MSFC NASA MWI 7120 6 REV E-2008 PROGRAM PROJECT CONTINUOUS RISK MANAGEMENT《程序 工程连续性风险管理》.pdf

1、CHECK THE MASTER LIST at https:/repository.msfc.nasa.gov/directives/directives.htm VERIFY THAT THIS IS THE CORRECT VERSION BEFORE USE MWI 7120.6 REVISION E EFFECTIVE DATE: October 3, 2008 EXPIRATION DATE: October 3, 2013 MARSHALL WORK INSTRUCTION QD01 PROGRAM/PROJECT CONTINUOUS RISK MANAGEMENT Provi

2、ded by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Marshall Work Instruction QD01 Program/Project Continuous Risk MWI 7120.6 Revision: D Management Date: August 4, 2005 Page 2 of 18 CHECK THE MASTER LIST at https:/repository.msfc.nasa.gov/directives/directiv

3、es.htm VERIFY THAT THIS IS THE CORRECT VERSION BEFORE USE DOCUMENT HISTORY LOG Status (Baseline/ Revision/ Canceled) Document Revision Effective Date Description Baseline 7/10/00 Revision A 5/15/01 Added reference 4.9. Added definitions 5.1, 5.4 a 5.5 and 5.7. Added planning responsibilities clarifi

4、cation into 6.1. Added responsibilities for PMC and the Procurement Office into section 6.2 and reordered section to more logically follow process flow. Updated risk management tools application into section 6.3. Added procurement responsibilities into flow diagram. Revision B 12/16/2003 Removed ref

5、erence from paragraph 6.3, Type III. Defined the PMC in section 5.12. Made appropriate changes to bring in accordance with NPG 8000.4 throughout the document. Added the word “Continuous” in front of Risk Management throughout the document. Added NPG 8000.4 to the Applicable Documents section. Correc

6、ted the number references for S schedule realignment; budget adjustments; or alternate paths and approaches. Added 5.20 Technical Warrant Holder (TWH). Revised Section 6.1 through 6.4. Added 6-1 through 6.6.4 and Figure 1-1, CRM paradigm and Figure 1-2, CRM Process Overview. Revised 7. Notes. Revise

7、d 8. Safety Precautions and Warning Notes. Added 9. Records. Changed Training Organization to reflect new organizational title: Learning analyzes their impact and prioritizes them; develops and carries out plans for risk mitigation or acceptance; tracks risks and the implementation of plans; support

8、s informed, timely, and effective decisions to control risks and mitigation plans; and ensures that risk information is communicated and documented. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Marshall Work Instruction QD01 Program/Project Contin

9、uous Risk MWI 7120.6 Revision: E Management Date: October 3, 2008 Page 6 of 19 CHECK THE MASTER LIST at https:/repository.msfc.nasa.gov/directives/directives.htm VERIFY THAT THIS IS THE CORRECT VERSION BEFORE USE 5.3 Developmental Model Analysis (DMA). A conceptual statistical graphic model of the p

10、rogram or project linked to the analytical data (i.e., reliability, cost, and schedule data) to be used as a baseline for the (PRA) process. 5.4 Failure Mode and Effects Analysis (FMEA). An analysis that examines the conditions that can result in failures of components and the effects of the faults

11、to the system in which they are contained. 5.5 Fault Tree Analysis (FTA). A graphical model of the various parallel and sequential combinations of faults that will result in the occurrence of a predefined undesired top-level event in a system. 5.6 Functional FMEA Approach. Used when hardware items c

12、annot be uniquely identified or when system complexity requires analysis from the initial indenture. 5.7 Hardware FMEA Approach. Used when hardware items can be uniquely identified from schematics, drawings, and other engineering and design data. 5.8 Hazard Analysis (HA). The determination of potent

13、ial sources of danger and recommended resolutions for those conditions found in the hardware/software systems, the person/machine relationship, or both, which may cause loss of personnel capability, loss of system, or loss of life or injury. 5.9 Independent Assessment (IA). The general term referrin

14、g to an evaluation of a program or program/project conducted by experts outside the advocacy chain. The evaluation results in an assessment of the programs or projects readiness (i.e., technical, schedule, cost, and risk) to proceed to the next phase in the lifecycle that is reported to a CMC. 5.10

15、Metric. A measurement taken over a period of time that communicates vital information about a process or activity. A metric should drive the appropriate risk mitigation action. 5.11 Preliminary Hazard Analysis (PHA). The PHA is the foundation on which the rest of the safety analyses and the system s

16、afety tasks are built. It documents which generic hazards are associated with the design and operational concept. The PHA provides the initial framework for a master listing of hazards and associated risks that require tracking and resolution during the course of the program design and development.

