NASA programs are exploring risk-based approaches that reduce cost without increasing risk for safety-critical attributes as a replacement for Government Mandatory Inspection Points (GMIPs). Quality Assurance (QA) and risk management officers from NASA programs and industry gathered at ATK in Promontory, Utah, on Oct. 22-23 to share their ideas and methods.

GMIPs are employed to ensure quality for safety-critical attributes — attributes that could result in loss of mission or life upon failure. Although GMIPS are extremely important for providing the highest confidence in critical attributes, they are only one part of a comprehensive quality system, which should also include surveillance plans for process validation and monitoring, trend analysis, and audits.

“GMIPs don’t guarantee safety,” said Steve Cash, director of the Safety and Mission Assurance Directorate at Marshall Space Flight Center (MSFC), stressing that GMIPs are just one of many tools that NASA employs to ensure safety.

NASA Technical Fellow for Quality Engineering Brian Hughitt added that other complimentary and equally viable means for assuring safety-critical attributes currently are under development by NASA’s programs, including those being discussed at the ATK gathering.

Prior to 2013 changes to NASA Policy Requirement (NPR) 8735.2B, Management of Government Quality Assurance Functions for NASA Contracts, NASA was required to verify every safety-critical attribute via GMIPs — an effective, yet very costly, endeavor. Now, exemptions are permitted when repetitive work processes are closely controlled or documented risk analyses are in place, as long as other conditions are met.

“As we consider moving away from traditional GMIPs, we have to ask ourselves, ‘Have we earned the right to back off the tried and true?’” said Hughitt. “What we’re doing here is extremely significant and we need to proceed very cautiously, always mindful of the high stakes.”

In addition to the high direct costs of GMIPs, there is a potentially greater indirect cost resulting from schedule delays when a contractor reaches an inspection point and all production must cease until NASA or the Defense Contract Management Agency (DCMA) completes the necessary inspection.

Although some NASA programs lack the necessary process history to replace GMIPS, others have moved forward with developing and implementing robust processes to meet the conditions necessary for GMIP exemption, including the booster and engine elements of Space Launch Systems (SLS) and the International Space Station Program.

SLS Booster

The booster team developed a risk-based approach to determine the appropriate level of review for safety-critical attributes. The team reviewed all existing GMIPs through the lens of a Risk-Based Analysis (RBA) and ranked each item as a GMIP, In-Line Assessment (ILA) 1-5 (with ILA 1 being the highest priority) or QA Process Surveillance. GMIPs apply to high-risk items, ILAs to medium-risk items and surveillance to low-risk items.

The team completed this assessment using an RBA tool it developed that helps identify and analyze risks, create a plan for addressing the risks, and provide a method for controlling process changes. The RBA is not a one-time review, but rather part of Continuous Risk Management, and items can move from an ILA to a GMIP or vice versa at any time based on the associated risks.

This process is not meant to eliminate GMIPs, but improve the overall process for reviewing safety-critical attributes.

“We flew safely for many years, so [we] can’t say that the old process was not effective, but when you look at it [GMIPs], it didn’t feel like we were getting a true picture of how healthy the contractor was,” explained Amy Schilling, senior resident representative at ATK. “What we were trying to accomplish [with this process] was to give ourselves a better big picture.”

With the new approach, the QA specialists from DCMA are on site at all times, and are notified immediately through a text- and email-based system when work begins on a GMIP or ILA of any priority. Although this doesn’t change the process for GMIPs, it greatly reduces the time it takes to complete an inspection because the specialists are actively engaged in the day-to-day work.

“With our ILA philosophy, our guys aren’t at their desks anymore, they’re on the floor,” said Mark Allen, AST, reliability and quality assurance. “I expect them to know what’s happening on the floor, because they are on the floor.”

For an ILA, QA specialists watch the process as it is being done instead of review a single inspection point after the fact, giving the government better insight into the contractor’s work. Also, work does not need to stop at all — the specialists are notified through the communication system and then work can continue.

SLS Engine

The Liquid Engines Office at MSFC also is implementing a risk-based approach with GMIPS and ILAs. The office used SharePoint to create a database of

• Parts
• Associated information including drawings, Failure Mode and Effect Analyses (FMEA), and Critical Items Lists (CIL)
• Documentation of the risk assessment
• RBA details including rationales, approvals and management plans for revision control

The RBA identifies parts as requiring a GMIP, ILA 1, 2 or 3. The ILA rankings do not reflect priority, but rather the process to be used to review each item.

An ILA 1 is used when the complexity of a part or process creates unique conditions. The government is notified when the process is active so DCMA can perform an assessment, but work can continue.

An ILA 2 is a generic process assessment performed on all special processes when no unique product conditions exist or there is extensive experience with the process or inspection. It applies to all in-house processes and suppliers over a two-year cycle, and includes desk audits for all suppliers.

Finally, an ILA 3 applies to all processes that have an extensive process or inspection history, and that don’t involve unique process conditions or special processes. At least two assessments take place in each area over a two-year period.

 “[The] GMIP process would have been easier for us, but I feel better with what we have now,” said Kent Schock, quality engineer with Bastion Technologies at MSFC.

ISS Program

The ISS Program is using a risk-based approach to rethink how it uses government QA in order to become more efficient. A large portion of the program’s approach relies on making contractors more accountable for their quality, instead of relying on government QA; this is a shift from inspection-based quality to process control-based quality.

The program started by reviewing existing GMIPs. Instead of reviewing the same attribute at multiple inspection points, the program decided it only will be reviewed at the final opportunity to reduce redundancy. Although this increases the risk that an issue won’t be found until later in development, which would negatively impact budgets and timelines, it’s a more efficient workflow. The program also removed GMIPS for all activities that were not adding value and for lower-level critical items, and implemented Verification Inspection Points in place of GMIPS where applicable. Verification Inspection Points allow DCMA or NASA to verify tests results by reviewing a report instead of witnessing the test itself.

The main component of the program’s plan is the implementation of a three-model approach. At this time, only Models 1 and 3 have been implemented.

Model 1 uses the traditional GMIP process and applies to all highly critical and new items. Model 2 uses the Federal Aviation Administration approach: The prime contractor’s independent QA group completes GMIPS on behalf of the government. The group reports to the government, not the contractor, under this model. This option still is being explored, but would be used for medium- to high-risk projects. Model 3 removes GMIPS completely and relies solely on contractor QA. This option only would be used for low-risk projects.

Although the three programs are implementing different approaches to take advantage of the new allowances under NPR 8735.2B, the goal is the same for each one: Create and maintain an effective QA program than ensures safety and mission success.