NASA NPR 8000.4 REV C
Agency Risk Management Procedural Requirements
Publication Date: | 19 April 2022 |
Status: | active |
Page Count: | 48 |
scope:
Applicability
a. This directive is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This directive applies to Jet Propulsion Laboratory (a Federally-Funded Research and Development Center), other contractors, recipients of grants, cooperative agreements, or other agreements only to the extent specified or referenced in the applicable contracts, grants, or agreements.
b. This directive applies to all Agency activities, including new and existing programs and projects that provide aeronautics and space products or capabilities, i.e., flight and ground systems, technologies, and operations for aeronautics and space.
c. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall". The terms "may" denotes a discretionary privilege or permission, "can" denotes statements of possibility or capability, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.
d. Where conflicts exist between provisions of this directive and Federal statutes or regulations, or higher-level NASA directives, those statutes, regulations, and higher-level NASA directives take precedence.
e. In this directive, all document citations are assumed to be the latest version unless otherwise noted. Use of more recent versions of cited documents may be authorized by the responsible Institutional and Technical Authorities.
f. In this directive, documents categorized as authority, applicable, or reference documents may be cited as a different categorization, which characterizes its function in relation to the specific context.
Purpose
a. This directive provides the requirements for risk management for the Agency, its institutions, and its programs and projects as required by NPD 1000.0, Governance and Strategic Management Handbook; NPD 7120.4, NASA Engineering and Program/Project Management Policy; NPD 8700.1, NASA Policy for Safety and Mission Success, and other Agency directives. Risk management includes two complementary processes: Risk-Informed Decision Making (RIDM) and Continuous Risk Management (CRM).
b. This directive establishes requirements applicable to all levels of the Agency's organizational hierarchy. It provides a framework that integrates the RIDM and CRM processes across levels. It requires formal processes for risk acceptance and accountability that are clear, transparent, and definitive. This directive also establishes the roles, responsibilities, and authority to execute the defined requirements Agency-wide. It builds on the principle that program, project, and institutional requirements are directly coupled to Agency strategic goals and applies this principle to risk management processes within all Agency organizations at a level of rigor that is commensurate with the stakes and complexity of the decision situation that is being addressed.
c. The implementation of these requirements leads to a risk management approach that is coherent across the Agency in that (a) it applies to all Agency strategic goals and the objectives and requirements that derive from them, (b) it addresses all sources of risk, whether of a random or an intentional and adversarial nature, that originate internally or externally to NASA, (c) all risks are considered collectively during decision-making, and (d) risk management activities are coordinated horizontally and vertically, across and within programs, projects, and institutions, to ensure timely identification of cross-cutting risks and balanced management of risks Agency wide.
d. This directive contains requirements for risk management. Detailed explanations, descriptions, and technical guidance are provided in associated handbooks, including NASA/SP-2011-3422, the NASA Risk Management Handbook (Reference D.1).