| NODIS Library | Program Management(8000s) | Search |

NASA Ball NASA
Procedural
Requirements
NPR 8000.4B
Effective Date: December 06, 2017
Expiration Date: December 06, 2022
COMPLIANCE IS MANDATORY FOR NASA EMPLOYEES
Printable Format (PDF)

Subject: Agency Risk Management Procedural Requirements

Responsible Office: Office of Safety and Mission Assurance


| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | AppedixD | ALL |

Chapter 2. Roles and Responsibilities

2.1 General

2.1.1 The implementation of the requirements of this NPR is the responsibility of Mission Directorates, Headquarters Mission Support Offices, Center Directors, and program/project managers. They are responsible for determining which organizational units within their domains are subject to the risk management requirements in this NPR, including the staffing and execution of the risk management function.

2.1.2 Some requirements in this NPR are identified as applying only to organizational units of a particular type, such as Center support units or program/project units. Where the type of unit is not specified, requirements should be understood to apply to all types of organizational units.

2.1.3 Risks of all kinds are addressed in this NPR, but management of institutional risks is the focus of Headquarters and Center mission support and institutional organizations, while management of mission execution risks is the focus of program/project organizational units.

2.2 Organizational Roles and Responsibilities

2.2.1 Per NPD 1000.0, risk management at the Agency level is the responsibility of the Chairs of the Agency's Management Councils.

2.2.2 Mission Directorate Associate Administrators specify organizational units within their Directorates responsible for the implementation of the requirements of this NPR.

2.2.3 Program/project managers specify the organizational units and the hierarchy within their respective domains to which the requirements of this NPR apply.

2.2.4 Headquarters Mission Support Office heads and Center Directors specify the organizational units and the hierarchy within their respective domains to which the requirements of this NPR apply.

2.2.5 The Chief, Safety and Mission Assurance:

a. Verifies that this NPR is appropriately implemented across the Agency.

b. Prepares an assessment process to be used to establish compliance determinations across Mission Directorates, programs and projects, Centers, and Headquarters Mission Support Offices.

c. Collaborates with other key stakeholders to ensure that handbooks and training opportunities are available to facilitate implementation of this NPR.

2.2.6 The Chief Information Officer develops and implements the Agency's Information Technology (IT) Risk Management framework, compatible with both the NIST risk management framework and the risk management framework in this NPR, for managing risks to NASA's IT infrastructure.

2.2.7 Capability portfolio managers (e.g., the Manager for Rocket Propulsion Testing (RPT) Program), in collaboration with the stakeholders identified in NPD 1000.3, risk-inform the development and implementation of their respective asset and capability portfolios for the Agency.

2.3 Individual Accountabilities for Risk Acceptance

2.3.1 Programmatic authorities, e.g., program/project managers are accountable for risk acceptance decisions for their programs or projects, commensurate with their delegated authority.

2.3.2 Center Directors are accountable for risk acceptance decisions for institutional activities at their Centers.

2.3.3 Formally delegated Technical Authorities are accountable for:

a. Concurrences in the soundness of the technical (safety, engineering, health and medical) cases relied upon by the organizational unit managers in acceptance of risk to safety or mission success;

b. Concurrences that risk acceptance decisions are within the authority of the organizational unit managers;

c. Concurrences that the risk is acceptable (per NPD 1000.0);

Note: The Technical Authority (TA's) concurrence that the risk is acceptable includes agreement that the decision appropriately balances Agency priorities in the consideration of safety, mission success, cost, and schedule.

d. Nonconcurrences regarding a, b, or c, above, and elevation of the decision to the next higher level of management in accordance with the dissenting opinion process (NPD 1000.0).

Note: The TA role also includes framing safety and mission success issues of concern (potentially underappreciated risks) in terms of candidate risks for formal adjudication and disposition by the organizational unit managers.

2.3.4 When there is risk to humans, the actual Risk Takers (e.g., astronauts, pilots) (or official spokesperson[s] and official supervisory chain) are accountable for consenting to assume the risk.

Note: The Administrator is the official Agency spokesperson to consent to any exposure to human safety or property risk on behalf of the general public.



| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | AppedixD | ALL |
 
| NODIS Library | Program Management(8000s) | Search |

DISTRIBUTION:
NODIS


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.