National Aeronautics and Space Administration Designing in Safety Through Early Safety Requirements Management John W. Lyver, IV, Ph.D. NASA Headquarters Office of Safety & Mission Assurance JLyver@NASA.GOV 202/358-1155 February 22, 2012
National Aeronautics and Space Administration NASA Core Values To achieve mission success, program managers and institutional managers must balance a reliance on good engineering practices that are within the laws of physics yet apply sufficient caution to limit risk and protect the workers and the public. 2
National Aeronautics and Space Administration 2010 National Space Policy Page 1: “The growth and evolution of the global economy has ushered in an ever-increasing number of nations and organizations using space. … decades of space activity have littered Earth’s orbit with debris; and as the world’s space-faring nations continue to increase activities in space, the chance for a collision increases correspondingly. Page 4: GOALS: (3) Strengthen Stability in Space … strengthening measures to mitigate orbital debris. Page 7: Preserve the Space Environment. the United States shall: - Lead … policies to minimize debris … 3 http://www.whitehouse.gov/sites/default/files/national_space_policy_6-28-10.pdf
National Aeronautics and Space Administration NASA Policy Documents U.S. Government Laws/Regulations, Executive Orders, U.S. Government Interagency Requirements/Agreements International Treaties/Policies/Agreements NPD: NASA Policy Directives (Formerly: NMI) NPR: NASA Procedural Requirements Joint Documents with Partners (Formerly: NPG)NASA-STD: NASA Technical Standards VCS: Voluntary Consensus Standards (Formerly: NHB) NASA-HDBK: NASA Handbooks NASA/SP: NASA Special Publications (Also: NASA/TP, NASA/TR, NASA-Pub) 4
National Aeronautics and Space Administration Why should this be done early?• Many requirements are required by higher authority and MUST be followed.• The earlier in a program‟s life-cycle requirements are implemented: – By knowing limitations, reduce early design options to investigate – Avoid designing in non-compliances which can not be „corrected‟ later in life – Fewer redesign efforts needed – Easier to implement – Better definition of project at Preliminary Design Review• NASA‟s experience with early integration of Mission Success requirements: – Easier overall management planning – Lower cost – Fewer problems later in design – Lower risk – Higher likelihood of Mission Success 5
National Aeronautics and Space Administration Example: Pre-Acquisition Orbital Debris Requirements• Orbital Debris are relatively easy to determine applicability. All always apply.• Many OD requirement drive the base design of a spacecraft – Altitude-of-operations produces different levels of risk shielding/self-protection – End of Life requirements Disposal method (controlled reentry or super-GEO) • Materials used • Amount of fuel needed at EOM – Use of Tethers – Generation of OD in normal operations• Adding Pre-Acquisition OD Analysis Report (NASA-STD 8719.14A App A, A.4): – Intended to identify barriers to full compliance with US Gov‟t OD Std Mitigation Practices early enough in the process where overt decisions/changes can reasonably be made • Quick test of OD requirements that affect the design – About 3-6 pages long• NPR 7120.5”E” & NPR 8715.6”B” (both currently in NODIS Review) Require: – Used as a mandatory review point in Acquisition Strategy Meeting(ASM) – Show areas which my become non-compliant and by KDP A shall either: • Have the problem corrected through design change, or • Have waiver approved, or • Have corrective action plan 6
National Aeronautics and Space Administration Example: NASA‟s Orbital Debris Requirements Pre-EOM Passivation Notification & Disposal SRR PDR CDR SMSR Launch In-flight EOM Reviews -45 days -30 to -60 days ODARPreAcquisition Initial Updated NC Approved Reference DocumentQuestionnaire Draft Draft Review Final EOMP Initialed Periodic Updates Approved Final Launch at Disposal Draft 7
National Aeronautics and Space Administration Requirement Applicability and Traceability 8
National Aeronautics and Space Administration What is Traceability• Traceability is: – Knowing the reason why a requirement exists – What higher level requirements are directing lower level requirements – Which level of management really controls the base requirement – Knowing which parent requirements are implemented – It is NOT verification that a requirement is being implemented/performed• Definition: “Requirement” (aka: ”shall statement”) – A documented paragraph directing someone to do something – New requirements use: “shall” for Mandatory, and “may” (et al) for permission – A well written requirement is: • 1 paragraph • 1 time period • 1 actionee • 1 action / product / outcome (or 1 set) • Verifiable • Clear & understandable• How is Traceability established? – Can be traced at the document, and/or chapter, and/or requirement level – Formalized through an agreement between the levels of management involved in the requirements 9
National Aeronautics and Space AdministrationWhat do we get out of tracing requirements 1. >99% Program 2. Build History 3. Waiver/Exception Processing 4. Assist in Updating 5. Improved Auditing Capability 6. Feedback 10
National Aeronautics and Space Administration Step 1: Determine Applicability• Senior organization identifies the list of documents which they “own,” “control,” “implement,” “enforce,” …• Determine which documents from the list of documents DO NOT APPLY to the lower level.• For each remaining document, build a matrix of the requirements (aka: shall statements) and determine for each lower level organization whether the requirement is: – Directly applicable as written or with modification, – Not applicable – Indirectly applicable (somebody else will impose this requirement)• Work done by Senior organization with help from lower orgs and is maintained by Senior org. Example: Project #1 Applicability Doc Para # Text Req # Project #1 Project #2 Project #3 X 1 ABCD … 2-1 Appl Appl Appl 2 EFGH … 2-2 Not Appl Not Appl Not Appl 3 IJKL … 2-3 Appl with Mod: Appl with Mod: Not Appl IJL… without K IJ… without K & L 4 MNOP … 2-4 Appl Appl Appl 5 QRST … 2-5 Not Appl Appl Not Appl 11
