![[NASA Logo]](../Images/nasaball.gif) |
NASA Procedures and Guidelines |
||||
This Document is Obsolete and Is No Longer Used.
|
|||||
|
|
|||||
|
|
||||
| | TOC | Change | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | AppendixJ | AppendixK | ALL | | |||||
1.1.1 This document provides the procedures that define the NASA Safety Program. Safety program responsibility starts at the top with senior management's role of developing policies and providing strategies and resources and is executed by the immediate task supervisor and line organization. All employees are responsible for their own safety, as well as that of others whom their actions may affect (Requirement 25001). Employees are empowered to call for the halt of any process or operation they believe is unsafe and request analysis by a qualified individual. If the activity is unsafe, the qualified individual will determine the corrective actions needed (Requirement 31814). Employees are also to report any systems designs, operations, processes, or software they feel are unsafe or do not meet safety requirements (Requirement 31815).
1.1.2 In general, the success or failure of an organization's safety efforts can be measured by the number of incidents involving injury or death to personnel, lost productivity (lost or restricted workdays), environmental damage, or loss of, or damage to, property. These failures can also be measured by increased development time, longer cycle time, operational delays, reduced quality, increased costs, loss of program capability, and loss of technical reputation or stature. Like many successful corporations, NASA has learned that aggressively preventing mishaps is good management and good business practice.
1.1.3 NASA undertakes many activities involving a high potential of risk. Management of this risk (which involves identifying and eliminating, minimizing, controlling, or accepting the risk) is one of NASA's most challenging activities and is an integral part of NASA's safety efforts. The focus of risk management and loss prevention priorities and attention are:
1.1.3.1 Public.
1.1.3.2 Astronauts and pilots.
1.1.3.3 NASA workforce.
1.1.3.4 High-value equipment and property.
1.2.1 The policy for the NASA Safety Program is provided in NPD 8710.2, "NASA Safety and Health Program Policy." For specific health program requirements, see NPD 1800.1, "NASA Occupational Health Program."
1.2.2 NASA's goal of a world-class safety program is based on the following four essential components:
1.2.2.1 Management commitment and employee involvement.
1.2.2.2 System and worksite hazard analysis.
1.2.2.3 Hazard prevention and control.
1.2.2.4 Safety and health training.
The objectives of NASA's Safety Program are to affect positively the overall success rate of missions and operations and to prevent injury to personnel, loss of or damage to property, loss of technical stature, or environmental harm. Requisite program principles include the following:
1.3.1 An aggressive and independent safety function for NASA to ensure that its programs/projects are accomplished with proper safety planning (Requirement 25005).
1.3.2 Planning, direction, development of requirements, policies, methodology, procedures, implementation, and evaluation of the safety program to ensure its goals are achieved effectively and efficiently (Requirement 25006).
1.3.3 Compliance with the safety standards issued by the Occupational Safety and Health Administration (OSHA) pursuant to Section 6 of Public Law (PL) 91-596 (the Occupational Safety and Health Act of 1970 as amended), 29 U.S.C. Section 655 (Requirement 25007). If no OSHA standards apply, NASA will develop its own supplementary or alternate NASA standards for safety and mission assurance to support its unique operations, materials, facilities, equipment, procedures, and practices. See NPD 8070.6, "Technical Standards," and NPR 8715.1, "NASA Safety and Health Handbook - Occupational Safety and Health Programs," for further information on the policy for all NASA Technical Standards.
1.3.4 Up-to-date configuration control on equipment and systems (Requirement 25008).
1.3.5 Technical reviews by the developing organization of the safety aspects of all development efforts and operations to ensure that they are being conducted in accordance with sound safety engineering principles (Requirement 25009).
1.3.6 Safety assessments of all systems prior to changes so as to preclude an increase in risk to personnel or equipment (Requirement 25010). Assessments of both qualitative and quantitative safety risks to people or property along with recommendations to either reduce the risks or accept them (Requirement 31816). Final risk acceptance is a management responsibility (Requirement 31817). However, employees have the right to be informed of the risk acceptance process if it affects their personal safety or health.
1.3.7 Investigation of all hazardous conditions, close calls, environmental incidents, and mishaps, without retribution to the employees, and the prompt publication of lessons-learned as part of accident prevention and a continuous improvement effort (Requirement 25011). Procedures for mishap and close call reporting are found in NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, Investigation, and Recordkeeping."
1.3.8 Safety oversight/insight and periodic inspection to ensure compliance with NASA safety policies and assess the effectiveness of NASA safety activities as required by NASA policy, Federal regulations, State regulations where applicable, and national consensus standards (Requirement 25012).
1.3.9 Safety research and development for new or unique safety functions and technologies to establish NASA as a national focal point for safety (Requirement 25013).
1.3.10 Reserved
The NASA Chief Health and Medical Officer is the NASA Designated Agency Safety and Health Official (DASHO), pursuant to Executive Order 12196, Section 1-102. The DASHO coordinates the NASA Occupational Safety and Health Programs (reference NPD 8710.2, "NASA Safety and Health Program Policy"). The authority and responsibility for safety policy and oversight of its implementation are vested in the Safety and Assurance Requirements Division within the Office of Safety and Mission Assurance (OSMA) (Requirement 25211). Responsibility for safety at NASA facilities rests with the Center Directors (Requirement 32643).
