NASA’s Office of Inspector General has just issued audit report on the status of the Commercial Crew Program (IG-16-028, September 1, 2016). One of the audit objectives was to examine the program risks and the NASA’s management of the safety certification process for Boeing and SpaceX commercial crew vehicles.

The Commercial Crew Program has accumulated so far a delay of more than 3 years with reference to the NASA’s original 2015 goal of starting operations. According to the audit report, “while past funding shortfalls have contributed to the delay, technical challenges with the contractors’ spacecraft designs are now driving the schedule slippages. For Boeing, these include issues relating to the effects of vibrations generated during launch and challenges regarding vehicle mass. For SpaceX, delays resulted from a change in capsule design to enable a water-based rather than ground-based landing and related concerns about the capsule taking on excessive water”.

 In addition, the OIG found “significant delays” in NASA’s evaluation and approval of hazard reports that SpaceX and Boeing have to submit to NASA approval as part of the safety certification process. Although the OIG report does not clarify the main contributing factors (quality/content of submitted hazard reports, slowness of the NASA safety review process, or both) there is an alarming statement about risk of design changes at later time. This may indicate disagreement on the way safety risks are controlled, in some cases. As pointed out in the audit report. “Such [approval] process can inject substantial delays in case of disagreement within NASA and if some of those variances are rejected and the companies have to change design at later time”.

But why is the process of “safety variance” approval so schedule critical? The reason is that there is no certainty about the outcome, and it cannot be controlled timewise. It is an important process of checks and balances and dispute resolution that was established as lesson learned from Shuttle Challenger and Columbia accidents.

After the publication of the Shuttle Columbia accident report in 2004, NASA established an independent technical authority responsible for technical requirements and for all waivers (i.e. variances) to them.  The technical authority originates with the NASA administrator and is then delegated to the chief engineer for technical standards, to chief safety and mission assurance (S&MA) for safety standards, and then to center directors. There is also a medical technical authority. Subsequent delegations down from the center director are formally made to selected individuals at specific organizational levels. According to the process, decisions related to technical and operational matters involving safety residual risk (i.e. variances) require formal concurrence by the relevant technical authority based on the technical merits of the case, and not cost and schedule impact. Residual safety risks require first acceptance by the responsible program manager, then the consent of the technical authority, and finally that of the safety organization. Should a technical authority disagree with a program action he/she can submit the matter to the next higher level of management. However, the program can proceed at risk in parallel with the pursuit of a resolution if considers it to be in the best interest of the program. Resolution is jointly attempted at successively higher levels of program and technical authority until the dissent is resolved, with possibility to raise the issue up to the NASA administrator.