| NODIS Library | Program Management(8000s) | Search |

NPR 8715.3D
Effective Date: August 01, 2017
Expiration Date: August 01, 2022
Printable Format (PDF)

(NASA Only)

Subject: NASA General Safety Program Requirements (Updated w/Change 1)

Responsible Office: Office of Safety and Mission Assurance

| TOC | ChangeLog | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | AppendixJ | ALL |

Chapter 1. Institutional and Programmatic Safety Requirements

1.1 Overview of the NASA Safety Program

1.1.1 This document provides the procedural requirements that define the NASA Safety Program. Safety program responsibility starts at the top with senior management's role of developing policies and providing strategies and resources necessary to implement and manage a comprehensive safety program. The NASA Safety Program is executed by the responsible Mission Directorate Associate Administrators, Center Directors, Office of Safety and Mission Assurance (OSMA), component facility managers, safety managers, project managers, systems engineers, supervisors, line organizations, employees, and NASA contractors.

Note: The basic principles for governing, managing, implementing, monitoring, and controlling work at NASA are addressed in NPD 1000.0, which provides direction for Mission Directorates and Centers to execute programs and projects.

The Center Director for NASA Headquarters is the Assistant Administrator for Infrastructure and Administration.

1.1.2 As stated in NPD 8700.1, the objectives of the NASA Safety Program are to protect the public from harm, ensure the safety of employees, and affect positively the overall success rate of missions and operations through preventing damage to high-value equipment and property.

1.1.3 In general, the success or failure of an organization's safety efforts can be predicted by a combination of leading indicators (e.g., the number of open vs. closed inspection findings, awareness campaigns, training metrics, progress towards safety goals/objectives, the amount of hazard and safety analyses completed, and close calls) and its achievement measured by lagging indicators (e.g., the number of incidents involving injury or death to personnel, lost productivity [lost or restricted workdays], environmental damage, or loss of, or damage to, property). Like many successful corporations, NASA has learned that aggressively preventing mishaps is good management and a sound business practice.

1.1.4 NASA undertakes many activities involving high risk. Management of this risk is one of NASA's most challenging activities and is an integral part of NASA's safety efforts.

1.1.5 The policy for the NASA Safety Program is provided in NPD 8710.2, for specific health program requirements in NPD 1800.2, and for environmental requirements in NPD 8500.1

1.1.6 Policies, requirements, and procedures for mishap investigations are provided in NPR 8621.1.

1.1.7 NASA identifies issues of concern through a strong network of oversight councils and internal auditors including the Aerospace Safety Advisory Panel (ASAP).

1.1.8 NASA's goal is to maintain a world-class safety program based on management and employee commitment and involvement; system and worksite safety and risk assessment; hazard and risk prevention, mitigation, and control; and safety and health training.

Note: NASA's goals are provided in NPD 1001.0.

1.2 NASA General Safety Program Roles and Responsibilities

1.2.1 Reserved

1.2.2 Per NPD 1000.3, Mission Directorate Associate Administrators, through their project managers, and Center Directors, through their line managers, are responsible for the safety of their assigned personnel, facilities, and mission systems. Toward that end, they shall establish a safety program that adheres to the following principles:

a. Ensure that their safety planning and direction; the development of safety requirements, safety policies, safety methodology, and safety procedures; and the implementation and evaluation of their safety programs achieve the safety requirements in this NPR.

b. Ensure the conduct of assessments of quantitative and/or qualitative safety risks to people, property, or equipment, and include recommendations to either reduce the risks or accept them.

c. Ensure that safety assessments of all system changes are conducted, prior to changes to these systems being implemented, so as to preclude an unknown increase in risk to personnel or equipment.

d. Ensure that employees are informed of any risk acceptance when the employees are the ones at risk.

e. Ensure that safety surveillance and periodic inspections are conducted to assure compliance with NASA safety policies and to assess the effectiveness of NASA safety activities as required by Federal, State, and local regulations, NASA policy, and national consensus standards.

f. Ensure that technical reviews of the safety of development efforts and operations are conducted in accordance with sound system safety engineering principles.

g. Ensure that trained individual(s) determine the corrective actions needed for mitigating or controlling safety risk for all activities.

h. Ensure that NASA employees and safety professionals are trained for their roles and responsibilities associated with specific safety functions.

i. Ensure that software safety is included in their safety programs.

Note: Software safety policy and requirements are provided in NPD 2820.1; NPR 7150.2; NASA-STD-8719.13; and NASA-STD-8739.8.

j. Ensure that an ad hoc interagency review and approval process is implemented for the use of radioactive materials in spacecraft to avoid unacceptable radiation exposure for normal or abnormal conditions, including launch aborts with uncontrolled return to Earth (See Chapter 5).

k. Ensure that research and development for new or unique safety functions and technologies are conducted to help meet NASA goals.

l. Ensure the integrity of information and information systems, where compromise may impact safety, by adherence to NASA information technology security procedures as required by NPR 2810.1.

1.3 Public Safety

1.3.1 Center Directors, project managers, supervisors, and NASA employees shall:

a. Eliminate risk or the adverse effect of NASA operations on the public, or provide public protection by exclusion or other protective measures where the risk or the adverse effect of NASA operations on the public cannot be eliminated.

Note: The responsibility for public safety includes major events such as air shows, open houses, or other events that may be attended by large crowds.

b. Disallow non-NASA (either by contractors or visitors) research and development operations (under grants or cooperative agreements) that interfere with or damage NASA facilities or operations or threaten the health and safety of NASA personnel.

1.3.2 Center SMA Directors shall:

a. Require non-NASA research and development personnel and operations exposed to hazardous operations on NASA property to follow all Federal, NASA, and Center safety precautions and to procure needed protective clothing and equipment at their own expense.

b. Assure non-NASA research and development personnel operating or using potentially hazardous NASA equipment have received required training and are certified as qualified operators in accordance with Chapter 7 of this NPR.

