures, and frequency for regular inspection and evaluation of work areas for hazards and accountability for implementation of corrective measures. The contractor will describe administrative requirements and procedures for control of and regularly scheduled inspections for fire and explosion hazards. The contractor has the option, in lieu of this detail, to identify policies and procedures with the stipulation that the results (including findings) of inspections conducted on NASA property or involving Government furnished property will be documented in safety program evaluations or the monthly Accident/Incident Summary reports. Inspections will identify the following:
a. Discrepancies between observed conditions and current requirements.
b. New (not previously identified) or modified hazards.
2.3 Employee Reports of Hazards. Identification of methods to encourage employee reports of hazardous conditions (e.g., close calls) and analyze/abate hazards. The contractor will describe steps it will take to create reprisal-free employee reporting with emphasis on management support for employees and describe methods to be used to incorporate employee insights into hazard abatement and motivation/awareness activities.
3.1 Mishap Investigation. Identification of methods to assure the reporting and investigation of mishaps including corrective actions implemented to prevent recurrence. The contractor will describe the methods to be used to report and investigate mishaps on NASA property and on contractor or third party property. The contractor shall describe its procedures for implementing use of NASA mishap reporting and investigation forms and alternate forms used by the contractor with emphasis on timely notification of NASA; investigation procedures; exercise of jurisdiction over a mishap investigation involving NASA and other contractor personnel; follow up of corrective actions; communication of lessons learned to NASA; and solutions to minimize duplications in reporting and documentation including use of alternate forms, etc. The contractor will discuss its procedures for immediate notification requirements for fires, hazardous materials releases, and other emergencies. The contractor will include appropriate details to address the use of NASA Form 1627, "Mishap Report" (or equivalent), including 24-hour and ten-day mishap reports to the Occupational Safety Office, mail code ___. Note: the NASA Form 1627 is not attached since it is a three part carbonless form not conducive to reproduction. This form can be obtained from [source of supply].
3.2 Trend Analysis. Describe approach to performing trend analysis of data (occupational injuries and illnesses; facilities, systems, and equipment performance; maintenance findings; etc.) Discuss methods to identify and abate common causes indicated by trend analysis. In support of site-wide trend analysis to be performed by the Government, the contractor will discuss method of providing data as follows:
a. Accident/Incident Summary Report. The contractor shall describe how it shall prepare and deliver Accident/Incident Summary Reports as specified on [specify locally used format]. All new and open mishaps, including vehicle accidents, incidents, injuries, fires, and any close calls shall be described in summary form along with current status. Negative reports are to be required monthly. Report frequency is monthly; date due is the 10th day of the month following each month reported. Report to be delivered to the Center Safety Office, mail code _____.
b. Log of Occupational Injuries and Illnesses. For each establishment on and off NASA property that performs work on this contract, the contractor shall deliver to the Government (under separate contractor's cover letter), a copy of its annual summary of occupational injuries and illnesses (or equivalent) as described in Title 29, Code of Federal Regulations, Subpart 1904.5. If contractor is exempt by regulation from maintaining and publishing such logs, equivalent data in contractor's format is acceptable (such as loss runs from insurance carrier) which contains the data required. Data shall be compiled and reported by calendar year and provided to the Government within 45 days after the end of the year to be reported (e.g., not later than February 15 of the year following).
Identified hazards must be eliminated or controlled. In the multiple employer environment of the Center, it is required that hazards including discrepancies and corrective actions be collected in the Center's information data system (provide name of system here) for risk management purposes. Describe your approach to implementing this requirement.
4.1 Appropriate Controls. Discuss approach to consideration and selection of controls. Discuss use of hazard reduction precedence sequence. Discuss approach to identifying and accepting any residual risk. Discuss implementation of controls including verifying effectiveness. Discuss scope of coverage (hazardous chemicals, equipment, discharges, waste, energies, etc.). Discuss need for coordination with safety, health, environmental services, and emergency authorities at NASA.
4.1.1 Hazardous Operations. Establish methods for notification of personnel when hazardous operations are to be performed in their facilities or when hazardous conditions are found to exist during the course of this contract. NASA policy will serve as a guide for defining, classifying, and prioritizing hazardous operations. Develop and maintain a list of hazardous operations to be performed during the life of this contract. The list of hazardous operations will be provided to the contracting officer as part of the safety plan for review and approval. The contracting officer (CO) and the contractor will decide jointly which operations are to be considered hazardous, with the CO as the final authority. Before hazardous operations commence, the contractor will develop a schedule to develop written hazardous operations procedures with particular emphasis on identifying the job safety steps required. The contractor may implement this requirement as follows:
a. Identify contractor policies and procedures for management and implementation of hazardous operations procedures together with a statement that NASA will have access on request to any contractor data necessary to verify implementation; or
b. In lieu of contractor management and development of such procedures, identify the method whereby the contractor will identify and submit such procedures to the NASA Occupational Safety Office for review and approval.
