NASA System Safety

NASA has several publications on-line:

Systems Engineering Handbook

Probabilistic Risk Assessment Procedures Guide

Some NASA System Safety background (from PRA guidebook):

HISTORIC BACKGROUND
Probabilistic Risk Assessment (PRA) is a comprehensive, structured, and logical analysis
method aimed at identifying and assessing risks in complex technological systems for the
purpose of cost-effectively improving their safety and performance. NASA’s objective is to
rapidly become a leader in PRA and to use this methodology effectively to ensure mission and
programmatic success, and to achieve and maintain high safety standards at NASA. NASA
intends to use PRA in all of its programs and projects to support optimal management decision
for the improvement of safety and program performance.
Over the years, NASA has been a leader in most of the technologies it has employed in its
programs. One would think that PRA should be no exception. In fact, it would be natural for
NASA to be a leader in PRA because, as a technology pioneer, NASA uses risk assessment
and management implicitly or explicitly on a daily basis. Many important NASA programs,
like the Space Shuttle Program, have, for some time, been assigned explicit risk-based mission
success goals.

Methods to perform risk and reliability assessment in the early 1960s originated in U.S.
aerospace and missile programs. Fault tree analysis (FTA) is such an example. It would have
been a reasonable extrapolation to expect that NASA would also become the first world leader in
the application of PRA. That was, however, not to happen.
Legend has it that early in the Apollo project the question was asked about the probability of
successfully sending astronauts to the moon and returning them safely to Earth. A risk, or
reliability, calculation of some sort was performed and the result was a very low success
probability value. So disappointing was this result that NASA became discouraged from further
performing quantitative analyses of risk or reliability until after the Challenger mishap in 1986.
Instead, NASA decided to rely on the Failure Modes and Effects Analysis (FMEA) method for
system safety assessments. To date, FMEA continues to be required by NASA in all its safetyrelated
projects.

In the meantime, the nuclear industry picked up PRA to assess safety almost as a last resort in
defense of its very existence. This analytical method was gradually improved and expanded by
experts in the field and has gained momentum and credibility over the past two decades, not only
in the nuclear industry, but also in other industries like petrochemical, offshore platforms, and
defense. By the time the Challenger accident occurred, PRA had become a useful and respected
tool for safety assessment. Because of its logical, systematic, and comprehensive approach, PRA
has repeatedly proven capable of uncovering design and operation weaknesses that had escaped
even some of the best deterministic safety and engineering experts. This methodology showed
that it was very important to examine not only low-probability and high-consequence individual
mishap events, but also high-consequence scenarios which can emerge as a result of occurrence
of multiple high-probability and nearly benign events. Contrary to common perception, the latter
is oftentimes more detrimental to safety than the former.

Then, the October 29, 1986, “Investigation of the Challenger Accident,” by the Committee
on Science and Technology, House of Representatives, stated that, without some means of
estimating the probability of failure (POF) of the Shuttle elements, it was not clear how
NASA could focus its attention and resources as effectively as possible on the most critical
Shuttle systems.
In January 1988, the Slay Committee recommended, in its report called the “Post-Challenger
Evaluation of Space Shuttle Risk Assessment and Management,” that PRA approaches be
applied to the Shuttle risk management program at the earliest possible date. It also stated that
databases derived from Space Transportation System failures, anomalies, flight and test results,
and the associated analysis techniques should be systematically expanded to support PRA, trend
analysis, and other quantitative analyses relating to reliability and safety.
As a result of the Slay Committee criticism, NASA began to try out PRA, at least in a “proof-ofconcept”
mode, with the help of expert contractors. A number of PRA studies were conducted in
this fashion over the next 10 years.
On July 29, 1996, the NASA Administrator directed the Associate Administrator, Office of
Safety and Mission Assurance (OSMA), to develop a PRA tool to support decisions on the
funding of Space Shuttle upgrades. He expressed unhappiness that, after he came to NASA in
1992, NASA spent billions of dollars on Shuttle upgrades without knowing how much safety
would be improved. He asked for an analytical tool to help base upgrade decisions on risk. This
tool was called Quantitative Risk Assessment System, and its latest version, 1.6, was issued in
April 2001 [1].