1.3.3 Center Directors are delegated the authority to approve variances to public safety requirements for onsite non-NASA personnel (e.g., press, visitors) if appropriate safety requirements are in place and the risk is no greater than the risk to uninvolved employees.

Note: Diligence should be practiced when waiving public safety requirements since there are situations where NASA employees are exposed to unusual risk which they inherently understand by virtue of their unique job function and experience and they behave accordingly and cautiously based on their knowledge. Members of the public or non-NASA employees may not understand the nuance of particular situations and not know when or how to behave accordingly.

1.4 Institutional Roles and Responsibilities in the NASA Safety Program

1.4.1 The Chief Health and Medical Officer shall:

a. Terminate any NASA operation considered an immediate health hazard.

b. When termination occurs, immediately notify affected Center offices.

1.4.2 The Director, Safety and Assurance Requirements Division, OSMA, shall:

a. Establish and develop the overall NASA safety program policy and priorities.

b. Serve as the senior safety official for the Agency and exercise functional management authority over all NASA safety and risk management activities.

Note: This includes the preparation and distribution of NASA safety program information.

c. Terminate any operation that presents an immediate and unacceptable risk to personnel, property, or mission operations.

d. When termination occurs, immediately notify affected Center and Mission Directorate officials.

1.4.3 Center Directors shall:

a. Be responsible for safety at NASA facilities.

b. Place their safety organization at a level that ensures the safety review function can be conducted independently.

c. Designate a senior manager as the Center safety and health officer and the safety program implementation authority.

Note: Senior manager is interpreted to mean that the safety and health officer can interface directly with the Center Director when problems arise.

d. Ensure that:

(1) Adequate resources (personnel and budget) are provided to support mishap prevention efforts.

(2) Resource control is independent from any influence that would affect the independence of the advice, counsel, and services provided.

e. Ensure that policies, plans, procedures, and standards that define the characteristics of their safety program are established, documented, maintained, communicated, and implemented.

Note: The Annual Operating Agreements enacted and signed at each Center reflect the agreed support activity level of the Center safety organization to the program/projects and institutional operations at the Centers. (See NPD 8700.1.

f. Ensure that the development, implementation, and maintenance of an effective safety and health program is in compliance with NASA, Federal, State, and local requirements.

g. Ensure the establishment of an effective system safety program based on a continuous risk assessment process to include the development of safety requirements early in the planning phase, the implementation of those requirements during the acquisition, development, and operational phases, and the use of a scenario-based risk assessment and tracking system to maintain the status of risks during the process. (See Chapter 2.)

h. Ensure that all NASA operations and operations performed on NASA property are performed in accordance with existing safety standards, consensus national standards (e.g., ANSI, NFPA), or special supplemental or alternative standards when there are no known applicable standards.

i. Ensure that for hazardous NASA operations, procedures are developed for the following circumstances: 1) to provide an organized and systematic approach to identify and control risks, 2) when equipment operations, planned or unplanned, are hazardous or constitute a potential launch, test, vehicle, or payload processing constraint, or 3) when an operation is detailed or complicated and there is reasonable doubt that it can be performed correctly without written procedures. (See Chapter 3 of this NPR for requirements for hazardous operating procedures.)

j. Ensure that an aviation safety program that meets the specific operational needs of their Center is established and maintained to comply with national standards and NASA directives and requirements. (See Chapter 4.)

k. Ensure that safety lessons learned are disseminated and included in Center communication media to improve the understanding of hazards and risks and the prevention of mishaps and to suggest better ways of implementing system safety programs.

Note: Requirements for lessons learned are provided in NPR 7120.6, Lessons Learned Process. The Lessons Learned Information System (LLIS) provides a library of lessons-learned data for use by program managers, design engineers, operations personnel, and safety personnel. Procedures for disseminating lessons learned can be found at the following Internet address: http://nen.nasa.gov/portal/site/llis.

(1) Center Directors shall determine if and when a safety stand-down or safety awareness activity is needed.

Note: Among the tools Center managers have used to elevate employee awareness and understanding of safety principles, practices, and lessons learned have been safety and health awareness activities, such as safety stand-downs and "safety days." Traditionally, these awareness activities are considered either reactive or proactive. Reactive targeted safety stand-downs occur in response to a technical problem or after a mishap or close call. Proactive general safety awareness events are part of the Center's forward-looking mishap prevention effort and are held in preparation for significant operations or after a prolonged down-period.

(2) The Center Director shall lead the planning and execution of all safety stand-downs and safety and health awareness activities using the following process and criteria:

(a) Establish the scope, duration, and completion criteria for the event.

(b) Maximize leadership participation in the awareness activity and ensure effective and interactive communications with employees on the strategic value of safety focus.

(c) Seek a close linkage between the content of safety and health awareness events and with the on- and off-duty activities of the employees.

(d) Include discussion about NASA mishaps, mishaps outside of NASA, and lessons learned.

(e) Conduct mandatory safety and health training while maximizing the learning value for all other time spent in awareness activities.

l. Inform personnel of the availability of the NASA Safety Reporting System (NSRS) at their Center.

Note: The NSRS supplements local hazard reporting channels and provides NASA employees and contractors with an anonymous, voluntary, and responsive reporting channel to notify NASA's upper management of concerns about hazards or unsafe conditions. The NSRS should be used in the following circumstances: 1) if a hazard has been reported locally and it does not appear any action has been taken, 2) if someone is not satisfied with the response to a reported hazard, or 3) if someone fears reprisal if they were to report the hazard locally. NSRS reports are guaranteed to receive prompt attention.

Information about the NSRS and a copy of the NSRS form can be found at the following Internet address: http://www.hq.nasa.gov/office/codeq/nsrs/index.htm.