National Aeronautics and Space Administration Step 2: Identification of TraceabilityNext the following work is done by the junior organization:• Lower Level Org identifies the requirement(s) at THEIR level that implements each applicable requirement(s). Note: This can be many-to-one, one-to-one, or one-to-many relationship.• Add traces to applicability matrix. Note: This identification is done by Lower Level Org but MUST have participation from Senior Org for interpretation of senior requirements. Example: Project #1 Applicability Doc Para # Sr Doc Req # Project #1: Doc Project #1: Paragraph Project #1: Text Text X 1 ABCD … 2-1 Project #1: Doc “Y” 2.1 & 4.5 AAABCD … 1.1 IJxxKL … 3 IJKL … 2-3 Project #1: Doc “Y” 4 MNOP … 2-4 Project #1: Doc “Z” 3.3 AABNOP … 12
National Aeronautics and Space Administration Step 3: Develop Acceptable Tailoring• Senior Org reviews provided traces to check for meet/exceed of each of the applicable requirements.• Senior organization checks to see if any changes „violate‟ direction senior to them then processes waiver requests and updates applicability matrix with results.• Senior organization issues report of the results of the Applicability/Traceability effort to list: – Non-applicable waivers granted – Indirectly applicable requirements – Directly applicable requirements – Traces to directly applicable requirements• Senior organization maintains report under their configuration management system with copies available to lower level org. NOTE: This process must be updated periodically as the documents within the Senior and Lower Organizations changes. 13
National Aeronautics and Space Administration Who Determines Tailoring & Applicability 14
National Aeronautics and Space Administration Delegation of Authority• NPR 1400.1 and NPD 8070.6 assigns responsibility to Chief, OSMA for SMA TA requirements: – Includes definition of requirements, maintenance of documents, and waiver/deviation approval• Definition: Waiver – (1) A written authorization to depart from a specific directive requirement (from NPR 1400.1) – (2) A documented authorization releasing a program or project from meeting a requirement after the requirement is put under configuration control at the level the requirement will be implemented. (from NPR 7120.5 paragraph 220.127.116.11 and NASA-STD 0005)• Definition: Deviation – A documented authorization releasing a program or project from meeting a requirement before the requirement is put under configuration control at the level the requirement will be implemented. (from NPR 7120.5 paragraph 18.104.22.168 and NASA-STD 0005) 15
National Aeronautics and Space Administration What is and is not Delegated?• Anything NOT reserved for Chief, OSMA may be delegated• Requirements ALWAYS reserved by Chief, OSMA (and may not be delegated) – All requirements in the following documents: • Orbital Debris (NPR 8715.6 and NASA-STD 8719.14), • Mishaps (NPR 8621.1), and • Human Rating (NPR 8705.2). – All requirements in the following chapters of NPR 8715.3: • Nuclear Safety for Launching Radioactive Materials (Chapter 6), • Experimental Aerospace Vehicle (EAV) Indemnification (Chapter 10), and • Micrometeoroid Environment Program (Chapter 11). – Requirements designated in writing from the Chief, OSMA as a result of audits, mishaps, or those of special interest to senior NASA management. Note: This may be done for specific worksites, projects, programs, Agency-wide, one Center, or other, and may be designated for a specified period of time. – All “Directed Requirements.” (continued next page) 16
National Aeronautics and Space Administration What is and is not Delegated?• Requirements CONDITIONALLY reserved by Chief, OSMA (Continued) – When relief is requested for a Mandatory Standard which would relieve more that 50% of the Standard or would relieve whole Chapters either through tailoring or through another standard (aka: meet/exceed). • IF NONE of the requirements in the NASA-STD are reserved for Chief, OSMA Adjudication then the relief authority is delegated, otherwise it is reserved. • IF request is being requested for more than one Program or Center/Facility or non-tightly coupled project, then it is reserved. – NASA Safety Standard 1740.12, NASA-Standard 8719.9, NASA-Standard 8719.12, and NASA-Standard 8719.17: • The request shall be reviewed by the OSMA Occupational Safety Health Administration (OSHA) point of contact within the NASA Headquarters OSMA prior to adjudication of the request . 17
National Aeronautics and Space Administration Who‟s done Applicability Studies of SMA Requirements?• Applicability Studies: – Constellation – Launch Services Program – (in work) Commercial Crew, MPCV/Orion, 21st Century Launch System – (in work) new JPL Contract• OSMA can help with the Traceability through the use of SMARTS (Safety & Mission Assurance Requirements Tracking System) Whole LSP Subdivisions of LSP What Applies? 18
National Aeronautics and Space Administration Summary• Many requirements are required by higher authority and MUST be followed.• The earlier in a program‟s life-cycle requirements are implemented: – By knowing limitations, reduce early design options to investigate – Avoid designing in non-compliances which can not be „corrected‟ later in life – Fewer redesign efforts needed – Easier to implement – Better definition of project at Preliminary Design Review• NASA‟s experience with early integration of Mission Success requirements: – Easier overall management planning – Lower cost – Fewer problems later in design – Lower risk – Higher likelihood of Mission Success 19
National Aeronautics and Space Administration Thank You JLyver@NASA.GOV Questions?
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.