| NODIS Library | Program Management(8000s) | Search |

NPR 8000.4B
Effective Date: December 06, 2017
Expiration Date: December 06, 2022
Printable Format (PDF)

Subject: Agency Risk Management Procedural Requirements

Responsible Office: Office of Safety and Mission Assurance

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | AppedixD | ALL |


P.1 Purpose

a. This NASA Procedural Requirements (NPR) provides the requirements for risk management for the Agency, its institutions, and its programs and projects as required by NPD 1000.0; NPD 7120.4; NPD 8700.1, and other Agency directives. Risk management includes two complementary processes: Risk-Informed Decision Making (RIDM) and Continuous Risk Management (CRM).

b. This NPR establishes requirements applicable to all levels of the Agency's organizational hierarchy. It provides a framework that integrates the RIDM and CRM processes across levels. It requires formal processes for risk acceptance and accountability that are clear, transparent, and definitive. This directive also establishes the roles, responsibilities, and authority to execute the defined requirements Agency-wide. It builds on the principle that program, project, and institutional requirements should be directly coupled to Agency strategic goals and applies this principle to risk management processes within all Agency organizations at a level of rigor that is commensurate with the stakes and complexity of the decision situation that is being addressed.

c. The implementation of these requirements leads to a risk management approach that is coherent across the Agency in that (a) it applies to all Agency strategic goals and the objectives and requirements that derive from them, (b) it addresses all sources of risk, both internal and external to NASA, (c) all risks are considered collectively during decision-making, and (d) risk management activities are coordinated horizontally and vertically, across and within programs, projects, and institutions, to ensure timely identification of cross-cutting risks and balanced management of risks Agency wide.

d. This directive contains requirements for risk management. Detailed explanations, descriptions, and technical guidance are provided in associated handbooks, including NASA/SP-2011-3422, NASA Risk Management Handbook (Reference D.7).

P.2 Applicability

a. This directive is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This directive applies to Jet Propulsion Laboratory (JPL) (a Federally-Funded Research and Development Center), other contractors, recipients of grants, cooperative agreements, or other agreements only to the extent specified or referenced in the applicable contracts, grants, or agreements.

b. This directive applies to all Agency activities, including new and existing programs and projects that provide aeronautics and space products or capabilities, i.e., flight and ground systems, technologies, and operations for aeronautics and space.

c. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms "may" or "can" denote discretionary privilege or permission; "should" denotes a good practice and is recommended, but not required; "will" denotes expected outcome; and "are" and "is" denotes descriptive material.

d. In this directive, all document citations are assumed to be the latest version unless otherwise noted.

P.3 Authority

a. The National Aeronautics and Space Act, 51 U.S.C. § 20113(a).

b. NPD 1000.0, Governance and Strategic Management Handbook.

P.4 Applicable Documents and Forms

a. NPD 1200.1, NASA Internal Control.

b. NPD 1440.6, NASA Records Management.

c. NPD 2810.1, NASA Information Security Policy.

d. NPD 7120.4, NASA Engineering and Program/Project Management Policy.

e. NPD 8700.1, NASA Policy for Safety and Mission Success.

f. NPD 8900.5, NASA Health and Medical Policy for Human Space Exploration.

g. NPR 1441.1, NASA Records Management Program Requirements.

h. NPR 7120.5, NASA Space Flight Program and Project Management Requirements.

i. NPR 7123.1, NASA Systems Engineering Processes and Requirements.

j. NPR 8705.4, Risk Classification for NASA Payloads.

P.5 Measurement/Verification

Compliance with the requirements contained in this directive will be verified through the application of the assessment process required by paragraph 2.2.5.b.

P.6 Cancellation

a. NPR 8000.4A, Risk Management Procedural Requirements, dated December 16, 2008.

b. NASA Interim Directive (NID) Agency Risk Management Procedural Requirements, dated October 24, 2016.

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | AppedixD | ALL |
| NODIS Library | Program Management(8000s) | Search |


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.