NASA contracting officers (COs) and contracting officers technical representatives (COTRs) are encouraged to implement the NSRS program at contractor facilities by citing the NASA FAR Supplement Clause (NFS 1852.223-70). Pre-addressed postage-paid forms can be obtained at any Center Safety Office or from other distribution locations across the Center. Forms should be mailed to:

P.O. BOX 5826
BETHESDA, MD 20824-9913

m. Assist with the investigation of NSRS reports.

n. Ensure that all facilities are designed, constructed, and operated in accordance with applicable/approved codes, standards, procedures, and requirements. (See Chapters 8 and 9.)

o. Ensure that the safety responsibilities of each organizational element are defined and accomplished.

p. Ensure that line managers incorporate safety and health requirements into the planning, support, and oversight of hosted programs, projects, and operations as part of their management function.

q. Evaluate and document the incorporation of safety and health requirements into the planning and support of hosted programs, projects, and operations in senior manager's performance evaluations.

r. Ensure a qualified safety workforce is available to perform the safety function.

s. Ensure that properly equipped and trained personnel are provided to perform or support potentially hazardous or critical technical operations.

Note: Special circumstances involving access to mission critical space systems and other critical equipment may dictate the need for the Personnel Reliability Program (14 CFR Part 1214, Subpart 1214.5, Space Flight: Mission Critical Space Systems Personnel Reliability Program). (See Chapter 3.)

t. Ensure that safety and mission assurance (SMA) risk-based acquisition management requirements are included in procurement, design, development, fabrication, test, or operations of equipment and facilities.

u. Analyze and utilize nonconformance and process control data as feedback in the assessment and management of technical risk.

Note: Examples of nonconformance data include process escapes, waivers/deviations, and the results of audits, tests, and inspections.

v. Ensure that qualitative and quantitative risk assessment results, hazard controls, and risk mitigation strategies are not negated when accounting for the analysis of nonconformance and process control data in the assessment and management of technical risk.

Note: Quality assurance requirements are provided in NPD 8730.5, NASA Quality Assurance Program Policy.

w. Ensure the results of contractor safety and health provision evaluations are provided to the award fee boards for use in fee determination.

x. Ensure that the Governance Model is being implemented in the procurement process for the acquisition of hardware, software, services, materials, and equipment. (See Chapter 9.)

Note: The Governance Model includes participation by Engineering, SMA, and the project manager during the entire life-cycle of procurement.

y. Pursue and obtain within two years, certification under the Occupational Safety and Health Administration (OSHA) Voluntary Protection Program (VPP) or through an equivalent recognized occupational safety certification program.

Note: The OSHA VPP is established by 5 U.S.C. S 7902; 29 U.S.C. S 651 et seq.; 49 U.S.C. S 1421, the Occupational Safety and Health Act of 1970, as amended, to assure every working man and woman in the Nation safe and healthful working conditions and to preserve our human resources by encouraging employers and employees to reduce the number of occupational safety and health hazards at their work places and to institute new (and to perfect existing) programs for providing safe and healthful working conditions.

z. Ensure their safety organization (or its support contractors) has access to certified safety professionals meeting the requirements of the OSHA VPP.

1.4.4 Center Directors and line managers shall ensure that up-to-date configuration control is maintained on all assigned equipment and systems (Requirement 25008).

Note: NPR 7123.1, NASA Systems Engineering Procedural Requirements, requires Center Directors or designees to establish and maintain a process, to include activities, requirements, guidelines, and documentation, for configuration management.

1.4.5 Line managers and supervisors are accountable for the safety and health of their assigned personnel. To that end, they shall:

a. Ensure employee safety and health training is completed by employees pursuant to the requirements of the job to be performed.

b. Ensure that safety is included in the employee's performance plan objectives.

c. Encourage safe performance through safety and health incentive awards programs or other institutional programs establishing the safety organization.

1.4.6 Supervisors shall:

a. Incorporate measurable leading safety and health performance criteria in line manager's performance plans.

b. Evaluate and document achievement of the measurable safety and health performance criteria in the line manager's performance evaluations.

1.5 Program Management Roles and Responsibilities in the NASA Safety Program

1.5.1 Paragraph 2.2.2.a.1.vi of NPR 7120.5, requires project managers to prepare and implement a comprehensive SMA Plan early in program formulation to ensure program compliance with all regulatory safety and health requirements from OSHA and all NASA SMA requirements. The importance of upfront safety, reliability, maintainability, and quality assurance requirements should be emphasized in all program activities.

1.5.2 Project managers shall ensure that the SMA Plan:

a. Addresses life cycle safety-relevant functions and activities.

b. Graphically represents project organizational relationships and assurance roles and responsibilities employing a Mission Assurance Process Map as described in NPR 8705.6.

c. Reflects a life cycle SMA process perspective, addressing areas including: procurement, management, design and engineering, design verification and test, software design, software verification and test, manufacturing, manufacturing verification and test, operations, and preflight verification and test.

d. Contains data and information to support each section of the SMA Plan for each major milestone review to include the Safety and Mission Success Review (formerly SMA Readiness Review).

e. Contains trending and metrics utilized to display progress and to predict growth towards SMA goals and requirements.

f. As a minimum, addresses the following topics and associated requirements:

(1) Safety per this NPR.

(2) Reliability and maintainability per NPD 8720.1, NASA Reliability and Maintainability (R&M) Program Policy.

(3) Risk assessment per NPR 8705.5.

(4) Quality assurance per NPD 8730.5.

(5) Software safety and assurance per NASA-STD-8719.13,and NASA-STD-8739.8.

(6) Occupational safety and health per NPR 8715.1.

(7) Range safety per NPR 8715.5.

(8) Human-rating per NPR 8705.2.

(9) Mishap reporting per NPR 8621.1.

(10) Compliance verification, audit, SMA reviews, and SMA process maps per NPR 8705.6.

1.5.3 Project managers shall ensure that contractor operations and designs are evaluated for consistency and compliance with the safety and health provisions provided in their contractual agreements.