Center Directors and the Assistant Administrator for Institutional and Corporate Management shall ensure that --
1.5.1 The safety organization is placed at a high enough level and the program implementation authority is vested in a person sufficiently senior to manage the effort so the safety review function can be conducted independently (Requirement 25015). (High enough level is interpreted to mean that the Safety Assurance Functional Director can interface directly with the Center Director when problems arise.) Center Directors and the Assistant Administrator for Institutional and Corporate Management must also ensure that adequate resources are made available to support the safety efforts and that the safety responsibilities of each organizational element are properly emphasized and accomplished (Requirement 31818). Proper safety organizational alignment will support the importance of safety at all organizational levels.
1.5.1.1 Senior managers incorporate safety considerations into the planning and execution of programs, projects, and operations in their management function (Requirement 31819). The officials to whom they report will evaluate and document this in their performance evaluations (Requirement 31820).
1.5.1.2 Line managers are accountable for the safety of their workers (Requirement 31821). Their supervisors will incorporate measurable performance criteria in line manager's performance plans and evaluate and document results in their performance evaluations (Requirement 31822).
1.5.1.3 Employees must be trained to work safely and to follow prescribed workplace rules to protect their own and their fellow workers' safety and health (Requirement 31823). Managers and supervisors will assure this is included as part of the formal performance evaluation process and will further encourage safe performance through safety incentive awards programs (Requirement 31824).
1.5.2 Centers establish executive safety and health committees or boards in accordance with NPR 8715.1, "NASA Safety and Health Handbook -- Occupational Safety and Health Programs" (Requirement 25016). The board will provide executive oversight, strategic planning, and program implementation in support of the safety and health programs.
1.5.3 Policies, plans, procedures, and standards that define the parameters of the safety program are established, documented, maintained, communicated, and implemented to provide for the appropriate or adequate protection and prevention of loss and damage to personnel, property, material, equipment, and facilities of NASA, other agencies, and the public (Requirement 25017). The Annual Operating Agreements enacted and signed at each Center reflect the agreed support activity level of the Center safety organization to the program/projects and institutional operations at the Centers. (See NPD 8700.1, "NASA Policy for Safety and Mission Success.")
1.5.4 Appropriate safety and mission assurance risk-based acquisition management (R-BAM) requirements are included in procurement, design, development, fabrication, test, or operations of systems, equipment, and facilities and will serve as a basis for awarding any fee on contracts (Requirement 25018). Contractor operations and designs are evaluated for consistency and compliance with the safety provisions of the contract (Requirement 31855). These results are provided to the award fee boards and used to affect the fee determination, where applicable (Requirement 31856). NASA safety personnel are included as regular participants in the procurement process for the acquisition of hardware, software, services, materials, and equipment (Requirement 31857). (See Chapter 2.)
1.5.5 An effective systems safety and mission assurance program based on a continuous risk assessment process is established to include development of safety requirements early in the planning phase, review of the implementation of those requirements during the acquisition, development, and operational phases, and the use of a risk-based hazard assessment and tracking system to maintain status of the hazards during the process (See Chapter 3) (Requirement 25019).
1.5.6 Qualified personnel and appropriate training are provided to support the safe performance of potentially hazardous or critical technical operations and to ensure a qualified safety workforce is available to support the safety assurance function (Requirement 25020). To meet the requirements of the Voluntary Protection Program (VPP), the safety organization (or its support contractors) must employ a certified safety professional (Requirement 31858). Special circumstances involving access to mission critical space systems and other critical equipment may dictate the need for the Personnel Reliability Program (14 CFR Part 1214.5, Mission Critical Space Systems Personnel Reliability Program). (See Chapter 4.)
1.5.7 An ad hoc interagency review and approval process is implemented for the use of radioactive materials in spacecraft and the Space Transportation System to avoid unacceptable radiation exposure for normal or abnormal conditions, including launch aborts with uncontrolled return to Earth (See Chapter 5) (Requirement 25021).
1.5.8 All NASA operations are performed in accordance with existing safety standards and consensus standards, or special supplemental standards when there are no known applicable standards (Requirement 25022). For hazardous operations, special procedures are developed to provide for a safe work environment (Requirement 31859). (See Chapter 6.)
1.5.9 Aviation safety programs tailored to meet the specific operational needs of the NASA Centers are established and maintained to comply with national standards and NASA directives and guidance (Requirement 25023). (See Chapter 7.)
1.5.10 All facilities are designed, constructed, and operated in accordance with applicable/approved codes, standards, and procedures (Requirement 25024). (See Chapters 8 and 9.)
1.5.11 All accidents, incidents, mission or test failures, or other mishaps are promptly investigated for the dominant root cause (Requirement 25025). The emphasis will be on determining what happened without the threat of punitive actions. Continuous improvement is initiated through corrective actions and lessons learned, as specified in NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, Investigating, and Recordkeeping" (Requirement 31860). Events resulting in significant release of pollutants to the environment are coordinated with the cognizant NASA environmental management organization for appropriate response and reporting to regulatory authorities, as specified in NPR 8820.3, "Pollution Prevention" (Requirement 31861).
