Course Covers NASA’s New System Safety Framework

Course Covers NASA’s New System Safety Framework

4-minute read
System Safety Framework

NASA’s Office of Safety and Mission Assurance (OSMA) debuted the new “System Safety II” training course, which presents the new NASA System Safety framework, on Jan. 22-23, 2014.

Approximately 40 NASA employees participated in the initial course offering, both live at NASA Headquarters (HQ) and virtually (facilitated by HQ’s Human Exploration and Operations Mission Directorate).

The two-day, 12-module course is aimed at NASA engineers and managers who are generally familiar with System Safety tools and techniques (e.g., Hazard Analysis; Fault Tree Analysis; Failure Modes, Effects and Criticality Analysis; and Probabilistic Risk Assessment), but are looking to begin to apply them within the new framework. Topics addressed by the modules include

  • Adequate safety: satisfaction of safety performance requirements, be As Safe As Reasonably Practicable (ASARP)
  • Requirements: types, process of formulation, demonstration of their satisfaction
  • Integrated safety analysis
  • Treatment of uncertainty, value of information and graded approach to integrated safety analysis
  • Safety Case development
  • Roles of acquirer and provider
  • Safety Case evaluation
  • Achieving and maintaining adequate safety performance during implementation (making the Safety Case “come true”)

The NASA Safety Center will soon make the course available in SATERN. Additionally, in the spring of 2014, OSMA will publish NASA/SP-2014-612, System Safety Handbook, Volume II, which is the source document for the “System Safety II” course.

System Safety Is Evolving, as Is NASA

If you’re keeping up with the state-of-the-art, it’s hard to ignore the fact that System Safety is evolving in exciting ways. A case in point is the SAE International G-48 System Safety Committee’s Safety Case Workshop, held in January in Huntsville, Alabama.

In the final report, the committee recommended, “…that the G-48 Committee take steps to fully embrace the Safety Case approach as a recognized ‘best practice.’” It also notes that multiple U.S. organizations, including NASA, major aerospace companies, and the Chemical Safety Board are already embracing the Safety Case approach.

The recommendation continued, “Further, the workshop recommends that key features of the Safety Case approach be incorporated into existing approaches documented in ANSI/GEIA-STD-0010 (a recent commercial replacement for the long-time System Safety standard, MIL-STD 882). These features include

  • Early identification of arguments required to demonstrate that a system is adequately safe.
  • Development of compelling and comprehensive evidence to underpin the claims of safety.
  • Independent review by qualified expertise prior to risk acceptance decisions.
  • Incorporation of the evidence that the claims have been substantiated in safety assessments of the system.”

The Safety Case is an integral part of NASA’s new, modern System Safety Framework, found in NASA/SP-2010-580, NASA System Safety Handbook, Volume I. The new framework advances the state-of-the-art of System Safety in a number of other important ways, including

  • Defining Adequate Safety — An adequately safe system is one that meets stakeholder expectations regarding minimum tolerable levels of safety and also is ASARP. Minimum tolerable levels of safety reflect stakeholders (including risk takers’) attitudes concerning the amount of risk worth taking in pursuit of NASA’s space exploration and utilization goals. The ASARP principle operationalizes NASA’s core values by prioritizing safety in all decision making that affects safety throughout the system life cycle.
  • Distinguishing Safety Assurance — System Safety entails not only the development of safe systems, but also the informed decision of the system (or service) acquirer to accept the residual risk that remains in the system and defines its safety performance. NASA’s new System Safety framework distinguishes the role of provider, which is the organization responsible for producing the safe system, from the acquirer, who is responsible for accepting the risks on behalf of the risk takers. The Safety Case provides the acquirer with the information he or she needs to make an informed risk-acceptance decision at relevant decision points along the system life cycle.
  • Providing an Objectives-Driven Approach to System Safety — An objectives-driven approach to System Safety serves to unify, in a purposeful manner, safety-related activities that otherwise might be done prescriptively, potentially resulting in gaps, redundancies or unnecessary work. Moreover, an objectives-driven approach gives acquirers and providers of space systems more flexibility to determine, on a system-specific basis, the means by which adequate safety is efficiently achieved and verified. The Safety Case makes the case supported by evidence that the agreed-upon objectives have been, or are on track to being, met. Such flexibility and efficiency is becoming increasingly important in the changing environment in which NASA operates. For example, in the future, NASA increasingly will rely on a variety of commercial providers for transportation of crew to and from low-Earth orbit with less oversight and under increasingly tough budget constraints.

NASA’s enhancements to System Safety have been designed to address the lessons learned from the Space Shuttle accidents, while creating a basis for unification of many of the existing Safety and Mission Assurance and Systems Engineering processes. Additionally, these developments are intended to foster improvements in design by embedding System Safety practices in the design process instead of seeing System Safety relegated to after-the-fact confirmation of the satisfaction of safety requirements, once the design is largely complete.


Contact Dr. Homayoon Dezfuli, NASA System Safety technical fellow and manager of the System Safety technical discipline, with questions concerning System Safety methodology or training course content.