1.6 Risk Assessment and Risk Acceptance

1.6.1 Risk Assessment. The primary purpose of risk assessment is to identify and evaluate risks to help guide decision making and risk management regarding actions to ensure safety and mission success. Risk assessment should use the most appropriate methods that adequately characterize the probability, consequence severities, and uncertainty of undesired events and scenarios. Quantitative methods can be used to evaluate probabilities, consequences, and uncertainties, whenever possible. Qualitative methods characterize hazards, and failure modes and effects provide valuable input to the risk assessment. When qualitative methods are used to assess risks, the qualitative values assigned should be rationalized. The results of the risk assessment along with the results of system safety analyses form the basis for risk-informed decision making. More discussion of system safety and risk assessment is provided in Chapter 2 of this NPR. Project managers for flight systems and line managers for institutional systems shall:

a. Use a process for risk assessment that supports decisions regarding safety and mission success as well as other decisions such as the development of surveillance plans and information security (see Chapter 2).

Note: Requirements for risk management are provided per NPR 8000.4; requirements for probabilistic risk assessments are provided per NPR 8705.5.

1.6.2 Risk Acceptance. Center Directors and project/program managers are delegated the authority to accept residual risk associated with hazards based on risk assessment results and all relevant factors for their assigned activities. Center Directors and program managers should include involvement of the Technical Authority as a part of the risk analysis, evaluation, and decision-making processes. For technical matters related to project/program design, development, and operations, and involving the risk of safe and reliable operations as related to human safety, the Technical Authority has approval authority but the project/program manager must still formally accept the residual risk. Center Directors and project managers shall:

a. Establish and document a formal, closed loop, transparent decision-making process for accepting residual risk for their assigned activities, personnel, and/or property.

b. Meet Federal safety and health standards when making risk-informed decisions to accept residual risk.

c. Reduce the risk to an acceptable level using the technical safety requirements provided in Paragraph 1.7 of this NPR.

Note: The risk that remains after all mitigation and controls have been applied is the residual risk.

d. Only accept residual risk consistent with NASA requirements and, in all cases, ensure the acceptance of risk to NASA employees and/or equipment does not endanger the public or NASA employees.

e. Document the basis for any risk-informed decisions.

f. Communicate to: 1) the cognizant office of primary responsibility (OSMA, Office of the Chief Engineer (OCE), Office of the Chief Health and Medical Officer (OCHMO)) for review, decisions regarding residual risk acceptance and 2) to any employee or person for whom the risk has been accepted.

1.7 Technical Safety Requirements for NASA-Unique Designs and Operations

1.71 Developing and maintaining technically sound and defensible safety and health requirements is essential to serve as a basis for system design and for system safety analysis efforts. A combination of quantitative (for example, probabilistic) and qualitative (for example, failure tolerance or redundancy) technical safety and mission success requirements complement each other by compensating for weaknesses in one or the other analysis type. This NPR establishes a minimum set of technical SMA requirements to be applied to programs/projects.

1.7.2 To properly support design and operational decisions, it is necessary that alternatives be analyzed not only with respect to their impact on the mission's performance and programmatic objectives, but also with respect to their impact on safety and health. Risk management uses the results of the risk assessment as the basis for decisions to reduce the risk to an acceptable level.

1.7.3 Risk Reduction Protocol Project managers shall ensure that hazards and dominant contributors to risk are controlled according to the following:

a. Eliminate accident scenarios (e.g., eliminate hazards or initiating events by design).

b. Reduce the likelihood of accident scenarios through design and operational changes (hazard control).

c. Reduce the severity of accident consequences (hazard mitigation).

d. Improve the state-of-knowledge regarding key uncertainties that drive the risk associated with a hazard (uncertainty reduction to support implementation of the above strategies).

Note: Designs for hazard control and accident prevention and mitigation should include considerations for the possibility of human errors. The level of hazard control should be based on the level of risk associated with that hazard. Examples of risk reduction strategies include: control of system and operational characteristics, incorporation of safety devices, use of caution and warning devices, and the use of operational and management procedures and training. Some hazards may require a combination of several of these approaches for prevention, mitigation, and/or control. Providing protective clothing and equipment is considered an operational procedure.

1.7.4 Reliability and Failure Tolerance Safety critical operations must have high reliability. High reliability is verified by reliability analysis using accepted modeling techniques and data in which uncertainties are incorporated. Where this cannot be accomplished with a specified confidence level, the design of safety critical operations shall have failure tolerance and safety margins in which critical operability and functionality are ensured. Failure tolerance is the ability of a system to perform its function(s) or maintain control of a hazard in the presence of failures of its subsystems. Failure tolerance may be accomplished through like or unlike redundancy. Safety margins are the difference between as-built factor of safety and the ratio of actual operating conditions to the maximum operating conditions specified during design.

Note: For human space systems, failure tolerance requirements are provided in NPR 8705.2. Applicable failure tolerance requirements in this NPR pertain to all other systems. To assure operability and functionality and to achieve failure tolerance, project managers shall use these design considerations.

a. Design safety critical systems such that the critical operation or its necessary functions can be assured. To provide assurance, design the component, subsystem, or system so it is are capable of being tested, inspected, and maintained.

b. Where high reliability cannot be verified by reliability analysis using accepted data in which uncertainties are incorporated, design safety critical systems so that no combination of two failures and/or operator errors (fail-safe, fail-safe as a minimum) will result in loss of life.

Note: Safety-critical operational controls are applied to conditions, events, signals, processes, or items for which proper recognition, control, performance, or tolerance are essential to safe system operation, use, or function.

c. When requesting relief from the two-failure tolerance requirement, provide evidence and rationale that one or more of the following are met.

(1) Two-failure tolerance is not feasible for technical reasons.

(2) The system or subsystem is designed and certified in accordance with approved consensus standards.

