As mentioned in yesterday’s review of space debris activities, NASA’s Aerospace Safety Advisory Panel (ASAP) released its annual report covering the agency’s 2013 activities on January 15. ASAP has been providing regular Congressionally-mandated safety assessments to NASA since 1968, based on site visits and independent analyses of ongoing programs. Generally tightly focused on specific technical areas of concern, the 2013 report includes an almost philosophical discussion on the meaning of safety. While the entire report is worth a read (you can find it here), the section excerpted below in particular merits underlining.

The Risk Value Proposition

ASAP 2013 reportIn the human space flight endeavor, the questions remain: How much risk is too much? How do we know if we’ve considered all the risks? Is perfection the goal or is “safe enough” the objective? It is unfortunate that we must use terms like “safe enough” rather than “perfect,” but we must also realize that there is no such thing as guaranteed mission success. Space travel is by its nature extremely risky. Ensuring program and system performance with 100 percent guaranteed success is obviously not attainable. Therefore, a balance must be struck among elements: (1) the time to deliver a product or execute a mission, (2) the cost to achieve the vision or goal, and (3) the performance for the system or product. In other words, short of perfection, we have to make the system safe enough by identifying and managing risk.

Sound risk management processes within a robust risk management program are key to success; however, it is essential to ensure a firm foundation on which that program can flourish. The foundation must include an organizational environment or culture that is actively and constantly engaged in risk identification. That culture must be candid, both inside and outside the organization, when communicating and mitigating risk. Successful organizational cultures include a well- and widely understood strategic vision, a well-communicated leadership philosophy on how to achieve that vision, and effective policy guidance to influence everyday actions and decision making.

The vision/strategy/mission—set by the leadership—orients the team, guides decision making, and helps form desired behaviors. The leadership’s philosophy, presumably consistent with the agency’s core values, is the framework that will guide an organization in all environments. When a sound and well-communicated vision and philosophy are combined, policy, standards, and procedures should naturally follow. In the absence of a strong vision, philosophy, and policy, there will be ambiguous direction, redundant efforts, waste, frustration, and, worst of all, inadequate risk identification and mitigation.

Determining what level of risk is acceptable is far from straightforward and is not a classical scientific decision; rather, it is a policy decision. This “risk tolerance” decision requires balancing many factors, such as financial cost, schedule, national prestige, international relationships, human welfare, public opinion, and ethical considerations, to determine whether the chance of a mishap is outweighed by the likely mission benefit. For the Constellation example mentioned in the previous section, the quantitative threshold came from a thorough vetting and decision at NASA’s leadership level to provide U.S. transport to and from the ISS that would operate, with confidence, at the same safety level or better on a 210-day mission as the Space Shuttle risk analysis showed for a 12-day mission.

What establishes the “safe enough” benchmark? This question can only be answered in an open and candid risk evaluation environment and culture that include the following: setting risk thresholds; identifying, assessing, and mitigating risk; observing mitigation effects; and communicating this risk in a clear, candid, and timely manner to all stakeholders. Risk identification is critically important—if risks are not identified, they cannot be managed. Risk must be identified across every aspect of a program by a diverse team operating under the culture previously described. Ignoring risk—whether unknowingly dismissed, prematurely dispositioned, or intentionally set aside—will always be detrimental. Value and risk targets must be clearly and candidly defined and serve as the measure by which risks are evaluated and ultimately accepted or rejected. This enables the highest confidence levels for system or program performance.

The more open, forthright, and thorough an organization is in managing and communicating risk and the more grounded that organization’s culture is in producing sound risk identification and mitigation, the higher the probability of mission success.

Read the rest of the report here.