4.1.2 Written Procedures. Identification of methods to assure that the relevant hazardous situations and proper controls are identified in documentation such as inspection procedures, test procedures, etc., and other related information. Describe methods to assure that written procedures are developed for all hazardous operations, including testing, maintenance, repairs, and handling of hazardous materials and hazardous waste. Procedures will be developed in a format suitable for use as safety documentation (such as a safety manual) and be readily available to personnel as required to correctly perform their duties.
4.1.3 Protective Equipment. Set forth procedures for obtaining, inspecting, and maintaining protective equipment, as required, or reference written procedure pertaining to this subject. Set forth methods for keeping records of such inspections and maintenance programs.
4.1.4 Hazardous Operations Permits. Identify facilities, operations, and/or tasks where hazardous operations permits will be required as specified in the Center's local requirement. Set forth guidance to adhere to established NASA Center procedures. Clearly state the role of the safety group or function to control such permits.
a. Operations Involving Potential Asbestos Exposures. Set forth method by which compliance is assured with the Center's Asbestos Control Program as established in local policy.
b. Operations Involving Exposures to Toxic or Unhealthful Materials. Such operations must be evaluated by the NASA Occupational Health Office and must be properly controlled as advised by same. The NASA Occupational Health Office must be notified prior to initiation of any new or modified operation potentially hazardous to health.
c. Operations Involving Hazardous Waste. Identify procedures used to manage hazardous waste from point of generation through disposal. Clearly identify divisions of responsibility between contractor and NASA for hazardous waste generated throughout the life of the contract. Operations which occur on site must also be evaluated by the Center environmental services office and must be properly controlled as advised by same. The Center environmental services office must be notified prior to initiation of any new or modified hazardous waste operation on site.
d. Operations Involving New or Modified Emissions/Discharges to the Environment. Set forth methods for identifying new or modified emissions/discharges and coordinating results with the Center environmental services office. Set forth procedures to minimize or eliminate environmental pollution. Address management of hazardous materials; substitution of non-hazardous or less hazardous materials for hazardous materials; proper segregation of hazardous wastes from non-hazardous wastes; and other methods described by NASA. Emphasis shall be placed on providing for sufficient lead-time for processing permits through the appropriate State agency and/or the Environmental Protection Agency.
4.2 Discuss your responsibilities for maintaining facilities baseline documentation in accordance with Center requirements. The contractor will implement any facilities baseline documentation tasks (including safety engineering) as provided in the contractor's safety and health plan approved by NASA or as required by Government direction.
4.3 Preventive Maintenance. Discuss approach to preventive maintenance. Describe scope, frequency, and supporting rationale for your preventive maintenance program including facilities and/or equipment to be emphasized or de-emphasized. Discuss methods to promote awareness in the NASA community (such as alerts, safety flashes, etc.) when preventive maintenance reveals design or operational concerns in facilities and equipment (and related processes where applicable).
4.4 Medical Program. Discuss your medical surveillance program to evaluate personnel and workplace conditions to identify specific health issues and prevent degradation of personnel health as a result of occupational exposures. Discuss approach to cardiopulmonary resuscitation (CPR), first aid, and emergency response.
Discuss approach to emergency preparedness and contingency planning which addresses fire, explosion, inclement weather, environmental releases, etc. Discuss compliance with 29 CFR 1910.120 (HAZWOPER) and the role the contractor will play in the local Incident Command System. Discuss methods to be used for notification of Center emergency forces including emergency dispatcher, safety hotline, director's safety hotline, etc. Discuss establishment of pre-planning strategies through procedures, training, drills, etc. Discuss methods to verify emergency readiness.
Describe the contractor's training program including identification of responsibility for training employees to assure understanding of safe work practices, hazard recognition, and appropriate responses including protective and/or emergency countermeasures. Address management techniques used to identify and utilize any Center training resources (such as asbestos worker training/certification, hazard communication, confined space entry, lockout/tagout, etc.) as appropriate with particular emphasis on programs designed for the multiple employer work environment on NASA property. Describe approach to training personnel in the proper use and care of protective equipment. Discuss tailoring of training towards specific audiences (management, supervisors, and employees) and topics (safety orientation for new hires, specific training for certain tasks or operations). Discuss approach to ensure that training is retained and practiced. Discuss personnel certification programs. Certifications should include documentation that training requirements have been satisfied and learning validated by one or more of the following: physical examination, testing, on-the-job performance, etc. All training materials and training records will be provided for NASA review on request.
The NASA program manager (or designee) will publish and maintain an approved System Safety Plan (SSP), appropriate to and for the life of the program. This plan may be incorporated in the more comprehensive safety and mission assurance plan, mission assurance plan, etc., providing the required data are identifiable and complete.
