John.lyver safety

National Aeronautics and Space Administration

Designing in Safety Through Early Safety

Requirements Management

John W. Lyver, IV, Ph.D. NASA Headquarters

Office of Safety & Mission Assurance

[email protected] 202/358-1155

February 22, 2012


2

NASA Core Values

To achieve mission success, program managers and institutional managers must balance a reliance on good engineering practices that are within the laws of physics yet apply sufficient caution to

limit risk and protect the workers and the public.


3

2010 National Space Policy

Page 1:“The growth and evolution of the global economy has ushered in an ever-increasing number of nations and organizations using space. … decades of space activity have littered Earth’s orbit with debris; and as the world’s space-faring nations continue to increase activities in space, the chance for a collision increases correspondingly.

Page 4:GOALS: (3) Strengthen Stability in Space… strengthening measures to mitigate orbital debris.

Page 7:Preserve the Space Environment. the United States shall: - Lead … policies to minimize debris …

http://www.whitehouse.gov/sites/default/files/national_space_policy_6-28-10.pdf


4

NASA Policy Documents

U.S. Government Laws/Regulations, Executive Orders, U.S. Government Interagency Requirements/Agreements

International Treaties/Policies/Agreements

NPD: NASA Policy Directives

NPR: NASA Procedural Requirements

NASA-STD: NASA Technical Standards

NASA-HDBK: NASA Handbooks NASA/SP: NASA Special Publications

VCS: Voluntary Consensus Standards

Joint Documents with Partners

(Formerly: NMI)

(Formerly: NPG)

(Formerly: NHB)

(Also: NASA/TP, NASA/TR, NASA-Pub)


5

Why should this be done early?

• Many requirements are required by higher authority and MUST be followed.

• The earlier in a program’s life-cycle requirements are implemented:– By knowing limitations, reduce early design options to investigate– Avoid designing in non-compliances which can not be ‘corrected’ later in life– Fewer redesign efforts needed– Easier to implement– Better definition of project at Preliminary Design Review

• NASA’s experience with early integration of Mission Success requirements:– Easier overall management planning– Lower cost– Fewer problems later in design– Lower risk– Higher likelihood of Mission Success


6

Example:Pre-Acquisition Orbital Debris Requirements

• Orbital Debris are relatively easy to determine applicability. All always apply.• Many OD requirement drive the base design of a spacecraft

– Altitude-of-operations produces different levels of risk shielding/self-protection– End of Life requirements Disposal method (controlled reentry or super-GEO)

• Materials used• Amount of fuel needed at EOM

– Use of Tethers– Generation of OD in normal operations

• Adding Pre-Acquisition OD Analysis Report (NASA-STD 8719.14A App A, A.4):– Intended to identify barriers to full compliance with US Gov’t OD Std Mitigation Practices

early enough in the process where overt decisions/changes can reasonably be made• Quick test of OD requirements that affect the design

– About 3-6 pages long• NPR 7120.5”E” & NPR 8715.6”B” (both currently in NODIS Review) Require:

– Used as a mandatory review point in Acquisition Strategy Meeting(ASM)– Show areas which my become non-compliant and by KDP A shall either:

• Have the problem corrected through design change, or• Have waiver approved, or• Have corrective action plan


7

Example: NASA’s Orbital Debris Requirements

EOMSRR PDR CDR SMSR Launch

Passivation & Disposal

Pre-EOM Notification

In-flight Reviews

EOMPInitialed Launch Draft

Periodic Updates Approved Final at Disposal

ODAR

Initial Draft

Updated Draft

NC Review

Approved Final

Reference Document

-45 days-30 to -60 days

PreAcquisition Questionnaire


8

Requirement Applicability and

Traceability


9

What is Traceability

• Traceability is:– Knowing the reason why a requirement exists– What higher level requirements are directing lower level requirements– Which level of management really controls the base requirement– Knowing which parent requirements are implemented – It is NOT verification that a requirement is being implemented/performed

• Definition: “Requirement” (aka: ”shall statement”)– A documented paragraph directing someone to do something– New requirements use: “shall” for Mandatory, and “may” (et al) for permission– A well written requirement is:

• 1 paragraph• 1 time period• 1 actionee• 1 action / product / outcome (or 1 set)• Verifiable • Clear & understandable

• How is Traceability established?– Can be traced at the document, and/or chapter, and/or requirement level– Formalized through an agreement between the levels of management involved in the

requirements


10

What do we get out of tracing requirements

1. >99% Program

2. Build History

3. Waiver/Exception Processing

4. Assist in Updating

5. Improved Auditing Capability

6. Feedback


11

Step 1: Determine Applicability

• Senior organization identifies the list of documents which they “own,” “control,” “implement,” “enforce,” …

• Determine which documents from the list of documents DO NOT APPLY to the lower level.

• For each remaining document, build a matrix of the requirements (aka: shall statements) and determine for each lower level organization whether the requirement is:– Directly applicable as written or with modification,– Not applicable– Indirectly applicable (somebody else will impose this requirement)

• Work done by Senior organization with help from lower orgs and is maintained by Senior org.