1.6.1 The first safety value of NASA is to protect the public from any adverse effects of NASA operations. NASA Center Directors, program/project managers, and line supervisors will strive to eliminate the risk or the adverse effect of NASA operations on the public (Requirement 25026). Where NASA can not do this, NASA will provide protection by exclusion or other protective measures (Requirement 31862). If there is a likelihood that the public and surrounding communities could be affected by NASA operations, NASA safety and emergency planning officials will establish cooperative programs with the local communities (Requirement 31863). Local NASA safety and emergency planning officials will perform the following:
1.6.1.1 Ensure community awareness regarding the nature and extent of actual and potential hazards arising from the NASA operations and the measures to be taken to protect the community (Requirement 31864).
1.6.1.2 Jointly develop emergency response plans, including protective action guides, to address the effects posed by hazards from radiological contamination, explosive/propellant mishaps, and toxic chemical spills (Requirement 31865).
1.6.1.3 Participate in community safety activities and cooperate with local authorities to develop response plans to contend with natural disasters such as tornadoes, hurricanes, and floods (Requirement 31866).
1.6.1.4 Coordinate emergency planning, response, and notification activities required by Section 313 of the Emergency Planning and Community Right-To-Know Act (42 U.S.C. Section 11023) involving local jurisdictions with the appropriate NASA environmental management organization, following the procedures established in NPR 8820.3, "Pollution Prevention" (Requirement 31867).
1.6.2 Occasionally, research personnel who are neither contractors or visitors are allowed access to NASA facilities to conduct individual research under grants or cooperative agreements. These research operations must not be allowed to interfere with or damage NASA facilities or operations (Requirement 25027). If their work involves exposure to hazardous operations, the Center safety office shall require them to follow all NASA precautions and to procure protective clothing and equipment at their own expense, if needed (Requirement 31868). Also, if these personnel will be operating or using potentially hazardous NASA equipment, they must receive training and be certified as a qualified operator in accordance with Chapter 4 of this document (Requirement 31869).
The primary purpose of risk assessment is to identify and evaluate risks to support decisionmaking regarding actions to ensure safety and mission success as well as to support decisionmaking in other areas, such as selection of contract type, development of fee incentives and surveillance plans, and information security. The decision (based on all relevant factors) to accept a hazard with its associated risk is a line management responsibility but will require coordination with the cognizant safety official (Requirement 25028). In all cases, when a decision is made to accept a hazard with its associated risk, that decision will be communicated to the next higher management level for review (Requirement 31870). The probability of a mishap coupled with the severity of the possible consequences should be a major consideration in that decision. This is discussed in detail in paragraph 3.5.
Risk assessment analysis should use the simplest methods that adequately characterize the probability and severity of undesired events. Qualitative methods that characterize hazards and failure modes should be used first. Quantitative methods should be used when qualitative methods do not provide an adequate understanding of failure causes, probability of undesired events, or the consequences of hazards or potential failures.
Systems shall be designed to preclude the occurrence of a hazard or to negate or reduce the effect of a hazard that cannot be eliminated (Requirement 25029). (See Chapter 3 for hazard reduction priority.) The level of protection required is a function of the hazard severity and probability, and may be achieved by a combination of availability, reliability, maintainability (restorability), and redundancy (Requirement 31871). Protection levels must include consideration for the possibility of operator error (Requirement 31872).
1.8.1 Failure Tolerance. Safety critical operations that control or are applied to a condition, event, signal, process, or item of which proper recognition, control, performance, or tolerance are essential to safe system operation, use, or function, shall be designed such that the operation or function is assured (Requirement 25030). Design for failure tolerance is driven by system probability of failure requirements in conjunction with incorporation of the proper levels of redundancy. Where there is sufficient time between a failure and the manifestation of its effect, design for restoration to safe operation using spares, procedures, or maintenance may be used as an alternative means of achieving failure tolerance. Where there is not sufficient time for recovery, functional redundancy must be provided (Requirement 31873).
1.8.1.1 An assessment of the probability of failure to provide the function and the estimated time to restore the function shall be used to specify the safety attributes of the design or operation where loss of life, serious injury, or catastrophic system loss is at risk (Requirement 25214). The probability of failure shall be demonstrated to a lower confidence level of 95 percent in concert with a demonstrated mean time to restore (where appropriate) not greater than 50 percent of the estimated time to repair (Requirement 31874). The time-to-repair estimate shall include the combination of the active time to repair and the logistics or administrative downtime that affects the ease or rapidity of achieving full restoration of the failed function (Requirement 31875). In the event where adequate demonstration data cannot be obtained directly to meet the required confidence limits, alternate methods of assuring a satisfactory level of risk must be proposed by the supplier and approved by the customer (Requirement 31876).
1.8.1.2 Use of redundancy to achieve failure tolerance requires specification of acceptable reliability and sufficient redundancy to tolerate two failures or operator errors (either fail-operational or fail-safe) where loss of life or mission critical event could occur and tolerate one failure or operator error (fail-safe) where system loss/damage or personal injury could occur (Requirement 25215). Use of redundancy shall include a verifiable requirement that common cause failures (e.g., contamination, close proximity) do not invalidate the failure tolerance (Requirement 31877). All redundancy in safety critical functions shall be verified under operational conditions (Requirement 31878).
1.8.2 Inhibits. An operation that requires control of a condition, event, signal, process, or item of which proper recognition, performance, or tolerance is essential to safe system operation, use, or function, shall be designed such that an inadvertent or unauthorized event cannot occur (Requirement 25216). Flight critical safety operations shall require three inhibits where loss of life or mission-critical events could occur, and two inhibits where personal injury or system loss or damage could occur (Requirement 31879). All inhibits or procedures in safety critical operations shall be verified under operational conditions (Requirement 31880). This is not to be confused with the lockout/tagout program, which is a program to isolate facility system hazards.
