![[NASA Logo]](../Images/nasaball.gif) |
NASA Procedures and Guidelines |
||||
This Document is Obsolete and Is No Longer Used.
|
|||||
|
|
|||||
|
|
||||
| | TOC | Change | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | AppendixJ | AppendixK | ALL | | |||||
Acceptance Testing. Tests to determine that a part, component, subsystem, or system is capable of meeting performance requirements over the environmental and operating ranges prescribed in the specification documents.
Accepted Risk. A hazard whose risk is not completely mitigated and that has been accepted by top program and safety management.
Accident Prevention. Methods and procedures used to eliminate the causes that could lead to a mishap.
Action Centers. Emergency centers set up by the appropriate Center official or program official to coordinate all communications, responses, and other actions for mishaps that have international, national, or regional implications; high visibility; or major public interest.
Aviation Life Support Equipment (ALSE). Includes helmets, oxygen masks, parachutes, and survival gear used for aviator safety.
Applied Load (Stress). Actual load (stress) imposed on a system.
Arming. Bringing a device or system to a state or condition that will allow its subsequent activation.
Assessment. Review or audit process, using predetermined methods, that evaluates hardware, software, procedures, technical and programmatic documents, and the adequacy of their implementation.
Audit. Formal review to assess compliance with hardware or software requirements, specifications, baselines, safety standards, procedures, instructions, codes, and contractual and licensing requirements.
Authority Having Jurisdiction (AHJ). The AHJ is the organization, office, or individual responsible for approving equipment, an installation, or a procedure. The AHJ's are to be designated for fire protection and explosives by the Center Director. The fire protection AJH shall be a safety or fire protection professional.
Availability. Measure of the percentage of time that an item could be used as intended.
Biomechanics. Interdisciplinary science (comprising mainly anthropometry, mechanics, physiology, and engineering) of the mechanical structure and behavior of biological materials. It concerns primarily the dimensions and mass properties of body segments.
Buddy System. An arrangement used when risk of injury is high, where personnel work in pairs, with one person in the pair stationed nearby, not directly exposed to the hazard, to serve as an observer to render assistance if needed.
Catastrophic. (1) A hazard that could result in a mishap causing fatal injury to personnel, and/or loss of one or more major elements of the flight vehicle or ground facility. (2) A condition that may cause death or permanently disabling injury, major system or facility destruction on the ground, or loss of crew, major systems, or vehicle during the mission.
Certification Test. Test whose objective is to determine and then certify that system specifications are satisfied or personnel skills are present.
Certified Personnel. Personnel who have completed required training and whose specified knowledge or proficiency in a skill has been demonstrated and documented.
Configuration Item. An item that is designated for configuration management.
Contractor Safety Plans. Written plans prepared by the contractor detailing the overall safety program that will cover the employees, equipment, and facilities used to fulfill the contract.
Contributing Root Cause. A factor, event, or circumstance which led, directly or indirectly, to the dominant root cause, or which contributed to the severity of the mishap.
Controlled (Risk) Hazard. The likelihood of occurrence or severity of the associated undesirable event has been reduced to an acceptable level through the imposition of appropriate, readily implementable, verifiable controls, resulting in minimal residual risk.
Credible Condition (Event). Condition (event) that reasonably may be anticipated and planned for based on experience with or analysis of a system.
Crew Rating. Certifying the incorporation of enhanced environmental support, reliability, and safety features into the design and operation of hardware and software essential for the preservation of life during crewed tests or operations.
Critical. A condition that may cause severe injury or occupational illness, or major property damage to facilities, systems, or flight hardware.
Critical Lifting Operations. Lifting and lowering operations involving major programmatic or institutional hardware that is irreplaceable, or will cause serious program or mission delays if damaged, or is hazardous to personnel if dropped or uncontrolled, or will require special budgetary actions to repair damages suffered from lifting malfunctions.
Critical Single Failure Point (CSFP). A single item or element, essential to the safe functioning of a system or subsystem, whose failure in a life or mission essential application would cause serious program or mission delays or be hazardous to personnel.
Critical Software Command (CSC). A command that either removes a safety inhibit or creates a hazardous condition.
Design Burst Pressure. Pressure at which an element of a pressurized system would be expected to burst if it meets the exact design conditions.
Design Margin. Percent by which a factor of safety of 1.0 is exceeded or deficient.
Deviation. A variance that authorizes departure from a particular safety requirement where the intent of the requirement is being met through alternate means that provide an equivalent level of safety. OSHA refers to this as an alternate or supplemental standard.