Note: Requests for relief to this document are processed in accordance with the requirements of NASA-STD 8709.20, Management of Safety and Mission Assurance Technical Authority (SMA TA) Requirements.

d. Where high reliability cannot be verified by reliability analysis using accepted data in which uncertainties are incorporated, design safety critical operations so that no single failure or operator error (fail-safe) will result in system loss/damage or personal injury.

e. Where high reliability cannot be verified by reliability analysis using accepted data in which uncertainties are incorporated, provide functional redundancy where there is insufficient time for recovery or system restoration. Where there is sufficient time between a failure and the manifestation of its effect, design for restoration of safe operation using spares, procedures, or maintenance provides an alternative means of achieving failure tolerance.

f. Design safety critical systems and operations to have a safety margin.

g. When using redundancy, verify that common cause failures (e.g., contamination, close proximity) do not invalidate the assumption of failure independence.

h. When using redundancy in operations that could cause or lead to severe injury, major damage, or mission failure (safety critical operations), verify operability under conditions that singularly or separately added together represent the operating intended condition.

i. When using reliability analyses, assess the probability of failure to provide the function and the time to restore the function, where loss of life, serious injury, or catastrophic system loss can occur. Uncertainties shall be incorporated in these assessments. The time to restore the function shall include the active time to repair and the time associated with the logistics or administrative downtime that affects the ease or rapidity of achieving full restoration of the failed function. To assure functional protection, project managers shall ensure that:

a. Loss of functional protection for safety-critical operations requires termination of the operation at the first stable configuration.

b. At least one single level of functional protection is used to protect high-value facilities and flight systems.

c. In addition to the requirement in paragraph, for systems intended to be operated by humans, crew survival capabilities such as abort, escape, emergency egress, emergency medical, emergency systems, safe haven, and rescue are valid means of preventing loss of life and, when used, shall include validation, training, and certification.


Note: Definitions for the crew survival and associated capabilities can be found in NPR 8705.2 and other NPRs.

1.7.5 Inhibits Where high reliability is not verified by reliability analysis using accepted data with uncertainties incorporated, the project manager shall ensure that:

a. Operations that require the control of a condition, event, signal, process, or item for which proper recognition, performance, or tolerance is essential to safe system operation, use, or function are designed such that an inadvertent or unauthorized event cannot occur (inhibit).

b. Operations have three inhibits where loss of life can occur.

c. Operations have two inhibits where personal injury, illness, mission loss, or system loss or damage can occur.

d. The capability of inhibits or control procedures when required in operations by this paragraph are verified under operational conditions including the verification of independence among multiple inhibits.

Note: Inhibits (designs that specifically prevent an inadvertent or unauthorized event from occurring) are not to be confused with the lockout/tagout program, which is a program to isolate or control facility system hazards; e.g., electrical, mechanical, hydraulic, pneumatic, chemical, thermal, or other energy.

1.7.6 System Safety Managers shall assure that the above requirements are placed in program/project requirements and that any variances to those requirements are processed in accordance with the requirements of this NPR. (See paragraph 1.13 of this NPR.)

1.8 SMA Program Reviews

1.8.1 The Chief, Safety and Mission Assurance, conducts audits, reviews, and assessments of NASA Centers, programs/projects, supporting facilities, and operations.

Note: Requirements for conducting and supporting independent SMA audits, reviews, and assessments are provided in NPR 8705.6.

1.8.2 Center Directors shall ensure that:

a. The Center's safety program is formally assessed annually.

b. The Center's annual safety program assessment is conducted by competent and qualified personnel.

Note: In addition to normal management surveillance, the Center's annual safety program review can be accomplished through safety staff assistance visits, inspections, and safety audits. The Center's safety staff or an independent outside source may perform the formal assessments.

1.8.3 Center Directors shall ensure that the Center's formal annual assessment has the following elements:

a. A formal assessment report that includes a discussion of the safety posture of the Center and each program reviewed.

b. An assessment of the effectiveness of the safety program using an industry standard template for implementing a comprehensive safety and health program such as that prescribed by OSHA’s Voluntary Protection Program (VPP).


Note:  The OSHA VPP includes the critical elements of a comprehensive safety and health program management effort (management leadership and employee involvement, worksite analysis, hazard prevention and control, and safety and health training).  A self-assessment checklist such as the one located at http://www.osha.gov/Publications/VPP/vpp_kit.html can be of invaluable assistance in assessing the capability and maturation of these features in a NASA safety and health program.

c. Reserved.

d. An assessment of safety program documentation (e.g., plans, procedures, monitoring data).

e. An assessment of the adequacy of safety standards and procedures.

f. Interviews of key facility and/or program personnel.

g. Observations and inspections of workplace compliance with safety practices.

h. Identification of deficiencies in the safety program.

i. The development of formal plans of actions and milestones to correct all open deficiencies that shall be tracked to completion including interim controls that will be implemented if the hazard cannot be immediately corrected.

j. Assessment and verification of corrective actions from previous assessments.

k. Evaluation of the implementation of 5 U.S.C. S 7902; 29 U.S.C. S 651 et seq.; 49 U.S.C. S 1421, as amended; E.O. 12196, dated February 26, 1980, as amended; OSHA regulations at 29 CFR Part 1910; and other pertinent Federally-mandated requirements.

1.8.4 Center Directors shall ensure that periodic training is conducted for Center safety personnel on safety program assessments covering prereview, review, and postreview procedures and requirements.

1.9 Advisory Panels, Committees, and Boards

1.9.1 NASA strives to use the Nation's most competent safety resources to provide review and advice on the NASA Safety Program.

Note: In keeping with this philosophy, NASA enlists the advice of consultants, interagency and interdisciplinary panels, and ad hoc committees consisting of representatives from industry (management and union), universities, and government (management and union).

1.9.2 NASA has established an ASAP as an advisory committee in accordance with Section 6 of the NASA Authorization Act, 1968 (PL 90-67, codified as 42 U.S.C. 2477).

