Effective Date: July 06, 2020
Expiration Date: July 06, 2025
|| TOC | ChangeHistory | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | AppendixJ | ALL ||
Advisor. For a mishap investigation, an advisor is a Federal employee appointed to or engaged by the investigating authority in a non-voting role for domain knowledge and advice.
Aircraft Flight Mishap.
a. A mishap occurrence associated with the operation of an aircraft that takes place between the time any person boards the aircraft with the intention of flight and all such persons have disembarked, and in which any person suffers a fatality or serious injury, or in which the aircraft receives substantial damage.
b. A mishap occurrence associated with the operation of public or civil unmanned aircraft system that takes place between the time the system is activated with the purpose of flight and the time the system is deactivated at the conclusion of its mission, and in which any person suffers a fatality or serious injury, or in which the aircraft receives substantial damage.
Aircraft Ground Mishap. A mishap involving an aircraft or unmanned aircraft system that does not meet the threshold of an Aircraft Flight Mishap, and in which any person suffers a fatality or serious injury, or in which the aircraft receives substantial damage.
Agency-Level Directive. A NASA directive with Agency-wide applicability; that is, NASA Policy Directives (NPDs), NASA Procedural Requirements (NPRs), and NASA Interim Directives (NIDs).
Appointing Official. The official authorized to appoint the investigating authority for a mishap or close call; accept the investigation of another authority; receive endorsements and comments from endorsing officials; and approve the mishap investigation report.
Approved Mishap Investigation Report. The final mishap investigation report authorized for public release.
Barrier. A physical device intervention (e.g., a guardrail) or an administrative intervention that can provide procedural separation in time and space (e.g., lock-out/tag-out procedure) used to reduce risk of the undesired outcome.
Cause. An event or condition resulting in an effect. Anything that shapes or influences the outcome. A cause must precede and be necessary and sufficient on its own to bring about the undesired outcome of a mishap.
Center High Visibility. An event where the Center chooses to apply NASA High Visibility severity criteria (Type A or Type B mishap potential) for a locally assigned Type C, Type D, or close call investigation, using greater scope and depth than typically conducted according to the Center MPCP. Out brief and endorsements may be conducted entirely at the Center level.
Center Safety Office. The Center safety organization responsible for reporting and recording mishaps.
Chairperson. The individual in charge of a mishap investigation board or mishap investigation team.
Close Call. An event requiring first aid treatment or less, or property damage/mission failure direct cost of less than $20,000, but has NASA mishap potential considering and documenting either most likely or worst case estimates by the responsible organization.
Cognizant Safety Office. The responsible Safety Office within the host Center Safety and Mission Assurance Directorate that hosts the project or has been assigned safety and mission assurance accountability for the program.
Condition. A single as-found state.
Consultant. For a NASA mishap investigation, a consultant is a non-Government subject matter expert engaged by the investigating authority for domain knowledge and analysis or opinion.
Contingency. For planning, an emergency or urgent need that is regarded as unlikely but requiring some extent of pre-determined action if it occurred.
Contributing Factor. An event or condition that may have contributed to the occurrence of an undesired outcome, but if eliminated or modified, would not on its own have prevented the occurrence.
Control. An active mechanism used to detect the initiating event or the hazard or both, and enable an active device (hardware, software, environmental, or human) to prevent or reduce the likelihood of the hazard affecting a target. Controls minimize effects of the initiating event by detecting and correcting them before bringing about an undesired outcome.
Corrective Action. Any change that results in preventing, minimizing, or limiting the potential for occurrence of an incident (e.g., design processes, work instructions, workmanship practices, training, inspections, tests, procedures, specifications, drawings, tools, equipment, facilities, resources, material, and so on).
Corrective Action Plan Closure Statement. A final statement made by the appointing official documenting all corrective actions have been completed and the Corrective Action Plan is closed.
Damage. Either material or mission objective loss that is calculable as a Direct Cost (see Direct Cost of Mishap or Close Call).
Direct Cost of Mishaps or Close Calls. For mishap classification, the sum of the costs (the greater value of actual or fair market value) of damaged property and/or destroyed property (public or NASA), or mission failure, actual cost of repair or replacement, labor (actual value of replacement or repair hours for internal and external or contracted labor), cost of the lost commodity (e.g., cost of the fluid lost from a ruptured pressure vessel), as well as resultant costs such as environmental decontamination, property cleanup, and restoration, or the estimate of these costs.
Endorsing Official. An official who reviews the signed mishap investigation report and provides a signed written endorsement, comments, and when not the appointing official, a recommendation for the report approval or rejection by the appointing official.