Dominant Root Cause. Along a chain of events leading to a mishap, the first causal action or failure to act that could have been controlled systemically either by policy/practice/procedure or individual adherence to policy/practice/procedure.
Eliminated Hazard. A hazard that has been eliminated by completely removing the hazard causal factors.
Emergency. Unintended circumstance bearing clear and present danger to personnel or property which requires an immediate response.
Event Tree Analysis (ETA). An analysis that traces the effect of a mishap and leads to all possible consequences through visualization of the positive and negative sides for each event using a type of logic tree. Event trees are complements to fault trees. This is an inductive logic method for identifying the various possible outcomes of a given initiating event.
Exposure. (1) Vulnerability of a population, property, or other value system to a given activity or hazard; or (2) other measure of the opportunity for failure or mishap events to occur.
Facility Hazard Analysis (FHA). The FHA is a preliminary hazard analysis performed during the planning and decision phases of a facility design and acquisition program.
Factor of Safety (Safety Factor). Ratio of the design condition to the maximum operating conditions specified during design (see also Safety Margin and Margin of Safety).
Fail-Operational. Ability to sustain a failure and retain full operational capability.
Fail-Safe. Ability to sustain a failure and retain the capability to safely terminate or control the operation.
Failure. Inability of a system, subsystem, component, or part to perform its required function within specified limits.
Failure Analysis. A systematic examination of a failed item or system to identify the failure mode and cause.
Failure Cause. Physical or chemical process, design defect, quality defect, or other process that initiates a sequence of events leading to failure.
Failure Effect. Consequence of a failure mode on the operation, function, or status of an item or system.
Failure Mode. Particular way in which a failure can occur, independent of the reason for failure.
Failure Modes and Effects Analysis (FMEA). A bottoms up systematic, inductive, methodical analysis performed to identify and document all identifiable failure modes at a prescribed level and to specify the resultant effect of the modes of failure. It is usually performed to identify critical single failure points (CSFPs) in hardware. In relation to formal hazard analyses, FMEA is a subsidiary analysis.
Failure Rate. Number of failures per unit of time or other measure of opportunity for failures to occur.
Fault Detection. Process that discovers or is designed to discover faults.
Fault Hazard Analysis (FHA). Analysis performed during design resulting in the identification, evaluation, and control of hazards resulting from piece-part or component faults.
Failure Tolerance. Built-in capability of a system to perform as intended in the presence of specified hardware or software failures.
Fault Tree. A schematic representation resembling an inverted tree that depicts possible sequential events (failures) that may proceed from discrete credible failures to a single undesired final event (failure). A fault tree is created retrogressively from the final event by deductive logic.
Fault Tree Analysis (FTA). An analysis that begins with the definition or identification of an undesired event (failure). The fault tree is a symbolic logic diagram showing the cause-effect relationship between a top undesired event (failure) and one or more contributing causes. It is a type of logic tree that is developed by deductive logic from a top undesired event to all subevents that must occur to cause it.
Firmware. Computer programs and data loaded in a class of memory that cannot be dynamically modified by the computer during processing.
Flight Hardware. Hardware designed and fabricated for ultimate use in a vehicle intended to fly.
Fracture Mechanics. Engineering methods used to predict flaw-growth and fracture behavior of materials and structures containing cracks or crack-like flaws.
Functional Redundancy. A situation where a dissimilar device provides safety back-up rather than relying on multiple identical devices.
Ground Support Equipment. Ground-based equipment used to store, transport, handle, test, check out, service, and control aircraft, launch vehicles, spacecraft, or payloads.
Handlers of Hazardous Material. Individuals who handle but who do not open or otherwise disturb the integrity of the basic, properly packaged, shipping container that holds the hazardous material. As an example, this includes personnel who prepare, package, mark, or transport hazardous material. Personnel who reduce palletized or otherwise combined items into smaller increments, without exposing the hazardous material, are considered handlers.
Hazard. Existing or potential condition that can result in or contribute to a mishap.
Hazard Analysis. Identification and evaluation of existing and potential hazards and the recommended mitigation for the hazard sources found.
Hazard Analysis Report. System safety document that summarizes results of the hazard analyses performed on a system or activity.
Hazard Control. Means of reducing the risk of exposure to a hazard.
Hazard List. Listing of all identifiable and known hazards.
Hazard Prioritization. Used in risk management, ranking of hazards in order of risk severity by program and safety management for formal action to reduce the level of risk.
Hazard Probability. Likelihood of occurrence, stated in qualitative or quantitative terms, of the aggregate of conditions that result in a specific hazard.