Note: The ASAP reviews and evaluates program activities, systems, procedures, and management policies and provides assessment of these areas to NASA management and Congress. It is in this role that the ASAP provides independent advice on NASA safety issues to the Chief, Safety and Mission Assurance, and to the Administrator. The ASAP website is http://www.hq.nasa.gov/office/codeq/asap/.

1.9.3 Reserved

1.9.4 NASA has established the Software Independent Verification and Validation (IV&V) Board of Directors to advise the OSMA as approval authority for IV&V support to programs and projects. The IV&V Board of Directors acts in an advisory capacity to provide input to the Chief, Safety and Mission Assurance, concerning the annual IV&V budget for support to programs and projects.

1.9.5 NASA has established and maintains a Space Flight Safety Panel to promote flight safety in NASA space flight programs involving flight crews and to advise appropriate Mission Directorate Associate Administrators on all aspects of the crewed space program that affect flight safety.

Note: See NPD 1000.3, paragraph 6.21, for further details.

1.9.6 Center Directors and the Chief, Safety and Mission Assurance, shall have the authority to establish ad hoc committees to provide safety oversight review of programs, projects, and other activities.

1.10 Coordination with Organizations External to NASA

1.10.1 The Chief, Safety and Mission Assurance, in coordination with the Office of External Relations (for exchanges with the Department of Defense (DoD), intelligence agencies, and foreign entities) and in consultation with the NASA Office of the General Counsel, shall establish guidelines for exchanging safety information with organizations external to NASA.

Note: New and different methods and practices that may be beneficial to the NASA Safety Program should be brought to the attention of the responsible Headquarters Office by those that may encounter these practices used outside NASA.

1.10.2 NASA shall encourage participation by NASA safety professionals in outside safety-related professional organizations.

Note: Examples are functions and committees of the National Safety Council, National Fire Protection Association, DoD Explosive Safety Board, National Academy of Sciences, System Safety Society, Federal Agency Committee on Safety and Health, American Society of Safety Engineers, Field Federal Safety and Health Councils, and the Joint Army, Navy, NASA, Air Force propulsion committee (and subcommittee).

1.11 Safety Motivation and Awards Program

1.11.1 The Chief, Safety and Mission Assurance, shall establish a Safety Motivation and Awards Program that recognizes the safety achievements of NASA and other Federal Government employees supporting NASA objectives in all occupational categories and grade levels.

1.11.2 The Associate Administrator for Space Operations Mission Directorate shall manage a spaceflight awareness motivation and recognition program to promote safety, quality, and mission success within NASA and the supporting NASA contractor/partner workforce.

Note: NASA is committed to continued improvement of safety in all operations. NASA's policy is to stimulate the participation of employees in this effort. The presentation of awards is considered appropriate for recognizing outstanding safety-related performance/contributions and is an effective means of encouraging safety excellence. NASA recognizes responsible individuals and organizations for the following: taking significant safety initiatives, making truly innovative safety suggestions, meeting major safety goals, making significant achievements leading to the safer and more effective use of resources or execution of NASA operations, and encouraging and rewarding safety excellence among employees (applies to supervisors).

NASA safety awards programs may provide for the recognition of non-Government personnel (e.g., JPL employees) supporting NASA objectives.

The Space Flight Awareness Employee Motivation and Recognition Program for NASA, supporting Government agencies, private industry, and international organizations, promotes safety, particularly for human space flight programs. The goal of this program is to instill in employees the need to reduce human errors and mistakes that could lead to space flight mishaps and mission failure.

1.12 Safety Management Information

1.12.1 Efficient communication of safety information is necessary to meet the needs of safety officials and the managers they support. This includes communications between and among operational and safety organizations. NASA safety organizations will pursue every practical means for communicating verbal and written safety management information, lessons learned, and statistics. Examples of NASA information systems are the Incident Reporting Information System and the LLIS. Records and reports of accidents, occupational injuries, incidents, failure analyses, identified hazards, mishaps, appraisals, and like items contain information necessary for developing corrective measures and lessons learned.

1.12.2 Detailed records of occupational injuries are reported to OSHA in accordance with 29 CFR Part 1960, Subpart I, and NPR 8621.1. are retained per NPR 1441.1.

1.12.3 Center Directors shall provide or make accessible to the OSMA (through an internet web site):

a. Center executive safety committee or board documentation (e.g., minutes and reports).

b. Results of external (such as OSHA) safety program management reviews.

c. Top-level Center or program safety procedure documents that implement Headquarters requirements.

Note: Electronic versions or web addresses are acceptable and should be forwarded in conjunction with the data.

d. Copies of safety variances granted at the Center (see paragraph 1.13).

1.12.4 The Chief, Strategic Communications, shall provide or make accessible (through internet web site) to the OSMA copies of comments sent to outside regulatory agencies (e.g., OSHA, Department of Transportation (DOT), Environmental Protection Agency (EPA)) concerning proposed rule-making that could affect the NASA Safety Program.

1.12.5 Center SMA Directors shall maintain a census of Government and contract employees performing safety, reliability, maintainability and quality functions (engineering, operations, and assurance) by organization or contractor company at their sites.

1.12.6 COs and COTRs shall ensure that the census of employees performing safety, reliability, maintainability, and quality functions (engineering, operations, and assurance) by organization is a requirement under contracts.

1.13 Requests for Relief to Agency-level SMA Requirements

1.13.1 Paragraph 1.13 and its subparagraphs (1.13.1-1.13.4) provide policy and associated requirements for requesting and approving determination of nonapplicability, waivers, and deviations (aka: requests for relief) to Agency SMA requirements specified as overall SMA requirements for which OSMA is the Office of Primary Responsibility (OPR) or Point of Contact (POC). The primary objective of this policy is to assure that NASA Headquarters maintains oversight of the Agency SMA requirements while providing the Center Directors and program/project managers with the authority and flexibility to accept reasonable risks (in accordance with NPR 8000.4) necessary to accomplish their tasks. This policy is consistent with the ISO 9001 requirement for maintaining process control of services that an organization provides. This policy applies to all requirements for which OSMA is the OPR or POC with the exception of requests for requirements relief to NPR 8715.5 and NPR 8715.7.

