See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/309591741

Development of global Safety synergies for Space Exploration regulations and

bridging with aviation standards

Conference Paper · September 2016

CITATIONS READS

0 4,267

1 author:

Aline Decadi
He Space operations BV at European Space Agency, Paris, France
11 PUBLICATIONS   7 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Safety criteria for Moon Mars exploration View project

Ariane 6 View project

All content following this page was uploaded by Aline Decadi on 01 November 2016.

The user has requested enhancement of the downloaded file.

 67th International Astronautical Congress (IAC), Guadalajara, Mexico, 26-30 September 2016.
Copyright ©2016 by the International Astronautical Federation (IAF). All rights reserved.

IAC-16-D6.2-D2.9

Development of global Safety synergies for Space Exploration regulations and bridging with aviation
standards

Aline Decadi

Dependability and Safety Assurance Section, Launchers Directorate, He Space Operations BV at European Space
Agency, 52 Rue Jacques Hillairet, Paris, France, Aline.Decadi@esa.int

Abstract
The transportation capabilities for human-rating Space Exploration missions are emerging. Safety is a major
argument on which the agencies commit to ensure to crew a safe journey and return to Earth. Secure the mission
success requires a regulated Safety assessment process. Space Safety regulations and standards already exist in
agencies and institutions, but they do not represent a common vision, committed and shared internationally. That’s
why the elaboration of a Safety standard for human-rating Space Exploration needs to benefit from existing Safety
standards approved worldwide. The standardized process for civil airborne systems is the world's most severe civil
aviation standard, and is enriched by decades of maturation and improvement. It is expandable to Space Exploration
in term of set of methods for conducting a safety assessment process. In this frame, it represents the common Safety
orientations to be targeted by the space agencies towards the incredible evolution of the concept of Safety for
mission success.
Keywords: Safety, ARP4761, NPR8705-2B, Space Exploration, Human Rating, Transportation, Mars, Aviation

1. Introduction international consensus as a first step for the elaboration

The architecture of the Mars exploration mission
pursues two objectives: one is minimizing the mass to
send beyond Low Earth orbit; the other one is ensuring
the safety during each step of the mission (launch,
journey, approach on Mars orbit, entry, descent and
landing, and return including take-off, ascent, extraction
of orbit, journey, re-entry and landing). The challenge
of this two-years duration mission is to bring the failure
probability down to an acceptable level, in particular for
the critical functions that have catastrophic failure
conditions, leading to the loss of crew/ mission (LOC/
LOM). But at the same time, it should be done without
adding complexity to the overall design in a way that
the design is compromised (e.g. the systems have to be
repairable by the crew).
Finding an international consensus on how to define
the adequate safety requirements and methods of
assessment, and then reach the mission objectives is
crucial because the Space Exploration endeavour is
based on an international interest and collaboration. For
this reason, space safety rules defined through a
common long-term safety assessment process need to be
globally shared and standardized [1].
Space exploration could benefit from the civil
airborne process - the most severe, mature standard
accepted worldwide - in order for the space agencies to
reach an international consensus on a space exploration
safety standard [1]. This paper intends to compare the
safety implementation of these two aerospace processes,
and evaluate the synergies that can easily be extended
from aviation to space exploration in order to reach an
of a dedicated global safety standard applied to space
transportation capabilities.
The following chapters present:
• The evolutions of the Space Safety Standards to
analyse the relevant procedures and requirements
useful to mitigate the hazards inherent to human-
rating Space Exploration missions,
• The assessment of the synergies between the
international civil airborne standards and the
existing Space Safety procedures,
• The evaluation of the credibility of the civil
Airborne standards to be expanded and adapted to
Space Exploration in terms of methods and criteria
(quantitative and qualitative)
• The analysis of the other parameters to be
considered for reaching an international consensus
for regulating Space Exploration.
2. Applicable Space Safety procedures for Space
Exploration
The current International Space Safety Standards are
based on several ISO (International Organization for
Standardization). They represent the basic space policy
standards funded in ISO 14300:
• ISO 14600 that covers Space Systems Safety
requirements Parts 1-3, incl. System safety, Launch
Site Operations, and Flight Safety Systems,
• ISO 17666 that addresses Space Systems Risks
Management,

