Developing Probabilistic Safety Performance Margins for Unknown and Underappreciated Risks

Probabilistic safety requirements currently formulated or proposed for space systems, nuclear reactor systems, nuclear weapon systems, and other types of systems that have a low-probability potential for high-consequence accidents depend on showing that the probability of such accidents is below a specified safety threshold or goal. Verification of compliance depends heavily upon synthetic modeling techniques such as PRA. To determine whether or not a system meets its probabilistic requirements, it is necessary to consider whether there are significant risks that are not fully considered in the PRA either because they are not known at the time or because their importance is not fully understood. The ultimate objective is to establish a reasonable margin to account for the difference between known risks and actual risks in attempting to validate compliance with a probabilistic safety threshold or goal. In this paper, we examine data accumulated over the past 60 years from the space program, from nuclear reactor experience, from aircraft systems, and from human reliability experience to formulate guidelines for estimating probabilistic margins to account for risks that are initially unknown or underappreciated. The formulation includes a review of the safety literature to identify the principal causes of such risks

NASA System Safety Handbook. Volume 2: System Safety Concepts, Guidelines, and Implementation Examples

This is the second of two volumes that collectively comprise the NASA System Safety Handbook. Volume 1 (NASASP-210-580) was prepared for the purpose of presenting the overall framework for System Safety and for providing the general concepts needed to implement the framework. Volume 2 provides guidance for implementing these concepts as an integral part of systems engineering and risk management. This guidance addresses the following functional areas: 1.The development of objectives that collectively define adequate safety for a system, and the safety requirements derived from these objectives that are levied on the system. 2.The conduct of system safety activities, performed to meet the safety requirements, with specific emphasis on the conduct of integrated safety analysis (ISA) as a fundamental means by which systems engineering and risk management decisions are risk-informed. 3.The development of a risk-informed safety case (RISC) at major milestone reviews to argue that the systems safety objectives are satisfied (and therefore that the system is adequately safe). 4.The evaluation of the RISC (including supporting evidence) using a defined set of evaluation criteria, to assess the veracity of the claims made therein in order to support risk acceptance decisions

Organizational Risk and Opportunity Management: Concepts and Processes for NASA's Consideration

The focus of this report is on the development of a framework and overall approach that serves the interests of nonprofit and Government organizations like NASA that focus on developing and/or applying new technology (henceforth referred to as organizations like NASA). These interests tend to place emphasis on performing services and achieving scientific and technical gains more than on achieving financial investment goals, which is the province of commercial enterprises. In addition, the objectives of organizations like NASA extend to institutional development and maintenance, financial health, legal and reputational protection, education and partnerships, and mandated milestone achievements. This report discusses the philosophical underpinnings of OROM for organizations like NASA, the integration of OROM with existing management processes, and the nature of the activities that are performed to implement OROM within this context. The proposed framework includes a set of core principles that would be essential to any successful OROM approach, along with some features that are currently under development and are continuing to evolve. The report is intended to foster discussion of OROM at NASA in order to reach a consensus on the optimum approach for the agency

Evolution of System Safety at NASA as Related to Defense-in-Depth

Presentation given at the Defense-in-Depth Inter-Agency Workshop on August 26, 2015 in Rockville, MD by Homayoon Dezfuli. The presentation addresses the evolution of system safety at NASA as related to Defense-in-Depth

Mission Assurance and Residual Risk: The Performance Verification Challenge for Technology Infusion

This poster to the IPPW-14 addresses the challenges in mission infusion of new technology and provides recommendations

Investigating and Managing Design Margins throughout the Product Development Process

The automotive industry, like other sectors, faces a number of technological challenges in terms of meeting different legislations and developing products highly customised with a short lead time. They also have to manage the trade-offs between the price for the customer and the overall cost of the product development. This thesis argues that design margins are a decisive factor with regard to many trade-offs that engineers may wish to make. These margins represent room for manoeuvre in the developing design. On the other hand, design margins allow engineers to accommodate new requirements without leading to costly engineering changes. If a change becomes necessary, the engineers might modify parameters where there are still margins with respect to the new requirements. Therefore engineers can avoid major redesigns to their existing components and systems. Ultimately this has the potential to enable control of the resulting development time and cost. While margins are an intuitive concept, no clear and consistent definitions exist. The concept is relatively under-investigated area of design research. A comprehensive literature review and an empirical study at Volvo Global Truck Technology, emphasised the main issues and showed that there is a strong industrial need for support with margins, especially to understand how margins shape the design process. The concept of design margins, consisting of buffer and excess is developed. The key to managing product development is the transition from buffer to excess throughout the design process. This gives designers and engineers a rich way to express and communicate information about the forthcoming design to other team members, other teams and suppliers. The thesis proposes a conceptual framework to investigate and capture design margins. The overall model indicates that a clear elicitation and an explicit documentation of design margins can help decision makers implement more efficiently the necessary changes involved in product development: design margins are seen as a critical aspect of product design and developmen