1.8.3 Loss of functional protection shall require termination of the operation at the first stable configuration (Requirement 25031).
1.8.3.1 For systems intended to be operated by humans, rescue and escape can be valid means of life protection, and if used, shall include testing for validation, training, and demonstration (Requirement 31881).
1.8.3.2 At least a single level of protection is required to protect hardware (Requirement 31882). For high-value or high visibility systems, the program shall consider additional protection against loss (Requirement 31883). The associated decision(s) and rationale shall be documented by the program (Requirement 31884).
1.9.1 General.
In addition to normal management surveillance, competent and qualified safety personnel through safety staff assistance visits, inspections, and process verification evaluations shall formally assess the Center safety program annually (Requirement 25032). The Center's safety staff or an independent outside source may perform the formal assessments. These assessments shall perform the following:
1.9.1.1 Evaluate the effectiveness of safety program management (Requirement 31885).
1.9.1.2 Evaluate the implementation of Public Law 91-596, "The Occupational Safety and Health of 1970,"as amended; E.O. 12196, "Occupational Safety and Health Programs for Federal Employees," as amended; OSHA Regulations at 29 CFR Part 1910, "Occupational Safety and Health Standards," and other pertinent Federally mandated requirements (Requirement 31886).
1.9.1.3 Identify hazards and deficiencies in the safety program (Requirement 31887).
1.9.1.4 Evaluate the effectiveness of the abatement process (Requirement 31888).
1.9.1.5 Determine the adequacy of safety standards and procedures (Requirement 31889).
1.9.1.6 Observe compliance with safety practices (Requirement 31890).
1.9.1.7 Verify corrective actions from previous assessments (Requirement 31891).
1.9.2 Review Categories. Three types of qualitative assessments are described below.
1.9.2.1 Safety staff assistance visits are informal onsite evaluations by specialists and safety personnel who, after making spot checks and/or sampling and holding discussions with appropriate levels of management, provide assessments to the affected organization.
1.9.2.2 Safety inspections are in-depth technical reviews conducted at the working or facility level to assess the compliance with safety policies and standards that apply to the particular workplace. The safety inspection team will provide formal reports to the appropriate management level responsible for correcting the deficiencies.
1.9.2.3 Process verification examinations are documented Headquarters-level reviews performed in accordance with pre-approved subject area outlines to verify, by examination and evaluation of objective evidence, whether required safety and mission assurance program elements are in place and functioning. Although the process verification team provides a written report, specific written responses are not required. Corrective actions are documented through normal reporting processes and follow-up assessments.
The receipt of information concerning unsafe conditions, whether received through a report from an employee and verified, or as a result of a workplace inspection, will require the issuance of a Notice of Unsafe or Unhealthful Condition (NF 1390) and may require a NASA Safety and Health Hazard Abatement Form (NF 1584) or equivalent forms (Requirement 25033). These forms are available to NASA employees and contractors at ftp://ftp.hq.nasa.gov/forms/pdf/nf1390.pdf for NASA Form 1390 and ftp://ftp.hq.nasa.gov/pdf/nf1584.pdf for NASA Form 1584. Imminent danger issues will be addressed in accordance with 29 CFR Section 1960.26, "Conduct of Inspections" (Requirement 31893). (See NPR 8715.1, "NASA Safety and Health Handbook -- Occupational Safety and Health Programs," for more information.)
1.10.1 Inspection requirements vary according to the type of unsafe or unhealthful conditions that are reported.
1.10.1.1 An allegation of an imminent danger condition will require an inspection within 24 hours (Requirement 31894).
1.10.1.2 An allegation of a potentially serious condition requires an inspection within three working days (Requirement 31895).
1.10.1.3 Any allegation of other than imminent or serious safety or health conditions shall be inspected within 10 working days (Requirement 31896).
1.10.1.4 Further inspections may not be necessary if the hazardous condition(s) can be abated immediately through normal management action and prompt notification to employees and safety and health committees if the abatement is permanent.
1.10.2 Written reports/notices of safety violations shall be issued not later than 15 working days after completion of the inspection and confirmation by the inspection official (Requirement 25035). Written reports/notices for health violations shall be issued not later than 30 working days after completion of the inspection and confirmation by the inspection official (Requirement 31898).
1.10.2.1 A copy of the notice shall be sent to the supervisor in charge of the workplace, the representative of the employees, and the safety and health committee of the workplace, if any (Requirement 31899).
1.10.2.2 Upon receipt of any notice of an unsafe or unhealthful working condition, the supervisor in charge of the workplace shall post such notice (when required by the safety or health office) at or near each place where the condition exists or existed (Requirement 31900).
1.10.2.3 Each notice shall remain posted (when required) until the unsafe or unhealthful working condition has been abated or for three (3) working days, whichever is later (Requirement 31901).
1.10.3 An Abatement Plan (NF 1584 or equivalent) is required for hazards that cannot be abated within 30 days (Requirement 25036). A copy shall be provided to the safety and health committee and employee representatives as applicable (Requirement 31902). A copy must be provided to the Safety and Assurance Requirements Division if Headquarters advocacy is required to secure funding (Requirement 31903). In all cases, operations will not proceed until alternative procedures are in place to provide temporary mitigation or reduction of the risk to acceptable levels.