1. The SSP defines the objectives, responsibilities, and methods to be used for overall safety program conduct and control. Integration of system/facility safety provisions into the SSP is vital to the early implementation and ultimate success of the safety effort. Inclusion of these provisions in the plan will send an unmistakable message to all program participants that safety is an integral part of the management process and all tasks. The authority to conduct the safety program must originate in the respective SSP governing each NASA program.
2. The program SSP shall be the vehicle for safety task planning. The plan will include detailed task requirements for the system safety task as tailored from this document for the program. The NASA program organization and system safety relationships and responsibilities will be described along with reporting channels for this task. In particular, the plan will show how NASA safety will manage its independent oversight role. The plan will stipulate hazard analysis methodologies, hazard report (HR) data and format requirements, and the approval reporting channels for HR's and their milestones. It will address requirements for NASA and contractor participation in design, safety, and readiness reviews. The program SSP shall be a compliance document in the request for proposal (RFP). Data requirements for the program SSP are in the data requirements document. For a multi-Field Installation program, each Field Installation should supplement the plan to ensure its compatibility with the Field Installation organization and ability to comply with task requirements.
3. The level of safety directly correlates with management's emphasis on the safety of the system/facility being developed. Proper identification of the system/facility safety program elements is the first step towards developing a successful program. Each functional safety program has the following 10 basic elements:
a. Planning
b. Organization.
c. Contracting.
d. Interface/Coordination.
e. Requirement.
f. Analysis.
g. Risk assessment.
h. Reporting.
i. Mishap investigation.
j. Data retention.
4. Each of these elements is aligned with an overall approach to risk evaluation by:
a. Identifying system/facility safety hazards.
b. Determining corrective actions to either eliminate or control the safety hazard.
c. Recommending corrective action or alternatives to the appropriate management level for a decision to either eliminate the hazard or accept the risk. Residual risk acceptance may be handled at varied levels. The higher risks must be accepted by the program manager. In all cases, notification of that risk acceptance will be communicated to the next higher authority (see Chapter 3).
d. Documenting those areas in which a decision has been made to accept the risk, including the rationale for the risk acceptance.
5. During the concept phase, appropriate safety tasks should be planned that will become the foundation for safety efforts during the system definition, design, manufacture, test, and operations.
a. Identify special safety studies that may be required during system definition or design.
b. Estimate gross milestone personnel requirements for the safety program during the complete system life cycle.
c. Perform trade studies by using the result of the preliminary hazard analysis that identified highly hazardous areas, with recommended alternatives.
d. Establish safety goals and objectives to determine the type of safety input for the overall program.
(1) Goals should be measurable and state what would be accomplished by performing the various safety tasks.
(2) Goals should be structured so that safety tasks can be selected to accomplish them.
(3) Task results should clearly demonstrate that the goals have been met.
e. Complete preliminary hazard analyses to identify potentially hazardous systems and to develop initial safety requirements and criteria.
f. Review the gross hardware requirements and concepts to maintain an understanding of the evolving system.
g. Review pertinent historical safety data from similar systems.
1.1. This charter establishes the Aviation Safety Panel and sets forth its functions, membership, meetings, and duration.
1.2. The Aviation Safety Panel (hereafter referred to as the "Panel") is established to aid the Associate Administrator for Safety and Mission Assurance (AA/SMA) in fulfilling oversight responsibilities for aviation safety.
This charter applies to NASA Headquarters and all NASA Centers, including Component Facilities.
42 U.S.C. 247(c)(1), Section 203(c)(1) of The National Aeronautics and Space Act of 1958, as amended.
4.1. The Panel will promote NASA aviation safety and advise and assist the AA/SMA in the oversight of operational aviation safety programs. It will deal with Agencywide concerns affecting safety of aviation operations or those that cannot be resolved at a Center level.
4.2. The Panel will assist the AA/SMA in the development of guidelines and criteria to use in the evaluation of aviation safety.
5.1. The membership of the Panel includes the following:
a. AA/SMA, Chair, Code Q.
b. NASA Headquarters Aviation Safety Assurance Manager, Code Q.
c. NASA Headquarters Aviation Safety Officer (ASO), Code O.
d. ASO from each NASA Center (ASO subpanel of the Intercenter Aircraft Operations Panel).
e. An Executive Secretary, appointed by the Chair, who will publish meeting minutes and retain all Panel records, files, and reports.
The Panel will meet via telecon bimonthly or at the call of the Chair.
The Panel will remain in existence until abolished by directive of the AA/SMA.
The Executive Secretary is responsible for the maintenance of this charter and all other records associated with the Panel.