Hazard Report (HR) Closure Classification. Report closures are classified as eliminated hazard, controlled hazard, or accepted risk hazard. An HR when closed will have one of the following classifications: Eliminated Hazard, Controlled Hazard, or Accepted Risk.
Hazard Report (HR) Status. Report status is cited as follows:
1. Closed. Corrective action to eliminate or control the hazard has been implemented or scheduled for implementation before the effectivity identified in the HR; or
2. Open. An HR status is open when corrective action to eliminate or control the hazard has not been completed and the corrective action is not scheduled to be performed.
Hazardous Event. Event that contributes to a hazard.Hazardous Material. Defined by law as "a substance or materials in a quantity and form which may pose an unreasonable risk to health and safety or property when transported in commerce" (49 U.S.C 1802). The Secretary of Transportation has developed a list of materials that are hazardous which may be found in 49 CFR 172.101. Typical hazardous materials are those that may be highly reactive, poisonous, explosive, flammable, combustible, corrosive, radioactive, produce contamination or pollution of the environment, or cause adverse health effects or unsafe conditions.
Hazardous Operation. Any operation involving material or equipment that has a high potential to result in loss of life, serious injury to personnel, or damage to systems, equipment, or facilities.
Hazardous Operation Safety Certification. Certification required for personnel who perform those tasks that potentially have an immediate danger to the individual (death/injury) if not done correctly, could create a danger to other individuals in the immediate area (death or injury), and present a danger to the environment.
High Value. Facilities/equipment valued at 1 million ($1,000,000) dollars and above.
Human Engineering. Area of engineering that applies scientific knowledge to the design of systems and operations to achieve effective human-system integration.
Human Factors Engineering. Area of engineering dealing with human biomedical and psychosocial characteristics. It includes, but is not limited to, principles and applications in the areas of human engineering, personnel selection, training, life-support, job performance aids, and human performance evaluation.
Imminent Danger. Condition or practice that could be reasonably expected to cause death or serious physical harm immediately or in the near term. These are classified as Risk Assessment Code (RAC) 1 using the typical NASA risk assessment matrix in Chapter 3.
Independent Inhibit. An inhibit that will continue to operate independent of other design features.
Independent Verification and Validation. Test and evaluation process by a third party.
Inhibit. Design feature that prevents operation of a function.
Integrated Hazard Analysis. Comprehensive evaluation of hazards, taking into account all subsystems and elements that are included in the overall system being analyzed, including the system, and operational and environmental envelopes.
Interface Hazard Analysis (IHA). Evaluation of hazards which cross the interfaces between a specified set of components, elements, or subsystems.
Interlock. Hardware or software function that prevents succeeding operations when specific conditions are satisfied.
Limit Load. Maximum combination of loads which a structure is expected to experience in a specified operational environment.
Margin of Safety. Deviation of the actual (operating) factor of safety from the specified factor of safety. Can be expressed as a magnitude or percentage relative to the specified factor of safety.
Minor Radioactive Sources. Quantities of minor radioactive sources are defined in terms of the level of review and reporting procedures required.
Mission Critical. Item or function that must retain its operational capability to assure no mission failure (i.e., for mission success).
Mission Safety Evaluation (MSE) Report. A formal report for a specified mission to document the independent safety evaluation of safety risk factors that represent a change, or potential change, to the risk baseline of the program.
NASA Safety Standard (NSS). A NASA safety document that requires conditions, or the adoption or use of one or more practices, means, methods, operations, or processes reasonably necessary or appropriate to provide for safe employment and places of operation. The document is promulgated by the NASA Office of Safety and Mission Assurance and implemented and enforced by the Center Safety and Mission Assurance organizations. In 1999 the NSS's were merged into the NASA Technical Standards library and became NASA-STD's.
Noncritical Lifting. A lifting operation whose failure or malfunction (loss of control, dropping a load, etc.) would not cause loss of life, loss of space vehicle, loss of payload, loss of mission essential hardware, or damage to flight or space hardware.
Nondestructive Evaluation (NDE). Test and inspection methods used to determine the integrity of equipment that do not involve destruction of the test object. Examples are ultrasonic, magnetic particle, eddy current, x-ray, dye penetrant, etc.
Nuclear Flight Safety Assurance Manager (NFSAM). The person in the Office of Safety and Mission Assurance responsible to assist the program/project offices in meeting the required nuclear launch safety analysis/evaluation.
Occupational Safety and Health Administration (OSHA). The Federal agency which promulgates and enforces workplace safety regulations and guidance.
Operating and Support Hazard Analysis (O&SHA). An analysis performed to identify hazards and recommend risk reduction alternatives in procedurally controlled activities during all phases of intended use.
