On Aug. 6, Dr. Homayoon Dezfuli, NASA System Safety fellow, presented the paper, “The Evolution of System Safety at NASA,” at the International System Safety Training Symposium 2014 in St. Louis, Missouri.

Dezfuli co-authored this paper with Chris Everett, senior scientist with
Information Systems Laboratories, and Dr. Frank Groen, director of NASA’s Safety and Assurance Requirements Division. The paper described NASA’s new System Safety Framework first seen in the NASA System Safety Handbook, Volume 1, published in November 2011. The paper described the framework, the motivations for developing it and the advantages of implementing it. It also discussed a key element of the framework: the Risk-Informed Safety Case (RISC).

The Framework

The paper puts forward a vision for an evolving System Safety framework, motivated by the desire to promote an objectives-driven approach that focuses on system-level safety performance and serves to unify safety-related activities. An objectives-driven approach affords more flexibility to determine, on a system-specific basis, the means by which adequate safety is achieved and verified. Flexibility promotes innovation, a highly emphasized value in NASA’s 2014 strategic plan. All of these factors become increasingly important in the face of evolving engineering approaches and acquisition models, such as the application of model-based systems engineering and NASA’s increasing reliance on commercial providers for transportation services to low-earth orbit.

New NASA System Safety Framework

The new framework supports the need for System Safety personnel to function in both “safety ensurance” mode to support the design, development and operation of a safe system (a systems engineering function) and in “safety assurance” mode to inform risk acceptance decisions (a technical authority function). It promotes technical rigor in safety assessments and safety arguments to enhance their credibility, thereby influencing decision makers’ acceptance of safety information. The new framework also promotes a “questioning attitude” in those who must critically review the validity of safety arguments (to identify flaws in the argument, rather than attempt to accept it without any reservations). Finally, by streamlining System Safety activities (e.g., safety analysis activities) in order to reduce redundancies and potential inconsistencies, it increases the likelihood of programs and projects staying within budget.

The need for a new framework was confirmed again in September 2013 when the members of NASA’s System Safety Steering Group were asked to complete a questionnaire meant to identify areas where improvement in current practices is needed in order to achieve NASA’s future goals. The most commonly cited areas needing improvement were

• Adequacy of the discussions of the substance of System Safety results in project forums
• Integration among System Safety-related disciplines, e.g., hazard analysis, reliability analysis, probabilistic risk assessment and risk management
• Early involvement of System Safety in life cycle activities
• Integration of System Safety across centers and projects
• Differentiation between System Safety requirements for crewed versus uncrewed missions
• More effective analysis of cross-system interactions
• Adequacy of time allotted to perform System Safety activities
• Better reporting of System Safety results to higher levels of the organization
• Better treatment of uncertainties

The new System Safety framework will bring about desirable improvements in all of these areas.

RISC

A key element of the new framework is the RISC — a structured argument, supported by a body of evidence, that provides a compelling, comprehensible and valid case that a system is or will be adequately safe for a given application in a given environment. The RISC can be the ideal vehicle for making and evaluating an argument that a new space system, whether government or commercially developed, will meet safety performance thresholds and is As Safe as Reasonably Practicable as a basis for certification. It is worth noting that earlier this year, the SAE International G-48 System Safety Committee (consisting of leading industry, government and academic System Safety experts) concluded that “the Safety Case approach has merits worthy of being accepted among the best worldwide System Safety practices.”

Ongoing and Future Developments

The principal motivation for developing the NASA System Safety Handbook, along with the new framework and the RISC, was to develop and promote methodologies to enable more agile System Safety practices at NASA driven by changes in acquisition and engineering practices, as well as rapidly changing space technology. Volume 1 of the handbook, which described the new framework and the concepts behind it, was published almost three years ago. Volume 2, the final volume, is nearing completion; it will provide guidance for implementing the concepts presented in Volume 1 as an integral part of systems engineering and risk management.

Also, a new handbook is being developed that will be consistent with NASA’s vision for the future of System Safety and combine methodologies and practices used in both System Safety and mission success to take advantage of the high degree of synergy between the two areas, such as scenario development, design and operation support, risk management, and assurance activities.

In Conclusion

The approach to System Safety presented in the System Safety Handbook and in the conference paper, including the new framework and the RISC, represents a departure from the traditional process-based approach, which remains in use throughout NASA at this time. It is not expected that the transition from today’s approach to the new one will take place overnight or that all aspects of the earlier approach will disappear. Rather, the new approach represents a vision or objective for how System Safety should function, perhaps 10 years from now. Between now and then, implementation plans will be developed with the broad participation of agency personnel. These plans will be implemented thoughtfully to assure a gradual but steady evolution of System Safety practice from today’s baseline to the way it is described in the handbook. Some aspects of the new approach will be easy and quick to realize, while others will take more time. During the transition, many of the new concepts will be piloted, progress will be made, lessons will be learned and the NASA System Safety Handbook (or its successor, the NASA Safety and Mission Success Handbook) will be updated as necessary to continually reflect the optimal vision of System Safety for the agency.

Contact Dezfuli with questions concerning the evolving NASA System Safety approach or the NASA System Safety handbooks.