1.10.4 As part of the annual OSHA report to the DASHO, Centers shall send the Safety and Assurance Requirements Division a summary of all open Abatement Plans and open variances, and a listing of all Abatement Plans and variances closed during the previous reporting period (Requirement 25037). See paragraph 1.15.2.6 for more information.
1.11.1 General.
It is NASA's intent that maximum use be made of the Nation's most competent safety resources. In keeping with this philosophy, NASA may enlist consultants, interagency and interdisciplinary panels, and ad hoc committees, consisting of representatives from industry (management and union), universities, and government (management and union), to review and advise on the needs of the NASA Safety Program.
1.11.2 Aerospace Safety Advisory Panel (ASAP).
This panel was established by Public Law 90-67 to serve as a senior advisory body to the NASA Administrator. The panel reviews safety studies and operations plans referred to it, prepares reports, and advises the Administrator with respect to the hazards to proposed or existing facilities and operations. See the National Aeronautics and Space Administration Charter of the NASA Aerospace Safety Advisory Panel, November 18, 2003, for further details.
1.11.3 Operations and Engineering Panel (OEP).
This internal NASA panel reports to the Associate Administrator for Safety and Mission Assurance (AA/OSMA). The panel supports the AA/OSMA on special assignments related to facilities operations and engineering activities. The OEP evaluates processes and systems for assuring the continuing operational integrity of NASA test facilities, operations and engineering technical support systems, and problems and issues at Centers, and provides recommendations to management in these areas. The OEP also studies technical support system problem areas and develops alternate solutions or methods for arriving at a solution. See Appendix K, "Operations and Engineering Panel Charter," for further details
1.11.4 International Space Station Independent Assessment Panel (ISSIAP).
The ISSIAP was chartered in the International Space Station Management Agreement dated July 28, 1994. The ISSIAP provides an independent assessment function for AA/OSMA that encompasses the products and activities of all program participants throughout the entire life cycle of the International Space Station (ISS) program. The ISSIAP, to the maximum extent practicable, provides timely identification of program deficiencies and unacceptable risks, and makes recommendations concerning risk acceptability. The activities of the ISSIAP are complementary to the in-line safety, reliability, and quality assurance activities of the ISS program.
1.11.5 System Safety and Risk Management Assistance Committee (SSARMAC).
This committee, established by letter from the Director, Safety and Assurance and Requirements Division, in August 1997, is chartered to (1) enhance the development, review, and reengineering of system safety and risk management policies; (2) facilitate the identification and prioritization of system safety research and technology activities; (3) foster the exchange of system safety and risk management experiences and successes within NASA; and (4) serve as a forum for discussion of issues. One member or members (if separate system safety and risk management representatives are needed) will be appointed from each Center and the Jet Propulsion Laboratory.
1.11.6 The System Safety Review Panel (SSRP) is a mechanism for enhancing the Space Shuttle program (SSP) system safety management and engineering through informational interchanges, development of concepts to improve the SSP safety program, review of safety documentation, review of SSP integration and cargo integration, review of SSP element-level hazard identification and resolution activities, and recommendations to Level 2 management for hazard report disposition. See JSC NSTSPM Directive No. 110, "Space Shuttle Program (SSP) System Safety Review Panel (SSRP) Charter," for further details.
1.11.7 HEDS Assurance Board (HAB).
This board was created pursuant to the "Safety and Mission Assurance for the Human Exploration and Development of Space (HEDS) Enterprise" plan, dated April 3, 1996. Its purpose is to provide senior NASA management with timely, objective, non-advocacy assessments of program health and status and the relative safety posture of the HEDS Enterprise. The HAB assesses the work processes of the SMA community, reviews HEDS programs to ensure that proper attention is being paid to risk, and reviews the overall effectiveness of the hardware, software, and operational aspects of HEDS programs to assure safety and mission integrity. The HAB places special emphasis on the transition to the Space Flight Operations Contract and from NASA oversight to insight. The Board is chaired by the AA/OSMA, and includes the SMA directors from Johnson Space Center, Kennedy Space Center, and Marshall Space Flight Center; the Chair of the Space Flight Safety Panel; the HEDS Independent Assurance Director; and the SMA managers for the Space Shuttle program and the International Space Station program.
1.11.8 Space Flight Safety Panel.
This panel was established to promote flight safety in NASA space flight programs involving flight crews and to advise appropriate Associate Administrators on all aspects of the crewed space program that affect flight safety. See NPR 1000.3, paragraph 6.21, for further details.
1.11.9 Pre-launch Assessment Review (PAR) Panel
The PAR process is a series of incremental OSMA reviews held for each Space Shuttle mission and presented to senior SMA management. During this process, appropriate assessments are presented by program SMA personnel to certify that the SMA organizations have satisfactorily fulfilled the requirement to perform in-line assurance oversight and independent assessments of changes in risks associated with Space Shuttle hardware, software, processes, and operations. These assessments are performed to verify that the program properly addresses safety and mission assurance. The incremental PAR reviews and the readiness statements signed at the completion of the reviews relate directly to the presentation subject matter. The Certification of Flight Readiness endorsements by SMA organizations and AA/OSMA are based on results of the assessments made in support of the PAR process and the developed rationale for flight. The PAR is chartered by NSTS 22778, "Commit to Flight Assessment Review Process Operating Plan."