Event. A real-time occurrence describing one discrete action, typically an error, failure, or malfunction (e.g., pipe broke, power lost, lightning struck, and person opened valve).
Event and Causal Factor Tree. A graphic representation of the mishap or close call that shows the event (accident) at the top of the tree; depicts the logical sequence of events; illustrates all causal factors (including conditions and failed barriers) necessary and sufficient for the mishap or close call occurrence; and depicts the root causes at the bottom of the tree.
Evidence. Everything used to support or refute a hypothesis or finding. For a safety investigation, the types of evidence are physical (e.g., hardware), demonstrable (24 hours in one day), witness interview, and documentary (witness statement, logbooks, and electronic data).
Ex Officio. An individual tasked to ensure the investigation conducted conforms to NASA policy and this NPR.
Executive Summary. A top-level summary, which is part of the mishap investigation report, describing the circumstances of a mishap including who, what, when, where, and why, and a description of the proximate and root causes. The executive summary should be worded where possible to meet NASA’s Office of Communications criteria for public release.
Fault Tree Analysis. An analytical technique whereby an undesired system state is specified, and the system is then analyzed in the context of its environment and operation to find all credible ways in which the undesired event can occur.
Federal employee. (Per 5 U.S.C. pt. 2101)
a. Civil service consists of all appointive positions in the executive, judicial, and legislative branches of the Government of the United States, except positions in the uniformed services.
b. Armed forces means the Army, Navy, Air Force, Marine Corps, and Coast Guard.
c. Uniformed services means the armed forces, the commissioned corps of the Public Health Service, and the commissioned corps of the National Oceanic and Atmospheric Administration.
Finding. A conclusion, positive or negative, based on facts established by the investigating authority during the investigation (i.e., cause, contributing factor, and observation).
First Aid. Refer to OSHA definition in 29 CFR pt. 1904.
Final Mishap Investigation Report. The signed mishap investigation report with endorsements and comments attached.
Flight Hardware. Any hardware that is flown on or part of an aircraft, experimental flight vehicle, satellite, lighter than air vehicles, unoccupied aerial vehicle, or space transportation system.
Flight Software. Any software that is flown on or part of an aircraft, experimental flight vehicle, satellite, lighter than air vehicles, unoccupied aerial vehicle, or space transportation system.
Hazard. A state or a set of conditions, internal or external to a system, having the potential to cause harm.
High-Visibility Mishap or Close Call. A mishap or close call, regardless of the amount of property damage or personnel injury, that the Administrator; Chief, Safety and Mission Assurance, Office of Safety and Mission Assurance; Center Director, Associate Administrator, Mission Support Directorate (AA, MSD); Aircraft Management Division Director; or Center Safety and Mission Assurance Director judges to possess a high degree of safety risk, programmatic impact or public, media, or political interest including, but not limited to, mishaps and close calls affecting flight hardware or software, or completion of critical mission milestones.
Hull Loss. An aircraft damaged to the extent that repair is not economically feasible. This includes destroyed and missing aircraft (exception: unmanned aircraft).
Human Error. Either an action that is not intended or desired by the human or a failure on the part of the human to perform a prescribed action within specified limits of accuracy, sequence, or time that fails to produce the expected result and has led or has the potential to lead to an unwanted consequence.
a. A body of scientific facts about human characteristics, capabilities, and behavior. The term includes, but is not limited to, principles and applications in the areas of human engineering, personnel selection, training, life support, job performance aids, and human performance evaluation.
b. A body of information about human abilities, human limitations, and other human characteristics from a physical and psychological perspective relevant to the design, operations, and maintenance of complex systems.
Human Factors Analysis. The study of how people interact with their environment. Physiological, psychological, and organizational behaviors are evaluated. Human factors analysis is an important component of mishap investigation. Determining why, how, and where human behaviors contributed to mishaps and close calls is key to preventing future mishaps.
Human Factors Investigator. An investigator with expertise in human factors and mishap causation who has primary responsibility to assist in data collection and analysis; determine the manner in which human factors caused or contributed to the mishap or close call; evaluate relevant human error and determine its root causes; and generate recommendations to eliminate or reduce error occurrence or minimize the error's negative effects to prevent the occurrence of a similar mishap.
Incident. An occurrence of a mishap or close call.
Incident Commander. The person responsible for directing or controlling resources by means of explicit legal, Agency, or delegated authority. The incident commander is responsible for all aspects of incident response including developing objectives, managing operations, setting priorities, and defining the Incident Command System organization for the particular response.