Operating Hazard Analysis (OHA). An analysis that examines the operator interface during system operation and maintenance actions. Because the operator actions are not defined until late in the system development program, corrective action resulting from this analysis will seldom be a design change. This analysis also determines certification and training requirements and safety inputs to technical manuals, warning signs, and safety placards.
Operational Safety. That portion of the total NASA safety program dealing with safety of personnel and equipment during launch vehicle ground processing, normal industrial and laboratory operations, special high hazard tests and operations, aviation operations, use and handling of hazardous materials and chemicals from a safety viewpoint, and design, construction, and use of facilities.
Oversight/Insight. The transition in NASA from a strict compliance oriented style of management to one which empowers line managers, supervisors, and employees to develop better solutions and processes.
Potentially Serious. Condition or practice that could reasonably be expected to cause injury or illness over the operational lifetime of the system or process. These are classified as Risk Assessment Code (RAC) 2 using the typical NASA risk assessment matrix in Chapter 3.
Preliminary Hazard Analysis (PHA). A gross study of the initial system concepts. It is used to identify all of the energy sources that constitute inherent hazards. The energy sources are examined for possible accidents in every mode of system operation. The analysis is also used to identify methods of protection against all of the accident possibilities.
Pressure Vessel. Any vessel used for the storage or handling of a fluid under positive pressure. A pressure system is an assembly of components under pressure, e.g., vessels, piping, valves, relief devices, pumps, expansion joints, gages.
Proof Load Test. A load test performed prior to first use, after major modification of the load path, or at other prescribed times. This test verifies material strength, construction, and workmanship and uses a load greater than the rated load.
Radiological Control Center (RADCC). A temporary information clearinghouse established on an as-needed basis to coordinate actions that could be required for mitigation, response, and recovery of an incident involving the launching of nuclear material.
Range Safety. Application of safety policies, principles, and techniques to ensure the control and containment of flight vehicles to preclude an impact of the vehicle or its pieces outside of predetermined boundaries from an abort which could endanger life or cause property damage. Where the launch range has jurisdiction, pre-launch preparation is included as a safety responsibility.
Rated Load Test. A load test performed at predetermined intervals with a load equal to the rated load.
Redundancy. Use of more than one independent means to accomplish a given function.
Residual Risk. Risk that remains from a hazard after all mitigation and controls have been applied.
Risk. The combination of (1) the probability (qualitative or quantitative) that a program or project will experience an undesired event such as cost overrun, schedule slippage, safety mishap, or failure to achieve a needed technological breakthrough; and (2) the consequences, impact, or severity of the undesired event were it to occur.
Risk Contributors List. List of hazards and their associated severity and probability contributing to a risk.
Risk Management. An organized, systematic decisionmaking process that efficiently identifies, analyzes, plans, tracks, controls, communicates, and documents risk to increase the likelihood of achieving program/project goals.
Risk (Safety) Assessment. Process of qualitative risk categorization or quantitative risk (safety) estimation, followed by the evaluation of risk significance.
Safe Haven. A location that affords life saving protection in the event of a maximum credible event.
Safety. Freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.
Safety Analysis. Generic term for a family of analyses, which includes but is not limited to: preliminary hazard analysis, system (subsystem) hazard analysis, operating hazard analysis, software hazard analysis, sneak circuit, and others.
Safety Analysis Report (SAR). A safety report of considerable detail prepared by or for the program detailing the safety features of a particular nuclear system or source.
Safety Analysis Summary (SAS). A brief summary of safety considerations for minor sources; a safety report of less detail than the SAR.
Safety Assistance Visit. Onsite evaluations by specialists and safety personnel who, after making spot checks and sampling visits and holding discussions with appropriate levels of management, provide informal or formal reports to the affected organization.
Safety Assurance. The attainment of acceptable risk for the safety of personnel, equipment, facilities, and the public during and from the performance of operations.
Safety Critical. Term describing any condition, event, operation, process, equipment, or system that could cause or lead to severe injury, major damage, or mission failure if performed or built improperly, or allowed to remain uncorrected.
Safety Critical Function. A system, equipment, or facility function or process that, by not performing as intended, causes a safety critical condition or event.
Safety Critical Item. Single failure point or other element or item in a life or mission-essential application that, as determined by the results of failure modes and effects analysis or other safety analysis, is essential to the safe functioning of a system or subsystem.
Safety Device. A device that is part of a system, subsystem, or equipment that will reduce or make controllable hazards which cannot be otherwise eliminated through design selection.