Design margins in industrial practice

As products are being developed over time and across organisations, the risk for unintended accumulation and mis-conception of margins allocated may occur. Accumulation of margins can result in over design, but also add risk due to under allocation. This paper describes the different terminology used in one organisation and shows the different roles margins play across the design process and in particular the how margins are a critical but often overlooked aspect of product platform design. The research was conducted in close collaboration with a truck manufacturer between 2013 and 2018. The objective was to gain understanding of the current use of margins, and associated concepts evolve along the product life cycle, across organisation and product platform representations. It was found that margins already play an important role throughout the entire design process; however, it is not recognised as a unified concept which is clearly communicated and tracked throughout the design process. Rather different stakeholders have different notions of margins and do not disclose the rationale behind adding margins or the amount that they have added. Margins also enabled designers to avoid design changes as existing components and systems can accommodate new requirements and thereby saving significant design time

NASA Risk Management Handbook

The purpose of this handbook is to provide guidance for implementing the Risk Management (RM) requirements of NASA Procedural Requirements (NPR) document NPR 8000.4A, Agency Risk Management Procedural Requirements [1], with a specific focus on programs and projects, and applying to each level of the NASA organizational hierarchy as requirements flow down. This handbook supports RM application within the NASA systems engineering process, and is a complement to the guidance contained in NASA/SP-2007-6105, NASA Systems Engineering Handbook [2]. Specifically, this handbook provides guidance that is applicable to the common technical processes of Technical Risk Management and Decision Analysis established by NPR 7123.1A, NASA Systems Engineering Process and Requirements [3]. These processes are part of the \Systems Engineering Engine. (Figure 1) that is used to drive the development of the system and associated work products to satisfy stakeholder expectations in all mission execution domains, including safety, technical, cost, and schedule. Like NPR 7123.1A, NPR 8000.4A is a discipline-oriented NPR that intersects with product-oriented NPRs such as NPR 7120.5D, NASA Space Flight Program and Project Management Requirements [4]; NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements [5]; and NPR 7120.8, NASA Research and Technology Program and Project Management Requirements [6]. In much the same way that the NASA Systems Engineering Handbook is intended to provide guidance on the implementation of NPR 7123.1A, this handbook is intended to provide guidance on the implementation of NPR 8000.4A. 1.2 Scope and Depth This handbook provides guidance for conducting RM in the context of NASA program and project life cycles, which produce derived requirements in accordance with existing systems engineering practices that flow down through the NASA organizational hierarchy. The guidance in this handbook is not meant to be prescriptive. Instead, it is meant to be general enough, and contain a sufficient diversity of examples, to enable the reader to adapt the methods as needed to the particular risk management issues that he or she faces. The handbook highlights major issues to consider when managing programs and projects in the presence of potentially significant uncertainty, so that the user is better able to recognize and avoid pitfalls that might otherwise be experienced

How to Think About Resilient Infrastructure Systems

abstract: Resilience is emerging as the preferred way to improve the protection of infrastructure systems beyond established risk management practices. Massive damages experienced during tragedies like Hurricane Katrina showed that risk analysis is incapable to prevent unforeseen infrastructure failures and shifted expert focus towards resilience to absorb and recover from adverse events. Recent, exponential growth in research is now producing consensus on how to think about infrastructure resilience centered on definitions and models from influential organizations like the US National Academy of Sciences. Despite widespread efforts, massive infrastructure failures in 2017 demonstrate that resilience is still not working, raising the question: Are the ways people think about resilience producing resilient infrastructure systems? This dissertation argues that established thinking harbors misconceptions about infrastructure systems that diminish attempts to improve their resilience. Widespread efforts based on the current canon focus on improving data analytics, establishing resilience goals, reducing failure probabilities, and measuring cascading losses. Unfortunately, none of these pursuits change the resilience of an infrastructure system, because none of them result in knowledge about how data is used, goals are set, or failures occur. Through the examination of each misconception, this dissertation results in practical, new approaches for infrastructure systems to respond to unforeseen failures via sensing, adapting, and anticipating processes. Specifically, infrastructure resilience is improved by sensing when data analytics include the modeler-in-the-loop, adapting to stress contexts by switching between multiple resilience strategies, and anticipating crisis coordination activities prior to experiencing a failure. Overall, results demonstrate that current resilience thinking needs to change because it does not differentiate resilience from risk. The majority of research thinks resilience is a property that a system has, like a noun, when resilience is really an action a system does, like a verb. Treating resilience as a noun only strengthens commitment to risk-based practices that do not protect infrastructure from unknown events. Instead, switching to thinking about resilience as a verb overcomes prevalent misconceptions about data, goals, systems, and failures, and may bring a necessary, radical change to the way infrastructure is protected in the future.Dissertation/ThesisDoctoral Dissertation Civil, Environmental and Sustainable Engineering 201

From Microhabitat to Metapopulations: a Model System for Conservation Under Climate Change

Please refer to the 'Front Matter' file for details.Climate Change and Sustainable Futures studentship, University of ExeterNatural Environment Research Council, grant NE⁄G006296⁄