1.11.10 Payload Safety Review Panel.
This panel is established by the Manager, Space Shuttle Program, and the Manager, International Space Station Program, to review the flight safety aspects of Space Shuttle payloads and International Space Station experiments and cargo. The panel is responsible for conducting safety reviews as defined in NSTS/ISS 13830C, "Payload Safety Review and Data Submittal Requirements for Payloads using the Space Shuttle and International Space Station." The panel is responsible for assuring the implementation of NSTS 1700.7B, "Safety Policy and Requirements for Payloads Using the Space Transportation System," and NSTS 1700.7B Addendum, "Safety Policy and Requirements for Payloads Using the International Space Station." See JSC Policy Charter, JPC 1152.4K, "Space Shuttle Payload Safety Review Panel (PSRP)," for further details.
1.11.11 Ground Safety Review Panel.
This panel is established to review the ground safety aspects of Space Shuttle payloads and International Space Station flight hardware, experiments, and cargo. The panel is responsible for conducting safety reviews as defined in NSTS/ISS 13830C, "Payload Safety Review and Data Submittal Requirements for Payloads using the Space Shuttle and International Space Station," and SSP 30599, "Safety Review Process." The panel is responsible for assuring the implementation of KHB 1700.7, "Kennedy Space Center Payload Ground Safety Handbook." See KMI 1150.24, "Ground Safety Review Panel," for further details.
1.11.12 ISS Safety Review Panel.
This panel is established to review the safety aspects of International Space Station flight hardware during the launch, return, and on-orbit mission phases as well as the safety of any visiting vehicles. This panel is co-chaired by representatives of the Space Shuttle and International Space Station programs. The panel is responsible for conducting safety reviews as defined in SSP 30599, "Safety Review Process." The panel is responsible for assuring the implementation of SSP 50021, "Safety Requirements Document." More details can be found in the ISS Safety Review Panel Charter.
1.11.13 Ad Hoc Committees.
Center Directors and the Associate Administrator for Safety and Mission Assurance may establish ad hoc committees to provide safety oversight review of programs, projects, and other activities.
1.12.1 The Office of Safety and Mission Assurance, in close coordination with the Office of External Relations (for exchanges with the Department of Defense, intelligence agencies, and foreign entities) and in consultation with the NASA Office of General Counsel, shall establish guidelines for exchanging safety information (Requirement 25038). New and different methods and practices that may be beneficial to the NASA Safety Program should be brought to the attention of the responsible Headquarters Office by those that may encounter these practices used outside NASA.
1.12.2 Participation by NASA safety professionals in outside safety-related professional organizations is encouraged. Examples are functions and committees of the National Safety Council, National Fire Protection Association, DOD Explosive Safety Board, National Academy of Sciences, System Safety Society, Federal Agency Committee on Safety and Health (FACOSH), American Society of Safety Engineers, Field Federal Safety and Health Councils, and the Joint Army, Navy, NASA, Air Force (JANNAF) propulsion committee (and subcommittee).
1.13.1 The NASA Emergency Preparedness Plan is NASA's part of the Government program to maintain critical Government functions during national emergencies ranging in severity from fires and civil riots to a full-scale military attack on the United States. Emergency plans shall be in place, discussed with the appropriate personnel, and exercised periodically for all NASA activities so that reaction to emergency situations is rapid and effective (Requirement 25039). Such plans will cover the response to national and local emergencies, disasters, and mishaps, and the attendant communication of information.
1.13.2 NPD 8710.1, "Emergency Preparedness Program Policy," and NPR 8715.2, "NASA Emergency Preparedness Program Plan Procedural Requirements " establish NASA policy, requirements, and procedures in this regard. Center Directors are responsible for preparing their organizations to handle emergencies and disasters effectively and for developing the Center emergency plan (Requirement 25040).
The following paragraphs provide a policy overview and identify the responsibilities and the primary types of safety performance to be recognized.
1.14.1 NASA is committed to continued improvement of safety in all operations. NASA's policy is to stimulate the participation of employees in this effort. The presentation of awards is considered appropriate for recognizing outstanding safety-related performance/contributions and is an effective means of encouraging safety excellence.
1.14.2 NASA recognizes responsible individuals and organizations for the following:
1.14.2.1 Taking significant safety initiatives.
1.14.2.2 Making truly innovative safety suggestions.
1.14.2.3 Meeting major safety goals.
1.14.2.4 Making significant achievements leading to the safer and more effective use of resources or execution of NASA operations.
1.14.2.5 Encouraging and rewarding safety excellence among employees (applies to supervisors).
1.14.3 NASA safety awards shall recognize the safety achievements of NASA and other Federal Government employees supporting NASA objectives in all occupational categories and grade levels (Requirement 25041). NASA safety awards programs also may provide for the recognition of non-Government personnel (e.g., JPL employees) supporting NASA objectives.
1.14.4. The Space Flight Awareness (SFA) Employee Motivation and Recognition Program for NASA, supporting Government agencies, private industry, and international organizations, promotes safety, particularly for human space flight programs. The goal of this program is to instill in employees the need to reduce human errors and mistakes that could lead to space flight mishaps and mission failure.
Efficient communication of safety information is necessary to meet the needs of safety officials and the managers they support. This includes communications between and among operational and safety organizations. NASA safety organizations will pursue every practical means for communicating verbal and written safety management information, lessons learned, and statistics. Examples of NASA information systems are the Incident Reporting Information System (IRIS) and the Lessons Learned Information System (LLIS). Records and reports of accidents, occupational injuries, incidents, failure analyses, identified hazards, mishaps, appraisals, and like items contain information necessary for developing corrective measures and lessons learned.
