NASA Procedural Requirements

NPR 8705.4A Effective Date: April 29, 2021 Expiration Date: April 29, 2026

Subject: Risk Classification for NASA Payloads

Responsible Office: Office of Safety and Mission Assurance

Appendix A. Definitions

Acceptable risk. A level of risk, referred to a specific item, system or activity, that, when evaluated with consideration of its associated uncertainty, satisfies pre-established risk criteria.

Breadboard. A low fidelity unit that demonstrates function only, without respect to form or fit. It often uses commercial and/or ad hoc components and is not intended to provide definitive information regarding operational performance.

Concurrence. A documented agreement by a management official that a proposed course of action is acceptable.

Critical item. A critical item is one which if defective or fails, causes a catastrophic event affecting the public, NASA workforce, high-value assets, or mission success. Reliability considerations apply to determination of criticality for cases where loss of multiple units of the item in question is required for the catastrophic event to be realized, and the units are of the same design and build lot and have a common failure mode relevant to the critical function (e.g., fasteners, capacitors).

Critical process. A critical process is an activity performed by NASA, suppliers, or NASA services suppliers during mission development, launch preparations, launch, commissioning, operations and decommissioning that if defective or fails to achieve the intended results directly contributes to or causes a catastrophic event affecting the public, NASA workforce, high-value assets, or mission success.

Decision memorandum. The document that summarizes the decisions made at KDPs or as necessary in between KDPs. The decision memorandum includes the Agency Baseline Commitment (if applicable), Management Agreement cost and schedule, unallocated future expenses, and schedule margin managed above the project, as well as life-cycle cost and schedule estimates, as required.

Engineering unit. A high fidelity unit that demonstrates critical aspects of the engineering processes involved in the development of the operational unit. Engineering test units are intended to closely resemble the final product (hardware/software) to the maximum extent possible and are built and tested so as to establish confidence that the design will function in the expected environments. In some cases, the engineering unit can become the final product, assuming proper traceability has been exercised over the components and hardware handling.

Fault tolerance. The built-in ability of a system to provide continued correct operation in the presence of a specified number of faults or failures.

Fault. An undesired system state and/or the immediate cause of failure (e.g., maladjustment, misalignment, defect, or other). The definition of the term “fault” envelopes the word “failure,” since faults include other undesired events such as software anomalies and operational anomalies.

Flight unit. The actual end item that is intended for deployement and operations. It is subjected to formal functional and acceptance testing.

Flight spare. The spare end item for flight. It is subjected to formal acceptance testing. It is identical to the flight unit.

Graceful degradation. Ability of a systems or component to work to maintain limited functionality even when a large portion of it has been destroyed or rendered inoperative. The purpose of graceful degradation is to prevent catastrophic failure.

Launch constraint. Bounding conditions limiting or restricting aspects of launch related operations.

Life-cycle cost. The total of the direct, indirect, recurring, nonrecurring, and other related expenses both incurred and estimated to be incurred in the design, development, verification, production, deployment, prime mission operation, maintenance, support, and disposal of a project, including closeout, but not extended operations. The Life-Cycle Cost (LCC) of a project or system can also be defined as the total cost of ownership over the project or system's planned life-cycle from Formulation (excluding Pre-Phase A) through Implementation (excluding extended operations). The LCC includes the cost of the launch vehicle.

Mission. A major activity required to accomplish an Agency goal or to effectively pursue a scientific, technological, or engineering opportunity directly related to an Agency goal. Mission needs are independent of any particular system or technological solution.

Project plan. The document that establishes the project's baseline for Implementation, signed by the responsible program manager, Center Director, project manager, and the MDAA, if required.

Proof of concept. Analytical and experimental demonstration of hardware/software concepts that may or may not be incorporated into subsequent development and/or operational units.

Risk. The potential for shortfalls with respect to achieving explicitly established and stated objectives. As applied to programs and projects, these objectives are translated into performance requirements, which may be related to mission execution domains (safety, mission success, cost, and schedule) or institutional support for mission execution. Risk is operationally characterized as a set of triplets:

• The scenario(s) leading to degraded performance with respect to one or more performance measures (e.g., scenarios leading to injury, fatality, destruction of key assets; scenarios leading to exceedance of mass limits; scenarios leading to cost overruns; scenarios leading to schedule slippage).
• The likelihood(s) (qualitative or quantitative) of those scenarios.
• The consequence(s) (qualitative or quantitative severity of the performance degradation) that would result if those scenarios were to occur.
• Uncertainties are included in the evaluation of likelihoods and identification of scenarios.

Risk classification. A stakeholder’s declaration of tolerance for risk based on factors such as priority, national significance, technological challenge, and resources available, used to recommend a set of activities and level of scrutiny for maintaining the level of risk.

Risk tolerance. The acceptable level of variance in performance relative to the achievement of objectives. It is generally established at the program, objective or component level. In setting risk tolerance levels, management considers the relative importance of the related objectives and aligns risk tolerance with risk appetite.

Risk appetite. Amount and type of risk that an organization is willing to pursue or retain.

Single point failure. An independent element of a system (hardware, software, or human), the failure of which would result in loss of mission objectives, hardware, or crew as defined for the specific application or project.

DISTRIBUTION:
NODIS

This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.