Initiating Event. An active energy transfer event from a hazard with the potential to affect a valued target and lead to an undesired outcome.
Interim Response Team. A team called to the mishap scene immediately after an incident to secure the scene; document the scene using photography, video, sketches, and debris mapping; identify witnesses; collect written witness statements and contact information; preserve evidence; impound evidence at the scene and other NASA locations as needed; collect debris; implement the chain-of-custody process for the personal effects of the injured and deceased; notify the Public Affairs Office about casualties, damages, and potential hazards to the public and NASA personnel; advise the supervisor if drug testing should be initiated; and provide all information and evidence to the investigating authority. The team is considered interim because it operates as a short-term response team and concludes its mishap response activities when the official NASA-appointed investigating authority takes control.
Intermediate Cause. An event or condition that existed before the proximate cause, directly resulted in its occurrence, and if eliminated or modified, would have prevented the proximate cause from occurring.
Investigating Authority. The individual mishap investigator, mishap investigation team, or mishap investigation board authorized to conduct an investigation for NASA. This includes the mishap investigation board chairperson, voting members, and ex officio, but does not include the advisors and consultants.
Launch. To place a vehicle and any payload from Earth in a suborbital trajectory, in Earth orbit, or in outer space.
Lessons Learned. The written description of knowledge or understanding gained by experience, whether positive such as a successful test or mission, or negative such as a mishap or failure.
Life-Threatening Injury. An injury involving a substantial risk of death; loss or substantial functional impairment of a bodily member, organ, or mental faculty likely to be permanent; or an obvious disfigurement likely to be permanent.
Lost Time Injury or Illness. A nonfatal traumatic injury resulting in any loss of time from work beyond the day or shift it occurred; or a nonfatal, non-traumatic illness or disease-causing disability at any time.
Mishap Investigation Board. A NASA-sponsored board tasked to investigate the mishap or close call and to generate the mishap investigation report in accordance with the requirements specified in this NPR.
Mishap Investigation Report. The mishap investigation report documents the facts associated with an incident as determined by the investigating authority. In the report, the investigating authority identifies primary, or root, causes, and contributing and possible causes and recommends corrective actions to prevent the occurrence of similar mishaps.
Mishap Investigation/Mishap Support Specialist. A NASA Safety Center Federal employee trained and experienced in all facets of NASA mishap investigation. Specialists assist and advise Centers, programs, projects, and investigating authorities on behalf of the Office of Safety and Mission Assurance Mishap Investigation Program Executive on implementation of policy and best-practice techniques to conduct and endorse NASA mishap and close call investigations.
Mishap Investigation Team. A NASA-sponsored team tasked to investigate a mishap or close call and generate the mishap investigation report in accordance with the requirements specified in this NPR.
Mishap Investigator. A Federal employee who serves as sole investigator for a mishap or close call and generates the mishap investigation report in accordance with the requirements specified in this NPR.
Mishap Preparedness and Contingency Plans. Pre-approved documents outlining timely organizational activities and responsibilities that must be accomplished in response to emergency, catastrophic, or potential (but not likely) events encompassing injuries, loss of life, property damage, or mission failure.
Mishap Summary. A formatted presentation prepared by the NASA Safety Center as a public-releasable document to capture the event sequence, findings, and recommendations contained in a NASA Type A, Type B, or high-visibility mishap or close call investigation report.
Mission Failure. A mishap of whatever intrinsic severity prevents the achievement of the mission's minimum success criteria or minimum mission objectives as described in the mission operations report or equivalent document.
Note: A mission failure applies only to a NASA program's mission, and not to a test or ongoing institutional operation. A program that accomplishes all minimum success criteria, but not full mission objectives, is not a mission failure, although in some cases, it may appropriately be classified and investigated as a close call.
NASA Aircraft. Aircraft that are bought, borrowed, chartered, rented, or otherwise procured or acquired—including aircraft produced with the aid of NASA funding—regardless of cost, from any source for the purpose of conducting NASA science, research, or other missions, and which are NASA-operated or NASA-managed. Unmanned aircraft are defined as “aircraft” by the Federal Aviation Administration and are included in the definition of NASA aircraft unless specified otherwise.
NASA Contractor or Grantee Mishap or Close Call. A mishap or close call requiring a NASA contractor or grantee to report or investigate it according to provisions in the contactor or grantee’s contract.
NASA Employees. Federal civil servants employed and paid by NASA, or on detail from other Federal agencies, and NASA Support Service Contractors.