1.15.1 Recordkeeping and Reporting Requirements.
NASA shall maintain detailed records of occupational injuries that are reported to OSHA in accordance with 29 CFR 1960, Subpart I, "Recordkeeping and Reporting Requirements," and NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, Investigating, and Recordkeeping" (Requirement 25043). Detailed information is provided in NPD 3810.1, "Processing Claims Under the Federal Employees Compensation Act." Safety forms and reports are retained per NPR1441.1, "NASA Records Retention Schedules."
1.15.1.1 Employees are allowed access to these data and their medical exposure records in accordance with Federal regulations (29 CFR 1960).
1.15.1.2 NASA also publishes a periodic Safety Program Status Report for internal Agency use.
1.15.2 Furnishing of Documents to NASA Headquarters.
The following documents shall be provided or made accessible (through internet web site) to the Director, Safety and Assurance Requirements Division:
1.15.2.1 Center executive safety committee or board documentation (e.g., minutes and reports) (Requirement 31904).
1.15.2.2 Results of external (such as OSHA) safety program management reviews (Requirement 31905).
1.15.2.3 Top-level Center or program safety procedure documents that implement Headquarters requirements (Requirement 31906). Electronic versions or web addresses are acceptable and should be forwarded in conjunction with the data for the annual report.
1.15.2.4 Major mishap reports as required by NPR 8621.1, "NASA Procedural Requirements for Mishap Reporting, Investigating, and Recordkeeping" (Requirement 31907).
1.15.2.5 Copies of comments sent to outside regulatory agencies (e.g., OSHA, Department of Transportation (DOT), Environmental Protection Agency (EPA)) concerning proposed rule-making that could affect the NASA Safety Program (Requirement 31908).
1.15.2.6 In conjunction with the input for the annual report, a summary of open safety abatement plans and variances and a listing of those closed during the reporting period (Requirement 31909).
1.15.2.7 Copies of safety variances granted at the Center or the program/project level (see paragraph 1.20) (Requirement 317910).
1.15.3 Safety managers will maintain an approximate census of Government and contract employees by organization or contractor company.
Safety lessons learned during the performance of management and technical functional activities or mishap or close call investigations shall be developed and disseminated to program managers and throughout NASA Centers and Headquarters by cognizant personnel to improve understanding of hazards, prevent the occurrence of accidents, and suggest better ways of implementing system safety programs (Requirement 25047). In addition to contributing appropriate information to the LLIS, safety managers will include this information in program, procurement, and Center newsletters to communicate more effectively with management. Lessons learned that indicate the need to revise source documents (e.g., policies, procedures, specifications, and standards) shall be submitted directly to the person(s) preparing the document (Requirement 31911). The LLIS will provide a library of lessons learned data for use by program managers, design engineers, operations personnel, and safety personnel. Procedures for disseminating lessons learned can be found at the following Internet address: http://llis.nasa.gov/.
The NSRS is a confidential, voluntary, and responsive safety reporting system that provides a direct channel for NASA employees and contractors to notify the Safety and Assurance Requirements Division of safety concerns. The NSRS enables safety personnel to identify safety problems and implement corrective actions independently. The nature of corrective actions may be engineering, manufacturing, administrative, procedural, or operational. All involved safety professionals having timely information about actual hazards is of the highest priority. The NSRS has been established to collect, evaluate, and communicate such information in a timely and accurate manner. It is intended to supplement, not replace, existing local hazard reporting systems when those systems do not resolve an individual's safety concerns.
Information about the NSRS and a copy of the NSRS form can be found at the following Internet address: http://www.hq.nasa.gov/office/codeq/nsrsindx.htm
The NSRS will be implemented at all NASA Centers (Requirement 25048). NASA contracting officers are encouraged to implement the NSRS program at contractor facilities by citing the NASA FAR Supplement Clause (NFS 1852.223-70). Pre-addressed postage-paid forms can be obtained at any Center Safety Office. Forms should be mailed to:
1.18.1 The goals of the Safety and Assurance Requirements Division documentation effort are to update and clarify top policy directives, separate policy from guidance, and reduce repetition and cross-linking between directives.
1.18.2 The documentation tree represents the Safety and Mission Assurance top level NASA Policy Directives, NASA Procedural Requirements, applicable NASA Technical Standards, and other top level documents in the NASA Safety Program. The Safety and Mission Assurance documentation tree is posted on the Internet at: http://www.hq.nasa.gov/office/codeq/qdoc.pdf.
1.19.1 The primary objective of the NASA safety variance policy is to define the roles of Headquarters, Centers, program managers, and safety personnel in such a way that Headquarters will maintain control over the requirements it sets while providing the Centers and program managers with the responsibility and freedom to accept risks necessary to accomplish their tasks. This is consistent with an ISO 9001 requirement of maintaining process control of services that an organization provides. It is NASA's preference to comply with requirements through an abatement process. Where this is impossible for whatever reason, then a variance may be considered.
