Changes to NPR 8000.4B, Agency Risk Management Procedural Requirements, went into effect on Dec. 6, 2017, thereby replacing NID 8000-108 and NPR 8000.4A.
Purpose of the Changes in NPR 8000.4B
The primary purpose of the changes in the NASA Procedural Requirement (NPR) — and the NASA Interim Directive (NID) before it was to clarify the agency’s expectations for implementing a formal and more transparent process for Risk Acceptance (RA) that assigns accountability for each RA decision to a single responsible, authoritative individual (e.g., organizational unit manager) rather than to a board or group of individuals. A single point of accountability does not diminish the critical role of advisory boards and, in particular, the advisory/technical boards, in supporting the decision-making process. It is important to recognize that a single point of accountability is emphatically not about who to blame if things go wrong. It brings clarity to decision-making process and empowers a single responsible individual to make RA decisions commensurate with his delegated authority.
The new RA requirements cover a broad range of decision situations. This includes decisions to proceed at life cycle milestone reviews despite existing risks; when technical requirements are being rebaselined; when waivers of certain requirements are being considered; when commitments to perform tests or demonstrations are not being fully implemented; and when the delivery of a system or capability is being accepted.
Overview of the Changes
The following changes were in the NID and remain in NPR 8000.4B:
- Formalizes accountability for the acceptance of risks (per paragraph 220.127.116.11.5 of NPD 1000.0 NASA Governance and Strategic Management Handbook); the responsible organizational unit manager must formally accept the risk and improve the rigor of the cases (technical and programmatic) relied upon when making those decisions. Accountability is about decision-makers “owning” the uncertainty associated with the decisions they make and justifying and documenting, on balance of potentially competing factors, why they made the decision.
- Requires Analysis of Alternatives, using the Risk-Informed Decision Making (RIDM) process to develop the rationale for RA decisions (RIDM was already required by the last version of NPR 8000.4).
- Requires development and documentation of the rationale that underpins a RA decision (the third step of the RIDM process).
- Promotes a systems perspective so that the rationale for RA accounts for overall aggregate risk (previously required by NPR 8000.4A).
- Incorporates consideration of As Safe As Reasonably Practicable principle in RA decision-making.
- Embeds Technical Authorities in the RA decision-making process. They independently evaluate and concur or nonconcur with the
- Soundness of the technical case
- Manager’s authority to accept the risk
- Acceptability of the risk
- Embeds risk-takers in the RA decision-making process when there is risk to humans. They consent to assume the risk.
- Requires the single signature of the organizational unit manager, with which he accepts the risk.
- Requires communication of a RA decision and rationale to the higher level organization.
In addition, the following changes were not in the NID, but are in the revised NPR
- Requires center directors to make RA decisions for institutional risks, employing a process similar to that used by programs and projects. (See paragraph 3.6, NPR 8000.4B.)
- Allows lower-cost, lower-priority missions (e.g., CubeSat, Risk Class D missions) to limit the application of the formal RA process (excluding those related to personnel or public safety) to decisions at milestone and Flight Readiness Reviews. (See paragraph 3.2.3 and 3.5.7, NPR 8000.4B.)
NPR 8000.4A was replaced in order to implement Aerospace Safety Advisory Panel (ASAP) recommendation 2014-AR-05, Process for Managing Risk With Clear Accountability, which stated that “NASA should provide formal versus ad hoc processes for managing risk with clear accountability.”
NID 8000-108 temporarily replaced NPR 8000.4A when it became effective in NODIS on Oct. 23, 2016. The NID was identical to NPR 8000.4A, except for changes made to implement the ASAP recommendation and remained in effect until the publication of NPR 8000.4B. NPR 8000.4B was drafted using the NID as its starting point with additional changes from centers and Headquarters stakeholders.
While the ASAP recommendation drove publication of the NID and NPR 8000.4B, the new requirements in the NPR are consistent with 1) similar policy already in NPD 1000.0, NASA Governance and Strategic Management Handbook, 2) NASA’s traditional expectations of its decision-makers, and 3) the continuing evolution of Risk Management at NASA.
NASA personnel likely to be involved in Risk Management or RA decision-making, either for programs and projects or institutions, are expected to take the necessary steps to comply with the requirements of the revised NPR including the orderly modification of existing Risk Management plans and processes.
Contact Homayoon Dezfuli, System Safety Technical Fellow, Office of Safety and Mission Assurance, if additional information or clarification is needed.