NASA Mishap. A NASA mishap is an unplanned event resulting in at least one of the following:
a. Occupational injury or occupational illness to non-NASA personnel caused by NASA operations.
b. Occupational injury or occupational illness to NASA personnel caused by NASA operations.
c. Destruction of or damage to NASA property, public or private property, including foreign property, caused by NASA operations or NASA-funded research and development projects.
d. NASA mission failure before the scheduled completion of the planned primary mission.
NASA Mishap Information System. A custom-developed system for capturing mishaps, close calls, and hazards, as required in this NPR.
NASA Operation. An activity or process under direct NASA physical, administrative, or contractual control or where significant NASA resources are dedicated to accomplishing an objective common to NASA and other independent organizations. This does not include non-NASA contracted or funded activities conducted at a common location or environment with NASA resources.
Observation. A factor, event, or circumstance identified during an investigation that did not contribute to the mishap or close call, but if left uncorrected, has the potential to cause a mishap or increase the severity of a mishap; or a positive factor, event, or circumstance that should be noted.
Occupational Injury or Illness. Work-related per 29 CFR pt. 1904.
Occupational Safety and Health Administration Final Mishap Summary. A report (OSHA 301 Form: Injury and Illness Incident Report, or an equivalent form) provided in accordance with 29 CFR pt. 1960 by NASA to the Office of Federal Agency Programs for each mishap involving an OSHA-recordable incident.
Organizational Factor. Any operational or management structural entity that exerts control over the system at any stage in its life cycle including, but not limited to, the system's concept development, design, fabrication, test, maintenance, operation, and disposal—for example, resource management (budget, staff, training); policy (content, implementation, verification); and management decisions.
Permanent Total Disability. A nonfatal injury or occupational illness that, in the opinion of competent medical authority, permanently and totally incapacitates a person to the degree where he or she cannot follow any gainful occupation and results in a medical discharge or civilian equivalent.
Permanent Partial Disability. An injury or occupational illness that does not result in a fatality or permanent total disability, but in the opinion of competent medical authority, results in permanent impairment through loss of use of any body part with the following exceptions: loss of teeth, fingernails, or toenails; loss of tip of fingers or toes without bone involvement; inguinal hernia (if it is repaired); disfigurements; or sprains or strains that do not cause permanent limitation of motion.
Privilege. A level of confidentiality that a NASA (Federal employee) investigating authority or interim response team member may grant to a witness to an incident. Confidentiality means a witness is assured verbally and in writing that information provided during interviews or in a written statement will be protected by NASA to the extent provided by law.
Procedure. A documented description of the sequential actions in performing a given task.
Process. A set of activities used to convert inputs into desired outputs to generate expected outcomes and satisfy a purpose.
Property Damage. Damage to any type of Government or civilian property including, but not limited to, flight hardware and software, facilities, ground support equipment, and test equipment.
Proximate Cause. The event that occurred, including any conditions existing immediately before the undesired outcome, directly resulted in its occurrence, and if eliminated or modified, would have prevented it. Also, known as direct cause.
Range. A permanent or temporary area or volume of land, sea, or airspace within or over which orbital, suborbital, or atmospheric vehicles are tested or flown. This includes the operation of launch vehicles from a launch site to orbital insertion or final landing or impact of suborbital vehicle components. This also includes the entry of space vehicles from the point that the commit to deorbit is initiated to the point of intact vehicle impact or landing or the impact of all associated debris. This includes range operations with aeronautical vehicles from takeoff to landing.
Recommendation. An action developed by the investigating authority to correct the cause or a finding identified during the investigation.
Responsible Organization. The organization responsible for the activity, people, operation, or program, where a mishap occurs, or the lowest level of organization where corrective action will be implemented.
Risk. In the context of mission execution, risk is operationally defined as a set of triplets:
a. The scenarios leading to degraded performance with respect to one or more performance measures (e.g., scenarios leading to  injury, fatality, destruction of key assets;  exceedance of mass limits;  cost overruns; or  schedule slippage).
b. The likelihoods (qualitative or quantitative) of those scenarios.
c. The consequences (qualitative or quantitative severity of performance degradation) that would result if those scenarios were to occur.
Note: Uncertainties are included in the evaluation of likelihoods and consequences.
Root Cause. An event or condition, primarily associated with organizational factors, which existed before the intermediate cause and directly resulted in its occurrence (indirectly caused or contributed to the proximate cause and subsequent undesired outcome) and, if eliminated or modified, would have prevented the intermediate cause from occurring and the undesired outcome. Typically, multiple causes contribute to an undesired outcome. In the absence of a prevalent organizational factor, the root cause may be identified as undetermined.