17、5.12 PRA. A comprehensive, structured, and logical analysis method aimed at identifying and assessing risks in complex technological systems for the purpose of cost-effectively improving their safety and performance in the face of uncertainties. PRA assesses risk metrics and associated uncertainties

18、 relating to the likelihood and severity of events adverse to safety or the mission. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Marshall Work Instruction QD01 Program/Project Continuous Risk MWI 7120.6 Revision: E Management Date: October 3, 200

19、8 Page 7 of 19 CHECK THE MASTER LIST at https:/repository.msfc.nasa.gov/directives/directives.htm VERIFY THAT THIS IS THE CORRECT VERSION BEFORE USE 5.13 CMC. One of the hierarchy of forums composed of senior management that assesses program or project planning and implementation and provides oversi

20、ght and direction as appropriate. These forums are established at the Agency, Mission Directorate, Center, and lower levels. 5.14 Risk. The combination of the probability that a program or project may experience an undesired event and the consequences, impact, or severity of the undesired event, wer

21、e it to occur. Both the probability and consequences may have associated uncertainties. Some examples of undesired events include a cost overrun, schedule slippage, safety mishap, health problem, malicious activities, environmental impact, failure to achieve a needed scientific or technological brea

22、kthrough, or mission success criteria. 5.15 Risk Assessment. An evaluation of a risk item that determines: (1) what can go wrong, (2) how likely is it to occur, and (3) what the consequences are. 5.16 Risk Management. An organized, systematic decision making process that efficiently identifies, anal

23、yzes, plans, tracks, controls, communicates, and documents risk to increase the likelihood of achieving program/project goals. 5.17 Risk Mitigation. The process of applying methods, tools, and resources aimed at eliminating the risk or reducing the likelihood and/or consequence of a risk. This may b

24、e accomplished through engineering changes to design, processes, or procedures; schedule realignment; budget adjustments; or alternate paths and approaches. 5.18 Schedule Risk Assessment (SRA). A quantitative analysis of a projects scheduled task durations that provides a range of probable completio

25、n dates with the associated probabilities for each. If the schedule is resource loaded, a quantitative cost analysis may also be performed using the schedule data. This cost analysis would provide a range of probable project costs with probabilities for each cost. The SRA could provide the basis for

26、 project schedule margin and recommended budgetary reserves. 5.19 TA. The individual who specifically maintains technical responsibility over establishment of, changes to, and waivers of requirements in a designated area. 6. INSTRUCTIONS 6.1 The Program/Project Manager shall develop and implement a

27、CRM process that includes integrated risk management planning for all risks associated with program/project safety, cost, schedule, and technical performance and document it in a Program/Project Risk Management Plan as specified in NPR 7120.5C, “NASA Program and Project Management Processes and Requ

28、irements,” NPR 7120.5D, “NASA Space Flight Program and Project Management Requirements,” NPR 7120.8, “NASA Research and Technology Program and Project Management Requirements,” and NPR 8000.4, “Risk Management Procedural Requirements.” Provided by IHSNot for ResaleNo reproduction or networking permi

29、tted without license from IHS-,-,-Marshall Work Instruction QD01 Program/Project Continuous Risk MWI 7120.6 Revision: E Management Date: October 3, 2008 Page 8 of 19 CHECK THE MASTER LIST at https:/repository.msfc.nasa.gov/directives/directives.htm VERIFY THAT THIS IS THE CORRECT VERSION BEFORE USE

30、6.2 The NASA CRM process, stated below, is outlined in Figures 1 and 2. Figure 1. The NASA Continuous Risk Management Process. 6.3 CRM process overview The following process will be iterated throughout the program/project life cycle. 6.3.1 Identify. Develop the risk statements in terms of condition

31、and consequence(s); capture the context of the risk scenario (e.g., what, when, where, how, and why). Tools such as FMEA, PRA, and FTA can be used to identify risks. During engineering product development, risk shall be identified and addressed in the final product as part of a Risk Management Plan,

32、 in accordance with systems safety engineering practices. 6.3.2 Analyze. Evaluate risk probability, impact/severity, and timeframe (when action needs to be taken); classify/group with similar/related risks; and prioritize. Tools such as PRA can be used to analyze technical risks. The SRA tool can be