1.19.1.1 The following definitions apply to the NASA safety variance approval policy:
a. Variance: Documented and approved permission to perform some act or operation contrary to established requirements.
b. Deviation: A documented variance that authorizes departure from a particular safety requirement that does not strictly apply or where the intent of the requirement is being met through alternate means that provide an equivalent level of safety with no additional risk. The OSHA term for deviation is alternate or supplemental standard only when it applies to OSHA requirements.
c. Waiver: A variance that authorizes departure from a specific safety requirement where a special level of risk has been documented and accepted.
d. Shall: The word "shall" indicates that the rule is mandatory. Noncompliance with a "shall" statement requires approval of a variance. Use of the word "shall" is preferred when writing mandatory NASA safety requirements; however, the words "will" and "must" are used at times to indicate mandatory requirements and have the same interpretation as "shall."
Note: Within NASA S&MA Directives (NPDs and NPRs), requirements are indicated by the word "Requirement" following a sentence. This indication designates a requirement regardless of the phrasing (shall, should, will, etc.) used. Any text not designated a requirement is for information and contextual purposes only.
e. Should: The word "should" indicates that the rule is a recommendation, the advisability of which depends on the facts in each situation. Implementation of a "should" statement is at the discretion of the local officials.
1.19.1.2 The NASA variance process does not apply to Federal and applicable State/local regulations (e.g., OSHA, Cal OSHA). Any variance of a Federal or State/local regulation must be approved by the appropriate Federal/State/local agency (e.g., NASA Alternate Safety Standard for Suspended Load Operations approved by OSHA) (Requirement 25234). The Safety and Assurance Requirements Division shall review all proposed safety variances of Federal regulations before submittal for approval (Requirement 31912).
1.19.1.3 The NASA Headquarters safety variance policy is provided in Table 1.1. It applies to all Agency safety requirements unless otherwise specified in the appropriate requirements document. Variance policies developed for specific safety programs shall follow this general policy as closely as possible (Requirement 25051).
1.19.1.4 When a variance is approved by Headquarters and is considered appropriate for use throughout the Agency, it shall be distributed as an interim change to the applicable requirements document(s) (Requirement 25052).
1.19.1.5 All requests for variance will be accompanied by documentation as to why the requirement can not be met, the risks involved, alternative means to reduce the hazard or risk, the duration of the variance, and comments from any affected employees or their representatives (if the variance affects personal safety) (Requirement 25053). Variances will normally be approved by the Safety and Assurance Requirements Division for up to 5 years. Variances approved at the Center or program level can remain in place as long as Headquarters status reporting is current.
Table 1.1 - NASA Safety Risk Acceptance and Approval Process Matrix
| Type of Document | Wording | Require-ment Specified In: |
Routing (see Note A) |
Approval Level and duration (see Note B) | After Action Reporting and Statusing Requirements |
| Federal | Policy | N/A | Through Program System Safety Manager or Center Safety Director, Center Director and NASA HQ/QS in-turn | Issuing Federal Agency | Assessed and statused annually with input for OSHA report |
| State | Policy | N/A | Through Program System Safety Manager or Center Safety Director and Center Director | Issuing State Agency | Assessed and statused annually with input for OSHA report |
| NPD | Policy | N/A | Through Program System Safety Manager or Center Safety Director and Center Director | NASA HQ IPO or Enterprise | Assessed and statused annually with input for OSHA report |
| NPR | Shall | N/A | Through Program System Safety Manager or Center Safety Director | Center Director * |
To NASA HQ/QS within 14 days and then assessed and statused annually with input for OSHA report |
| NPR | Should | N/A | Through Program System Safety Manager or Center Safety Director | Directorate level Facility Manager or Program Manager |
To NASA HQ/QS Quarterly and then assessed and statused annually with input for OSHA report |
| Standard | Shall | NPD | Through Program System Safety Manager or Center Safety Director and Center Director | NASA HQ IPO or Enterprise | Assessed and statused annually with input for OSHA report |
| Standard | Shall | NPR | Through Program System Safety Manager or Center Safety Director | Center Director * |
To NASA HQ/QS within 14 days and then statused annually with input for OSHA report |
| Standard | Should | N/A | Through Program System Safety Manager or Center Safety Director | Program or facility manager | Not required |
Note A: The lowest organizational or program level of management having responsibility to implement safety requirements (e.g. facility manager, program systems manager, first line supervisory personnel) will assess, prepare, and submit a variance request through the appropriate levels of authority to the official with final approval authority (Requirement 31913). Safety officials (both program and Center as applicable) will concur or nonconcur with the request but will not serve as the responsible approving official (Requirement 31914).
Note B: Using the guidelines of this matrix, the final approval is the responsibility of the listed manager or director who, by their position, has the authority to accept the risk. Variances approved against mandatory ("shall") requirements are valid for up to 5 years. Variances approved against advisory ("should") provisions at the directorate or program level can remain in place as long as annual assessment and reporting is maintained.
Example: A variance request to a requirement stated in an NPR (fourth row of matrix) that uses the word shall would be routed through the Center Safety Director for concurrence and approved or denied by the Center Director. A copy would then be sent to NASA HQ/QS within 14 days along with the detailed rationale for its approval and other documentation. Annual status reports will be provided to HQ/QS concurrently with the input to the annual OSHA report.
*Approval is allowed at this level if the specific requirement is not implementing Federal regulatory policy. In those cases, forward to NASA HQ/QS for variance request to applicable Federal agency.
| TOC | Change | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | AppendixJ | AppendixK | ALL | |
| | NODIS Library | Program Management(8000s) | Search | |