1.13.2 Relief from a requirement consists of documented and approved permission to vary from an established SMA requirement. There are four types of relief which can be granted to NASA SMA requirements that may be requested at different times during the life cycle of a program/project/facility: nonapplicable determination, tailoring, deviations, and waivers.

a. Determination of nonapplicability of a requirement eliminates a requirement from the list of applicable senior-level requirements during the requirement development process (NPR 7120.5 program/project phase A, or as defined in NPR 7120.7 or NPR 7120.8).

b. Tailoring may be done to allow a program/project/facility manager to restate, separate, or combine requirement(s) to meet their program/project/facility's need through Phase A as defined in NPR 7120.5 or the early design phase as defined in NPR 7120.7, NPR 7120.8, and NPR 8831.1, and cannot result in an increase in risk. The overall scope and goal of the requirement is maintained in tailoring.

c. Deviations may be done to allow a program/project/facility to decrease the scope of a senior-level requirement or increase the risk associated with a requirement during phases A and B as defined in NPR 7120.5, or the design phases as defined in NPR 7120.7, NPR 7120.8, and NPR 8831.1.

d. Waivers are similar to deviations except they are granted after Phase B as defined in NPR 7120.5, or design complete as defined in NPR 7120.7, NPR 7120.8, and NPR 8831.1.

1.13.3 Requests for relief to this document are processed in accordance with the requirements of NASA-STD 8709.20, Management of Safety and Mission Assurance Technical Authority (TA) Requirements.

Note: NASA-STD 8709.20 fully implements the requirements contained in NPR 1400.1, NASA Directives Procedural Requirements, and NPR 7120.4, NASA Engineering and Program/Project Management Policy.

1.13.4 The Chief, Safety and Mission Assurance, shall:

a. Serve as the adjudicating official for all requests for relief to Agency SMA requirements where OSMA is the OPR or POC.

b. Review all requests for relief to Federal, State, regulations, or Tribal laws, codes, standards, regulations, directives, and orders, where OSMA is the OPR or POC, before submittal to the Federal/State agency for approval.

c. Forward requests for relief to the NASA Associate Administrator for requirements which are directed from Federal, State, local, or Tribal laws, codes, standards, regulations, directives, and orders and requests that have been denied and are being appealed per NPR 1400.1, NASA Directives Procedural Requirements, and NPR 7120.5, NASA Space Flight Program and Project Management Requirements.

d. Forward appeals to the NASA Associate Administrator where relief requests were originally adjudicated by the Chief, Safety and Mission Assurance.

e. Oversee Center/project/program implementation of the relief request procedures in accordance with NPR 8705.6, Safety and Mission Assurance Audits, Reviews, and Assessments.

1.14 Hazardous Work Activities That Are Outside NASA Operational Control

1.14.1 It is NASA policy to formally review and approve NASA participation in hazardous work activities that are outside NASA operational control as needed to ensure that NASA safety and health responsibilities are satisfied. This policy applies unconditionally to NASA participation in commercial human spaceflight where current federal regulations do not necessarily provide for the safety of spaceflight vehicle occupants. This policy is non-retroactive and applies to hazardous ground or flight activities that involve research, development, test and evaluation, operations, or training, where all five of the following conditions exist:

a. NASA civil service personnel, Government detailees, specified contractors, or specified grantees are performing work for NASA.


(1) Paragraph 1.14 of this NPR applies to contractors and grantees only as specified by the responsible NASA manager in consultation with the cognizant NASA Center SMA organization based on an assessment of NASA safety responsibilities and/or obligations with regard to the activity.

(2) This policy only applies to personnel participating in activities within their official NASA duties.

b. The activity is outside NASA's direct operational control/oversight.

c. An assessment by the responsible NASA manager indicates there are insufficient safeguards and/or oversight in place.

Note: This policy does not apply to activities where safety oversight and/or safety regulations of other entities provide for safety of the participants (e.g., FAA, DoD, OSHA, ESA, JAXA) and foreign government-associated safety regulatory regimes.

d. The activity is not covered by a basic contract, grant, or agreement where Federal, State, and/or local requirements address personnel safety.

e. The nature of the activity is such that, if NASA were controlling it, a formal safety and/or health review would be required as part of the NASA approval process.

Note: Paragraph 1.14 of this NPR applies to activities conducted in unusual or unforgiving environments (such as underwater or extreme temperature/altitude), as well as activities conducted in remote areas where there is little or no access to medical care or other assistance in an emergency.

1.14.2 For NASA work activities that satisfy the conditions listed in paragraph 1.14.1 of this NPR, it is NASA policy to document and verify that risks are adequately controlled and any residual risk is acceptable following the steps below or through implementation of the System Safety process in Chapter 2 of this NPR:

a. As early as practical, conduct a comprehensive, documented review of the planned activity (the review may address a series of related activities). (See paragraph 1.14.3.h of this NPR for requirements that apply to the review.)

b. Document Agency approval by cognizant NASA officials, including formal acceptance of all associated risks.

c. Ensure activity participants are fully briefed on the safety and health aspects of the activity and the associated risks and that they formally consent to take the risk.

d. Ensure activity participants have all necessary training, equipment, and support.

1.14.3 Roles and Responsibilities. The following roles and responsibilities apply with regard to implementing the policy stated in paragraph 1.14.2 of this NPR.

a. The Chief, Safety and Mission Assurance shall oversee and resolve any questions regarding the implementation and applicability of this policy and related requirements to a proposed work activity.

b. Each Center Safety and Mission Assurance Director shall:

(1) Establish and implement processes and requirements needed to ensure compliance with this policy for applicable work activities within the scope of their authority.