Not ApplApplNot Appl2-5QRST …5

ApplApplAppl2-4MNOP …4

Not ApplAppl with Mod:

IJ… without K & L

Appl with Mod:

IJL… without K

2-3IJKL …3

Not ApplNot ApplNot Appl2-2EFGH …2

ApplApplAppl2-1ABCD …1X

Project #3Project #2Project #1Req #TextPara #Doc

Example: Project #1 Applicability


12

Step 2: Identification of Traceability

Next the following work is done by the junior organization:

• Lower Level Org identifies the requirement(s) at THEIR level that implements each applicable requirement(s).

Note: This can be many-to-one, one-to-one, or one-to-many relationship.• Add traces to applicability matrix.

Note: This identification is done by Lower Level Org but MUST have participation from Senior Org for interpretation of senior requirements.

Project #1: Doc “Z”2-4MNOP …4

Project #1: Doc “Y”

2-3IJKL …3

Project #1: Doc “Y”2-1ABCD …1X

Project #1: DocReq #Sr Doc Text

Para #Doc

Example: Project #1 ApplicabilityProject #1: Paragraph

2.1 & 4.5

1.1

3.3

Project #1: Text

AABNOP …

IJxxKL …

AAABCD …


13

Step 3: Develop Acceptable Tailoring

• Senior Org reviews provided traces to check for meet/exceed of each of the applicable requirements.

• Senior organization checks to see if any changes ‘violate’ direction senior to them then processes waiver requests and updates applicability matrix with results.

• Senior organization issues report of the results of the Applicability/Traceability effort to list:– Non-applicable waivers granted– Indirectly applicable requirements– Directly applicable requirements– Traces to directly applicable requirements

• Senior organization maintains report under their configuration management system with copies available to lower level org.

NOTE: This process must be updated periodically as the documents within the Senior and Lower Organizations changes.


14

Who Determines Tailoring &

Applicability


15

Delegation of Authority

• NPR 1400.1 and NPD 8070.6 assigns responsibility to Chief, OSMA for SMA TA requirements:– Includes definition of requirements, maintenance of documents, and

waiver/deviation approval• Definition: Waiver

– (1) A written authorization to depart from a specific directive requirement (from NPR 1400.1)

– (2) A documented authorization releasing a program or project from meeting a requirement after the requirement is put under configuration control at the level the requirement will be implemented. (from NPR 7120.5 paragraph 3.6.1.1 and NASA-STD 0005)

• Definition: Deviation– A documented authorization releasing a program or project from meeting a

requirement before the requirement is put under configuration control at the level the requirement will be implemented. (from NPR 7120.5 paragraph 3.6.1.1 and NASA-STD 0005)


16

What is and is not Delegated?

• Anything NOT reserved for Chief, OSMA may be delegated

• Requirements ALWAYS reserved by Chief, OSMA (and may not be delegated)– All requirements in the following documents:

• Orbital Debris (NPR 8715.6 and NASA‑STD 8719.14),• Mishaps (NPR 8621.1), and• Human Rating (NPR 8705.2).

– All requirements in the following chapters of NPR 8715.3:• Nuclear Safety for Launching Radioactive Materials (Chapter 6),• Experimental Aerospace Vehicle (EAV) Indemnification (Chapter 10), and• Micrometeoroid Environment Program (Chapter 11).

– Requirements designated in writing from the Chief, OSMA as a result of audits, mishaps, or those of special interest to senior NASA management.

Note: This may be done for specific worksites, projects, programs, Agency-wide, one Center, or other, and may be designated for a specified period of time.

– All “Directed Requirements.”

(continued next page)


17

What is and is not Delegated?

• Requirements CONDITIONALLY reserved by Chief, OSMA (Continued)– When relief is requested for a Mandatory Standard which would relieve more that

50% of the Standard or would relieve whole Chapters either through tailoring or through another standard (aka: meet/exceed).

• IF NONE of the requirements in the NASA-STD are reserved for Chief, OSMA Adjudication then the relief authority is delegated, otherwise it is reserved.

• IF request is being requested for more than one Program or Center/Facility or non-tightly coupled project, then it is reserved.

– NASA Safety Standard 1740.12, NASA-Standard 8719.9, NASA-Standard 8719.12, and NASA-Standard 8719.17:

• The request shall be reviewed by the OSMA Occupational Safety Health Administration (OSHA) point of contact within the NASA Headquarters OSMA prior to adjudication of the request .


18

Who’s done Applicability Studies of SMA Requirements?

• Applicability Studies:– Constellation– Launch Services Program– (in work) Commercial Crew, MPCV/Orion, 21st Century Launch System– (in work) new JPL Contract

• OSMA can help with the Traceability through the use of SMARTS (Safety & Mission Assurance Requirements Tracking System)

Whole LSP Subdivisions of LSP What Applies?


19

Summary

• Many requirements are required by higher authority and MUST be followed.

• The earlier in a program’s life-cycle requirements are implemented:– By knowing limitations, reduce early design options to investigate– Avoid designing in non-compliances which can not be ‘corrected’ later in life– Fewer redesign efforts needed– Easier to implement– Better definition of project at Preliminary Design Review

• NASA’s experience with early integration of Mission Success requirements:– Easier overall management planning– Lower cost– Fewer problems later in design– Lower risk– Higher likelihood of Mission Success


Thank You

[email protected]

Questions?

Date post:	20-May-2015
Category:	Technology
Upload:	nasapmc
View:	14,610 times
Download:	0 times

John.lyver safety

Technology