Safety is of utmost importance to many space missions. This is especially true for vehicles in NASA’s Human Spaceflight Program. Safety and Mission Assurance organizations are intended to provide oversight that is independent of the design process so that the priority of Safety – to the ground, crew, or in-space assets – is maintained above that of cost, schedule, and other program factors. The Safety Review Panel (SRP) at NASA provides this oversight. Unfortunately, this oversight mindset often results in the Safety organization being isolated from the design team, leaving them to assess a design after it has already been largely completed. This linear approach can lead to significant schedule and cost impacts if either Safety determines the design to be unsafe or if the design evolves late the program lifecycle. The primary tool used by Safety and Missions Assurance organizations to help ensure the safety of a vehicle is the Hazards Analysis, which is used to define hazards, the features in the design used to control those hazards, and how those controls are verified to be in place.
This paper proposes an approach to integrating the Hazard Analysis process with the Systems Engineering requirement/verification process during all stages of the program life cycle in order to improve communication between Safety and Engineering and increase efficiency in the program overall. The two processes can be effectively coupled by ensuring that hazard controls have corresponding requirements, that the verification of those requirements is deemed sufficient by the overseeing Safety organization, and that the Safety assessment is of appropriate fidelity at each stage in the program lifecycle. In the proposed approach, Safety can maintain independence while also serving as a collaborator in the design process. The approach will serve to decrease the risk of cost and schedule impacts by ensuring that design engineers have the appropriate Safety requirements to work to and by avoiding redundant requirement and hazard control verification campaigns. Ultimately, this approach also serves to increase the certainty with which the overseeing Safety organization can proclaim the System as “safe”.