IAC-16-D6.2-D2.9 Page 1 of 8
 67th International Astronautical Congress (IAC), Guadalajara, Mexico, 26-30 September 2016.
Copyright ©2016 by the International Astronautical Federation (IAF). All rights reserved.
• ISO 14624 Parts 1-7 that covers Space Systems
Safety and Compatibility of Materials.
Also the United Nations Orbital Debris Coordination
Working Group has developed and adopted:
• ISO 24113 The Space Debris Mitigation Principles
and Management Procedures, and
• ISO 27875 The re-entry Safety control for unmanned
spacecraft and launch vehicles upper Stages.
While the ISO standards are useful in establishing
international coordination, the problem is that they are
voluntary. National laws and regulations may supersede
them. In order for international space regulations and
standards to have enforcement power, governments as
well as voluntary standards bodies must support them.
In summary, the ultimate objective must be standards
and regulations backed by international treaties that are
fully agreed by all the nations involved in space
activities and implemented through national regulatory
mechanisms.
There are indeed existing Space Safety Regulations
and Standards by agencies and institutions. They have a
lot of similarities in terms of approach (e.g. they are
based on Lessons Learnt and State of the Art best
practices in terms of knowledge, expertise and quality)
and process for elaborating a hazard analysis. But do
they represent a common vision, committed and shared
globally by all of them? That’s the point. The need has
been identified, for the institutional stakeholders of
space-faring countries, to jointly establish safety
consensus standards to become recommended
references for national regulations. In this frame, it
seems interesting here to:
• List the Safety Regulations and Requirements
applied by the main agencies and institutions in
preparation of missions beyond Earth orbit,
• Assess the evolutions of these Space Safety
Regulations to better understand:
o What are the constraints inherent to live, travel
and work in deep space?
o Is it possible to partially mitigate these
constraints by using Safety processes and
procedures coming from other standards (e.g.
aviation) that have already matured and
improved?
Space transportation capabilities, such as crew
transportation and operation capabilities defined in the
Global Exploration Roadmap (GER) [18], are driven by
mission and safety requirements. NASA, as one of the
leaders in the Space Exploration endeavor, has
elaborated NASA Procedural Requirements (NPRs) that
are key to produce human-rating space systems that
accommodate human needs, effectively utilize human
capabilities, control hazards, manage safety risk
IAC-16-D6.2-D2.9
associated with human spaceflight, and provide, to the
maximum practical extent, the capability to safely
recover the crew from hazardous situations [7]:
• Human-Rating Requirements for Space Systems,
NPR 8705-2B [3]: it defines the set of technical
requirements to be applied to its crewed space
systems to reach the human-rating certification at
the end of the development. The key certification
elements to be compliant with are:
o The definition of reference missions for
certification,
o The incorporation of system capabilities to
implement crew survival strategies for each
phase of the reference missions,
o The implementation of capabilities coming
from the applicable technical requirements,
o The utilization of safety and reliability analyses
to influence system development and design,
and decide on risk reduction measures such as
failure tolerance,
o The integration of the human into the system
and human error management,
o The verification, validation, and testing of
critical systems performance,
o The flight test program and test objectives,
o The system configuration management and
related maintenance of the Human-Rating
Certification.
• Technical Probabilistic Risk Assessment (PRA)
Procedures for Safety and Mission Success for
NASA Programs and Projects, NPR 8705-5A [4]:
PRA is a systematic and comprehensive
methodology to evaluate risks associated with
every life-cycle aspect of a complex engineered
technological entity (e.g., facility, spacecraft, or
power plant) from concept definition, through
design, construction and operation, and up to
removal from service. In a quantitative risk
assessment or a probabilistic risk assessment,
consequences are expressed numerically (e.g., the
number of people potentially hurt or killed) and
their likelihoods of occurrence are expressed as
probabilities or frequencies (i.e., the number of
occurrences or the probability of occurrence per
unit time). The final result of a PRA is given in the
form of a risk curve and the associated
uncertainties.
• Probabilistic Risk Assessment Procedures Guide
for NASA Managers and Practitioners [5] is a
companion document of the NPR 8705-5A and
provides further details on PRA methodology for
aerospace applications.
These NPRs are useful to defend/ challenge design
options in the frame of the decision-making process [3],
as they provide relevant data based on: examined design
Page 2 of 8
 67th International Astronautical Congress (IAC), Guadalajara, Mexico, 26-30 September 2016.
Copyright ©2016 by the International Astronautical Federation (IAF). All rights reserved.
alternatives, identified key uncertainties related to the
design options (e.g. uncertainty in system performance,