Safety Evaluation Report (SER). A safety report prepared by the INSRP detailing the INSRP's assessment of the nuclear safety of a particular source or system based upon INSRP's evaluation of the program-supplied SAR and other pertinent data.
Safety Margin. Difference between as-built factor of safety and the ratio of actual operating conditions to the maximum operating conditions specified during design.
Safety Oversight. Maintaining functional awareness of program activities on a real-time basis to ensure risk acceptability.
Safety Program. The implementation of a formal comprehensive set of safety procedures, tasks, and activities to meet safety requirements, goals, and objectives.
Safeing. Sequence of events necessary to reconfigure a system to a lower level of risk.
System Safety and Risk Management Assistance Committee (SSARMAC). This committee, established by letter from the Director, Safety and Risk Management Division, in August 1997, is chartered to (1) enhance the development, review, and reengineering of system safety and risk management policies; (2) facilitate the identification and prioritization of system safety research and technology activities; (3) foster the exchange of system safety and risk management experiences and successes within NASA; and (4) serve as a forum for discussion of issues. One member or members (if separate system safety and risk management representatives are needed) will be appointed from each Center and the Jet Propulsion Laboratory.
Serious. When used with "hazard," "violation," or "condition," denotes there is a substantial probability that death or serious physical harm could result.
Significant Root Cause. The major anomalous event immediately preceding a mishap in the absence of which the mishap would not have occurred.
Single Failure Point. An independent element of a system (hardware, software, or human) the failure of which would result in loss of objectives, hardware, or crew.
Sneak Circuit. Unintended system design condition in electrical circuits or software source code not caused by a failure, which can inhibit wanted functions or cause unintended functions to occur through a stimulus, path, or a response relationship.
Sneak Circuit Analysis (SCA). A technique by which the system safety engineer can identify latent conditions (e.g., electrical, hydraulic, or other control systems) not caused by component failure that can inhibit desired functions or cause undesired functions to occur.
Software Hazard Analysis. Identification and verification of adequate software controls and inhibits; and the identification, analysis, and elimination of discrepancies relating to safety critical command and control functions.
Software Safety Critical. Software operations that, if not performed, performed out of sequence, or performed incorrectly, could directly or indirectly cause or allow a hazardous condition to exist.
Supervisor-in-Charge of the Workplace (Establishment). A building manager, building operator, facility manager, facility operations manager (FOM), facility engineering head, or other designated official who normally initiates requests for repairs or maintenance for a particular building of a facility or area within a facility.
System Concept Review (SCR). A review conducted when sufficient system functional requirements have been established. Safety verifies the adequacy of the system requirements definitions, ensures designers are acquainted with interface technical requirements, reviews design approaches to be optimized and complete, and evaluates system interfaces for risks.
System Safety. Application of engineering and management principles, criteria, and techniques to optimize safety and reduce risks within the constraints of operational effectiveness, time, and cost throughout all phases of the system life cycle.
System Safety Manager (SSM). A designated management person who, qualified by training and/or experience, is responsible to ensure accomplishment of system safety tasks.
System Safety Review Panel (SSRP). A mechanism for enhancing the Space Shuttle Program (SSP) system safety management and engineering through informational interchanges, development of concepts to improve the SSP safety program, review of safety documentation, review of SSP integration and cargo integration, review of SSP element-level hazard identification and resolution activities, and recommendations to Level 2 management for hazard report disposition.
Users of Hazardous Material. Users are those personnel who open the incremental hazardous material shipping container, thereby exposing the material to mix, transfer, burn, freeze, pour, vent, react, dispose, or otherwise use or alter the material.
Vacuum System. An assembly of components under vacuum, including vessels, piping, valves, relief devices, pumps, expansion joints, gages, etc.
Vacuum Vessel. A vessel in which the internal pressure has been reduced to a level less than that of the surrounding atmosphere.
Validation. (1) An evaluation technique to support or corroborate safety requirements to ensure necessary functions are complete and traceable; or (2) the process of evaluating software at the end of the software development process to ensure compliance with software requirements.
Variance. Documented and approved permission to perform some act or operation contrary to established requirements.
Verification (Software). (1) The process of determining whether the products of a given phase of the software development cycle fulfill the requirements established during the previous phase (see also validation); or (2) formal proof of program correctness; or (3) the act of reviewing, inspecting, testing, checking, auditing, or otherwise establishing and documenting whether items, processes, services, or documents conform to specified requirements.
Waiver: A variance that authorizes departure from a specific safety requirement where a certain level of risk has been documented and accepted.
| TOC | Change | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | AppendixJ | AppendixK | ALL | |
| | NODIS Library | Program Management(8000s) | Search | |