Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners

Probabilistic Risk Assessment (PRA) is a comprehensive, structured, and logical analysis method aimed at identifying and assessing risks in complex technological systems for the purpose of cost-effectively improving their safety and performance. NASA’s objective is to rapidly become a leader in PRA and to use this methodology effectively to ensure mission an programmatic success, and to achieve and maintain high safety standards at NASA. NASA intends to use PRA in all of its programs and projects to support optimal management decision for the improvement of safety and program performance. Over the years, NASA has been a leader in most of the technologies it has employed in its programs. One would think that PRA should be no exception. In fact, it would be natural for NASA to be a leader in PRA because, as a technology pioneer, NASA uses risk assessment and management implicitly or explicitly on a daily basis. Many important NASA programs, like the Space Shuttle Program, have, for some time, been assigned explicit risk-based mission success goals.

Methods to perform risk and reliability assessment in the early 1960s originated in U.S. aerospace and missile programs. Fault tree analysis (FTA) is such an example. It would have been a reasonable extrapolation to expect that NASA would also become the first world leader in the application of PRA. That was, however, not to happen. Legend has it that early in the Apollo project the question was asked about the probability of successfully sending astronauts to the moon and returning them safely to Earth. A risk, or reliability, calculation of some sort was performed and the result was a very low success probability value. So disappointing was this result that NASA became discouraged from further performing quantitative analyses of risk or reliability until after the Challenger mishap in 1986. Instead, NASA decided to rely on the Failure Modes and Effects Analysis (FMEA) method for system safety assessments. To date, FMEA continues to be required by NASA in all its safety-related projects.

In the meantime, the nuclear industry picked up PRA to assess safety almost as a last resort in defense of its very existence. This analytical method was gradually improved and expanded by experts in the field and has gained momentum and credibility over the past two decades, not only in the nuclear industry, but also in other industries like petrochemical, offshore platforms, and defense. By the time the Challenger accident occurred, PRA had become a useful and respected tool for safety assessment. Because of its logical, systematic, and comprehensive approach, PRA has repeatedly proven capable of uncovering design and operation weaknesses that had escaped even some of the best deterministic safety and engineering experts. This methodology showed that it was very important to examine not only low-probability and high-consequence individual mishap events, but also high-consequence scenarios which can emerge as a result of occurrence of multiple high-probability and nearly benign events. Contrary to common perception, the latter
is oftentimes more detrimental to safety than the former.