33、 utilized to assess schedule and cost risks. 6.3.3 Plan. Assign responsibility and determine approach (i.e., accept, mitigate, or watch). If risk shall be mitigated, define mitigation level (e.g., action item list or more detailed task plan) and goal, and include resource estimates. 6.3.4 Track. Acq

34、uire/update, compile, analyze, and organize risk data; report results; and verify and validate mitigation actions. 6.3.5 Control. Analyze results, decide how to proceed (e.g., accept, mitigate to an acceptable level, replan, close the risk, invoke contingency plans, and/or continue tracking), and ex

35、ecute the control decisions. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Marshall Work Instruction QD01 Program/Project Continuous Risk MWI 7120.6 Revision: E Management Date: October 3, 2008 Page 9 of 19 CHECK THE MASTER LIST at https:/repositor

36、y.msfc.nasa.gov/directives/directives.htm VERIFY THAT THIS IS THE CORRECT VERSION BEFORE USE 6.3.6 Communicate and Document. Essential risk status is to be communicated on a regular basis to the entire program/project team and to the CMC. A system for documentation and tracking of risk decisions sha

37、ll be implemented. Figure 2. The CRM Process Steps. 6.3.7 Program/Project Managers shall establish safety and mission success activities as a part of the CRM process early in the program/project formulation process. 6.3.8 All programs/projects shall prepare a CRM plan during the program formulation

38、phase. The risk management methods, tools, and level of effort dedicated to CRM may be tailored for each program/project. The projects Risk Management Plan may be a supplement to the program plan. 6.3.9 The Program/Project Risk Management Plan shall include: 6.3.9.1 Risk list generation. This list i

39、dentifies the risks that impact your program/project. 6.3.9.2 Periodic risk reviews. This review is conducted on a periodic basis to review all risks, risk mitigation, and discuss new risks. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Marshall Wo

40、rk Instruction QD01 Program/Project Continuous Risk MWI 7120.6 Revision: E Management Date: October 3, 2008 Page 10 of 19 CHECK THE MASTER LIST at https:/repository.msfc.nasa.gov/directives/directives.htm VERIFY THAT THIS IS THE CORRECT VERSION BEFORE USE 6.3.9.3 Risk Management Review Boards. A maj

41、or review conducted by the Program/Project Manager to discuss primary risks, risk mitigation, risk roll up, and residual risk issues. 6.3.9.4 Quantitative/qualitative risk assessments. Risk assessment processes (i.e., PRA, FTA, FMEA/Critical Items List (CIL), and Hazard Analysis) used to identify pr

42、ogram/project risks. 6.3.9.5 Operations risk management. Used to address operational and interface risks. 6.3.9.6 Risk-Based Acquisition Management process. Established NASA requirement for contractors to perform risk management. This is documented in the NASA Federal Acquisition Regulation Suppleme

43、nt. 6.3.9.7 Information management systems for problem reporting. This is accomplished through the NASA Problem Reporting and Corrective Action system process or by the program/project corrective action systems. 6.3.9.8 Risk Acceptance. This is a risk that has been fully mitigated with the available

44、 resources. The risk has been reduced with regards to likelihood and consequence; however, the risk still remains open and will be tracked accordingly. 6.3.9.9 Risk Closure. This is a risk that has been fully mitigated using the available resources and is no longer a threat to the program/project. 6

45、.3.9.10 Risk surveillance reporting. Risk review process established by the program/project risk implementation plan. 6.3.9.11 Risk supportability data. Data used in the mitigation of program/project risks. 6.3.9.12 Risk trends analyses. Analysis used by program/project risk management to provide ea

46、rly warning of risk escalation and the action necessary for risk mitigation. 6.3.10 All risks shall be documented and communicated throughout the programs life cycle. The results of the risk management process shall be incorporated into the final technical products. 6.3.11 NPR 2810.1, “Security of I

47、nformation Technology” defines the NASA Information Security Policy for CRM planning and risk assessment processes and activities. 6.4 Implement a comprehensive risk management decision-making process. 6.4.1 The Program/Project Manager and risk management team members shall develop a Risk Management

48、 Plan that meets the program requirements for CRM processes as described in paragraph 6.3. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Marshall Work Instruction QD01 Program/Project Continuous Risk MWI 7120.6 Revision: E Management Date: October

49、3, 2008 Page 11 of 19 CHECK THE MASTER LIST at https:/repository.msfc.nasa.gov/directives/directives.htm VERIFY THAT THIS IS THE CORRECT VERSION BEFORE USE 6.4.2 Risk identification shall involve the entire project team to assess all identifiable risks and project constraints up front. If an IA has been performed, the program/project shall include the risks identified during