NASA Risk Management Handbook: Version 2.0, Part 1

The purpose of this handbook is to provide an in-depth reference for the practice of risk management in NASA, updating the guidance offered in its original version, NASA/SP-2011-3422 (November 2011), and closely aligning the updated guidance with the current NASA Procedural Requirements for Agency Risk Management, NPR 8000.4, and the parent NASA Policy Directive for NASA Governance and Strategic Management, NPD 1000.0.

NPD 1000.0 introduces with emphasis the concept of “Risk Leadership,” making it a fundamental tenet and pillar of the risk management culture that it advocates for the Agency. NPR 8000.4 applies this concept and establishes Risk Management (RM) requirements for the Agency as an integrated enterprise, as well as the RM requirements for portfolio elements within the enterprise. Such elements include the various programs and projects that contribute to the Agency’s objectives and the various institutional activities carried out by entities that contribute to mission support.

The present version of the handbook also emphasizes the integration of risk management processes across activity and project life cycles and their coordination and interaction with day-to-day programmatic and organizational functions. Areas of application of risk assessment and management that were not covered with specific guidance in the preceding version are addressed in this version with in-depth examples.

The handbook is structured into two parts, whose chapters are in turn organized in a sequential order intended to facilitate a gradual and progressive introduction of the reader to risk management principles and practices.

Part 1 of the handbook is dedicated to the introduction of the basic foundations of the NASA integrated risk management framework, the related fundamental risk concepts, the description of the risk management and decision processes that are to be implemented within the framework, the discussion of the risk assessment techniques that should be utilized in support of such processes, and the management and organizational interactions and interfaces that should be enabled to implement an effective integration of risk management activities within the Agency.

Part 2 provides self-contained, end-to-end examples of application of the processes and techniques introduced in Part 1, in the context of both programmatic (i.e., project and/or mission related) and institutional activities.