Root Cause Analysis. A structured evaluation method used to identify the root causes of an undesired outcome and the actions adequate to prevent occurrence. Root cause analysis should continue until organizational factors have been identified or until data are exhausted.
Serious Injury. Per the NTSB, any injury resulting from an aircraft mishap in which one or more of the following apply:
a. Requires hospitalization for more than 48 hours, commencing within seven days from the date the injury was received.
b. Results in a fracture of any bone except for simple fractures of fingers, toes, or nose.
c. Causes severe hemorrhages or nerve, muscle, or tendon damage.
d. Involves any internal organ.
e. Involves second- or third-degree burns or any burns affecting more than five percent of the body surface.
Serious Workplace Hazard. A condition, practice, method, operation, or process having substantial probability of death or serious physical harm.
Spacecraft. A habitable vehicle or device including, but not limited to, orbiters, capsules, modules, landers, transfer vehicles, rovers, Extravehicular activity suits, and habitats, designed for travel or operation outside Earth’s atmosphere.
Substantial Damage. Damage or failure adversely affecting structural strength, performance, or flight characteristics of an aircraft, which would normally require major repair or component replacement. Engine failure or damage limited to an engine if only one engine fails or is damaged, bent fairings or cowling, dented skin, small punctured holes in the skin or fabric, ground damage to rotor or propeller blades, and damage to landing gear, wheels, tires, flaps, engine accessories, brakes, or wingtips are not considered substantial damage (49 CFR pt. 830).
Test. A procedure for critical evaluation; a means of determining the presence, quality, or truth of something; a trial. In engineering, a method of determining performance by exercising or operating a system or item using instrumentation or special test equipment that is not an integral part of the item being tested.
Timeline. Events and conditions preceding and following a mishap supported by facts and arranged in chronological order.
Type A Mishap. A mishap resulting in one or more of the following:
a. Occupational injury or illness resulting in a fatality or a permanent total disability.
b. Total direct cost of mission failure and property damage of $2,000,000 or more.
c. Crewed aircraft hull loss.
d. Unexpected aircraft departure from controlled flight for all aircraft except when departure from controlled flight has been pre-briefed (e.g., upset recovery training, high AOA envelope testing, aerobatics, or Out of Controlled Flight for training) or mitigated through the flight test process inherent at each Center.
Type B Mishap. A mishap causing an occupational injury or illness resulting in permanent partial disability; hospitalization for inpatient care of three or more people within 30 workdays of the mishap; or a total direct cost of mission failure and property damage of at least $500,000, but less than $2,000,000.
Note: Hospitalization does not include any hospital stay intended only for medical testing, diagnosis, or observation to determine nature or extent of injury or illness.
Type C Mishap. A mishap resulting in a nonfatal OSHA-recordable occupational injury or illness causing days away from work, restricted duty, or transfer to another job beyond the day or shift on which the mishap occurred; hospitalization for inpatient care of one or two people within 30 workdays of the mishap; or a total direct cost of mission failure and property damage of at least $50,000 but less than $500,000.
Type D Mishap. A mishap resulting in a nonfatal OSHA-recordable occupational injury or illness that does not meet the definition of a Type C mishap or a total direct cost of mission failure and property damage of at least $20,000, but less than $50,000.
Unmanned Aircraft System. An unmanned aircraft and associated elements (including communication links and the components that control the unmanned aircraft) that are required for the pilot in command to operate safely and efficiently in the national airspace system.
Undesired Outcome. An event or result that is unwanted and different from the desired and expected outcome. For mishap investigation, an undesired outcome should describe the loss that determined the mishap classification (i.e., property damage, mission failure, fatality, permanent disability, lost-time case, or first-aid case).
Witness. A person who has information, evidence, or proof about a mishap and provides his or her knowledge of the facts to the investigating authority.
Witness Statement. A verbal or written statement from a witness of his or her account including a description of the sequence of events, facts, conditions, and causes of the mishap.
Worst Case Estimate. For a reportable incident involving system or a process, a worst-case estimate is the responsible organization’s forecast of most severe possible work-related injury, illness, damage to NASA or public property, or loss of critical mission objectives.
Note: Likelihood of a worst-case outcome may be small, but if the loss potential is unacceptable (Type A or B outcome if not for intervention of one single barrier or control), then investigation scope and depth may need to match such potential loss.”
| TOC | ChangeHistory | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | AppendixJ | ALL |
|| NODIS Library | Program Management(8000s) | Search ||
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.