1.1. This charter establishes the NASA Operations and Engineering Panel (OEP).
1.2. The OEP evaluates and recommends a consistent and cost effective program ensuring the continuing operational integrity and safety of NASA launch facilities, programmatic operations, and test facilities, such as wind tunnels and pressure systems.
This charter is applicable to NASA Headquarters and NASA Centers, including Component Facilities, and to the Jet Propulsion Laboratory (JPL) to the extent specified in its contract.
42 U.S.C. 2473(c)(1), Section 203(c)(1) of the National Aeronautics and Space Act of 1958, as amended.
4.1. The OEP will provide an independent technical engineering and operational review of specifically selected NASA facilities and operations in support of the Office of Safety and Mission Assurance (OSMA), the NASA Enterprises, and the NASA Centers, including Component Facilities. The OEP will produce written evaluations and recommendations to improve NASA engineering and operations.
4.2. The NASA OEP reviews and assesses the effect of changes in the NASA facilities engineering and operations infrastructure on the safety and mission success of NASA programs. In performance of its duties, the OEP shall do the following:
a. Support the mission and goals of the NASA Strategic Enterprises and functional performance improvement initiatives of the Director, Facilities Engineering Division (Code OJX), through technical engineering and safety, reliability, maintainability, and quality reviews of NASA facilities and operations.
b. Evaluate and recommend a consistent and reasonable program for ensuring the operational safety, reliability, and integrity of NASA facilities within the current environment of declining personnel and budget resources.
c. Identify, analyze, communicate, and initiate the resolution of issues that impact facilities and operations belonging to NASA.
d. Support incorporation of safety, reliability, maintainability, and quality assurance disciplines in NASA facilities projects, from inception through completion.
e. Evaluate operations and engineering technical support systems problems and issues, develop innovative solutions and/or methods for arriving at solutions, and provide recommendations to management in these areas.
f. Review for effectiveness the facility configuration management activities (especially those related to safety).
g. Assist the Director, Facilities Engineering Division (Code OJX), in encouraging the adoption and use of Reliability Centered Maintenance methodologies to help streamline facilities maintenance programs while maintaining an acceptable level of safety.
h. Support the Associate Administrator for Safety and Mission Assurance and the Director, Facilities Engineering Division (Code OJX), on any special assignments related to facilities, operations, and engineering activities.
i. Exchange technical expertise and operational experience among key operating officials throughout the Agency so that lessons learned and innovative technologies, processes, and techniques are transferred and applied to promote mission success and to achieve cost effectiveness.
j. Support incorporation of cost-effective pollution prevention and sustainable development principles in facilities projects and assure that operations comply with environmental requirements.
4.3. The OEP will provide a written evaluation, along with any recommendations for engineering or operational improvements, to the Enterprise Associate Administrator/Institutional Program Officer (AA/IPO) and to the Center Director responsible for the reviewed facility.
4.4. The OEP Executive Secretary within OSMA will retain all OEP records, files, reports, and meeting minutes.
4.5. The OEP Chairperson will provide a report on OEP activities to the Associate Administrator for Safety and Mission Assurance at the end of each fiscal year.
4.6. NASA OEP members will communicate and coordinate OEP recommendations with their respective NASA Centers and the Manager of the NASA Management Office-Jet Propulsion Laboratory and monitor OEP activities relating to their facilities.
5.1. The OEP will be composed exclusively of full-time NASA employees; however, non-NASA employees may be invited to participate as advisers or observers.
The OEP will consist of a Chairperson, an Executive Secretary, and members.
5.2. The members of the OEP will be appointed as follows:
a. The Associate Administrator for Safety and Mission Assurance (Code Q) will serve as an ex officio member of the OEP and will appoint the Chairperson, Executive Secretary, and one representative for Safety and Assurance Requirements Division from within Code Q.
b. The Assistant Administrator for Institutional and Corporate Management will appoint one representative for Facilities Engineering and one representative for Environmental Management.
c. The Enterprise AA/IPO's will each appoint one representative.
d. The Center Directors.
e. Manager of the NASA Management Office-Jet Propulsion Laboratory.
f. Manager of the Wallops Flight Facility will appoint one representative.
5.3. The OEP may establish such subpanels and subgroups as the chairperson considers necessary.
5.4. The NASA General Counsel and Chief Engineer, or their designees, will act as permanent advisors to the OEP. The Chairperson may appoint additional advisors and invite observers on a permanent or temporary basis.
The OEP will meet at the call of the Chairperson in support of the Enterprise AA/IPO's. The OEP may also meet at the request of the Center Director of the facility to be reviewed or at the request of the Director, Facilities Engineering Division (Code OJX).
This charter and the term of the Chairperson are for a 4-year period from the effective date, unless the terms are canceled or extended.
Code Q is responsible for the maintenance of this charter and all other records associated with the OEP.