Cancellation of NPR 8705.5 Reflects Evolution of NASA Policy for Safety and Mission Success
NPR 8705.5, Technical Probabilistic Risk Assessment (PRA) Procedures for Safety and Mission Success for NASA Programs and Projects was cancelled, a move consistent with the policy direction to be more objectives-driven, as defined in the recent update to NPD 8700.1, NASA Policy for Safety and Mission Success.
NPR 8705.5 was issued in 2004 as a means of institutionalizing PRA as a best practice for the assessment of safety and mission success risk. Among the noteworthy capabilities of PRA are
- The ability to quantitatively characterize aggregate risk to safety and/or mission success, accounting for all modeled failure causes to support risk-based trade-off studies.
- The ability to account for multiple failures that individually might not propagate to system failure but in combination are able to.
- The ability to propagate uncertainties through the logic model to risk-inform uncertainty reduction efforts.
- The ability to quantify various importance measures to support risk reduction efforts.
Since its issuance, PRAs have been performed for numerous crewed and robotic spaceflight programs and projects, and PRA is now integrated into NASA’s risk assessment community of practice, supported by guidance documents, training opportunities and software tools. Accepted standards and guidance for the conduct of PRA include ISO 11231:2019, Space systems — Probabilistic risk assessment (PRA) and NASA/SP-2011-3421, Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners. (Technical Authorities (TAs) may accept other standards for use by programs and projects.)
An Objectives-Driven Approach to Assessing Risk to Safety and Mission Success
NPD 8700.1F allows for flexibility in how crew safety and mission success objectives are met, including in the means by which safety and mission success risk is assessed. This flexibility creates opportunities for technical and process innovation and the adoption of emerging best practices, which in the area of risk assessment include the increasing use of physics-based modeling and simulation and, potentially, the integration of risk assessment into Model-Based Systems Engineering. Moreover, this flexibility is necessary to accommodate the increasingly broad range of acquisition strategies employed by NASA, including commercial transportation services, whose providers may have existing technically sound practices for producing and delivering systems and services that meet NASA’s performance needs.
“Pull functions” for PRA (or its equivalent) exist in requirements found in other agency directives and standards, such as
- The requirement in NPR 8705.2C, Human-Rating Requirements for Space Systems for the space system to meet probabilistic safety criteria derived from agency-level safety goals and safety thresholds.
- The requirement in NPR 8000.4C, Agency Risk Management Procedural Requirements to characterize aggregate risk through analysis (including uncertainty evaluation) wherever determined to be feasible, as an input to the decision-making process and in support of Analysis of Alternatives.
- The requirement in NASA-STD-8719.14C, Process for Limiting Orbital Debris to demonstrate via analysis that the integrated probability of explosion for all credible failure modes of each spacecraft and launch vehicle is less than a specified threshold.
- The requirement in NASA-STD-8719.27, Implementing Planetary Protection Requirements for Space Flight to analyze the probability of impact during mission planning — and if necessary, the probability of contamination following impact — for Category II, III and IV missions.
Requirements such as these, which are directly connected to safety and/or mission success performance objectives, provide well-defined decision contexts that determine the need for, and the scope of, supporting risk assessments, while also enabling programs and projects to select the risk assessment techniques they consider most appropriate (subject to the TA concurrence that the techniques chosen are technically adequate to their purposes). This contrasted with NPR 8705.5, which mandated that PRA be conducted for risk classification Level A payloads and Category 1 projects, without specifying what it is conducted for, potentially fostering a check-the-box, deliverables-based mindset where PRA is conducted for its own sake rather than as an integral part of the risk management and systems engineering activities.
It is expected that NASA personnel and providers to NASA will continue to conduct PRA according to standards of good practice on an as-needed basis to risk-inform program and project decisions, and that plans for conducting safety and mission success risk assessments will be subject to appropriate NASA management approvals and TA concurrences. This puts PRA on an equal footing, in terms of its treatment within the NASA directives structure, with the many other risk and risk-related analysis techniques routinely used at NASA.
Programs and projects with PRA obligations under existing plans, contracts and other agreements at the time of cancellation of NPR 8705.5 will continue to implement them unless determined otherwise with concurrence from the relevant TAs.
Contact System Safety Technical Fellow Homayoon Dezfuli within the Office of Safety and Mission Assurance if additional information or clarification is needed.