(2) Provide safety expertise as needed to assist programs and projects to successfully complete the required NASA review and approval of applicable work activities.

(3) Formally concur in the scope of hazard assessments executed per paragraph 1.14.3.h.(2) for activities under their cognizance.

(4) Maintain records of all approvals granted under this policy and track the status of each activity.

c. The NASA official, at the appropriate level of authority in the supervisory chain over the participating personnel and any applicable non-NASA supervisor (identified by the Review Team per paragraph 1.14.3.h.(5) of this NPR), shall sign the approval documentation indicating consent for their assigned personnel to take the risk and participate in the activity.

d. Where deemed applicable by the review, the following NASA officials shall sign the approval documentation indicating that the risks are properly characterized for their area of responsibility and that they concur with acceptance of the risks to personnel under NASA safety responsibility, risk to NASA property, and any public risk due to NASA's part in the activity:

(1) The Center SMA official with cognizance over the activity (mandatory for any activity that involves safety risk to participants, the public, or to NASA property).

(2) The Center Health and Medical official with cognizance over the activity (mandatory for any activity that involves health risk to participants or the public or involves medical equipment or operations as part of the safety risk mitigation strategy).

(3) The NASA General Counsel or Center Chief Counsel (mandatory for any activity that involves U.S. or international law).

(4) The designated Technical Authority(ies) with cognizance over the associated project/program (mandatory for any activity that involves system design changes or invocation of NASA technical requirements as part of the risk mitigation strategy).

e. The personnel participating in the hazardous activity shall sign the approval documentation indicating that they are fully briefed on all safety and health risks inherent in the activity and are willing and able to participate.

f. After signature by the officials/personnel identified in paragraphs 1.14.3.c, 1.14.3.d, and 1.14.3.e of this NPR, the NASA official, at the appropriate level, as identified by the review per paragraph 1.14.3.h.(6) of this NPR, shall sign the approval documentation indicating formal acceptance of the associated risks to personnel under NASA safety responsibility, risk to NASA property, and any public risk due to NASA's part in the activity.

g. NASA managers (program/project/grant/institutional/other) shall ensure that all aspects of the policy in paragraph 1.14.2 of this NPR are satisfied for applicable work activities under their authority. In accomplishing this, NASA managers shall:

(1) Identify work activities that fall under the applicability of this policy in consultation with the cognizant Center SMA organization.

Note: Per paragraph 1.14.3.a of this NPR, the Chief, Safety and Mission Assurance is responsible for resolving any questions regarding the applicability of this policy to a work activity.

(2) Satisfy local SMA processes and requirements designed to implement this policy.

(3) Establish a Review Team (see paragraph 1.14.3.h of this NPR for Review Team responsibilities) in consultation with the cognizant SMA, Health and Medical, Engineering, and Legal organizations; and ensure that the Review Team incorporates all necessary expertise as required.

(4) Ensure that funding and other resources needed to satisfy this policy are budgeted and allocated.

Note: This includes any funding needed to staff the Review Team, obtain data, and develop the various review products required by the Review Team, such as the hazards analyses and risk assessments.

(5) Ensure all conditions for NASA approval are met, including implementation of all actions identified by the Review Team.

(6) Ensure the preparation and finalization of the approval documentation.

h. The Review Team established per paragraph 1.14.3.g.(3) of this NPR and program/project/grant/institutional/other personnel as needed shall coordinate to:

(1) Identify and evaluate the safety, health and medical, and any safety-legal aspects of the activity.

(2) Identify and evaluate all associated hazards (design and/or operational), including evaluation of existing hazard/risk mitigations and safety requirements being implemented.

Note: The extent of this hazard evaluation is determined by the Review Team with the concurrence of the cognizant Center SMA Director and may vary depending on the specific safety concerns associated with the work activity.

(3) Assess and characterize any residual safety risks to personnel, public, and property.

Note: Characterization of the safety risks may be quantitative or qualitative as determined by the Review Team and as needed to ensure that NASA officials understand any risks they are asked to accept. The basis for the risk assessment includes the current NASA policies, requirements, and standards that would apply if NASA were controlling the activity.

(4) If the initial risks are unacceptable, identify actions that must be implemented to mitigate the risks as conditions for NASA approval to participate.

Note: This may include implementation of NASA technical standards and/or processes (or portions there of).

(5) Identify the NASA official(s), at the appropriate level of authority in the supervisory chain over the participating personnel and any non-NASA supervisor(s) (in the event that non-NASA personnel are involved), who must consent for the personnel to take the risk and participate in the activity.

Note: In accomplishing this, the Review Team identifies the appropriate level of NASA management in the supervisory chain with authority to represent the participating personnel based on the risk level and the applicable NASA risk management policy.

(6) Identify the NASA official who must formally accept the risks associated with and grant final approval of the activity.

Note: In accomplishing this, the Review Team identifies the appropriate level of NASA program/project management with authority for final approval based on the risk level and the applicable NASA risk management policy.

(7) For a series of related activities (that may involve the same or different participants over a period of time), identify a NASA readiness process to be implemented for each activity.

i. If the Review Team determines that a series of activities is a repetition of, or essentially the same as, a previously reviewed and approved activity, the Review Team may recommend that the NASA approving official (identified per paragraph 1.14.3.h.(6) of this NPR) grant a standing approval that will remain in effect until there are substantive changes in the activity, personnel, or a specified period of time has elapsed, not to exceed 5 years.

j. The Assistant Administrator for Procurement, NASA Grant and Contracting Officers, and Cooperative Agreement, and other agreement officers shall ensure that grants, contracts, and agreements governing activities performed in support of NASA allow for implementation of this policy where specified by the cognizant NASA manager in consultation with the cognizant NASA Center SMA organization (per paragraph 1.14.3.g(1) of this NPR).

| TOC | ChangeLog | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | AppendixJ | ALL |
| NODIS Library | Program Management(8000s) | Search |


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.