or in human performance, or in understanding
phenomena), established confidence in the analyses and
the resulting design, and identified focus areas for
testing. A good example of their application is for
enhancing crew safety design techniques of the Orion
vehicle, in particular for establishing the survivability
requirements [6].
There is no need to start from scratch to establish a
standardized safety regulation for Space Exploration, as
a safety assessment process already exists. Nevertheless,
the need is to evaluate its potential to be the most
credible and adapted procedure for global human-rating
missions. To do so, it is possible to benefit from an
existing global standardized process that has
demonstrated its efficiency through decades of
improvement and lessons learnt: this is the case for the
civil airborne standard in place.
3. Bridge between aircraft and spacecraft safety
assessment processes internationally
We are now going to focus on the global aviation
standards, and in particular:
• Analyze American and European standards to
assess the similarities between each other,
• Then, assess their similarities with the NASA
Space Safety procedures (presented in the previous
chapter),
• Finally, start assessing their potential to be
expanded to human-rating Space Exploration (as a
first step in the elaboration of a standardized Space
Safety Regulation).
3.1 Standardized Safety assessment process in aviation
The standardized safety process, applicable for the
civil airborne systems, is composed by the following set
of standards (as shown in Fig. 1) called Aerospace
Recommended Practices (ARP):
• Guidelines and methods for conducting the Safety
Assessment Process on Civil Airborne Systems and
Equipment, ARP4761 [8],
• Guidelines for development of Civil Aircraft and
Systems, ARP4754A [9]. It is supported by two other
main aviation standards:
o Design Assurance Guidance for Airborne
Electronic Hardware, RTCA/DO-254 [10],
o Design Assurance Guidance for Airborne
Electronic Software, RTCA/DO-178B/C [11].
This set of standards is the set of methods for
conducting safety assessment process used worldwide.
IAC-16-D6.2-D2.9
It is the world's most severe civil aviation standard, and
is enriched by millions of flight hours each year.
These ARP standards are recognised by the both
U.S. and European regulations, i.e.:
• U.S. FAA Federal Aviation Regulations (FAR),
• European Joint Aviation Requirements (JAR), which
have been replaced by European Aviation Safety
Agency (EASA) certification standards.
They are also recognized worldwide by other
agencies like in China, Brazil, and South Korea.
Fig. 1. SAE ARP4761 and 4754A
FAA and EASA have elaborated consistent and
harmonised airworthiness standards that provide
equivalent criteria for:
• The certification specifications of equipment,
systems and installations for:
o Large Aeroplanes via two equivalent U.S. and
European standards: FAR 25.1309 [12]/ EASA
CS-25.1309 [13],
o Lighter Aeroplanes via two equivalent U.S. and
European standards: FAR 23 [14]/ EASA CS-23
[15].
• The associated equivalent means of compliance:
FAA Advisory Circulars (AC)/ EASA Acceptable
Means of Compliance (AMC). In particular,
AC 25.1309-1 [16]/ AMC 25.1309 [17] describes
acceptable means for showing compliance with the
airworthiness requirements of §25.1309. This AC/
AMC is fundamental as it establishes the principle
that the more severe the hazard resulting from a
system or equipment failure, the less likely that
failure must be. Failures that are catastrophic must
be extremely improbable. First released in 1982,
AC 25.1309-1 (then AMC 25.1309 in 2003) has
been revised to embody increasing experience
through the development of airplanes, and to address
the increasing integration and computerization of
aircraft functions.
In conclusion, the Standardized Safety Assessment
process for aviation has been matured through years,
Page 3 of 8
 67th International Astronautical Congress (IAC), Guadalajara, Mexico, 26-30 September 2016.
Copyright ©2016 by the International Astronautical Federation (IAF). All rights reserved.
with a continuous harmonisation between American
regulations and European standards, and in turn
approved worldwide. AC 25.1309-1 describes the
acceptable means for showing compliance with the
airworthiness requirements FAR 25.1309. It recognizes
Aerospace Recommended Practices ARP4754A and
ARP4761 as a global standardised process in the
aviation industry. This standardized aviation safety
process represents a relevant guideline for comparison
with space safety process.
3.2 Comparison between aviation standards and space
procedures/ guidelines regarding safety assessment
process
3.2.1 Functional mission failure conditions
The critical functions to be ensured within the range
of missions are similar between aviation and space
transportation capabilities [1]:
• Transportation of the crew/ cargo including
collision avoidance,
• Environmental control and life support ensuring the
crew survival,
• Propulsion, which is vital to the safe operation at
any mission phase,
• Communication, which is essential to be able to
send orders that may have safety implications, such
as alarm and rescue,
• Power supply, which is a common mode of failure
conditions,
• Navigation, for the determination, at any time, of
the vehicle's position, velocity and attitude.
These critical functions are triggered through safety
objectives that will be determined and fine-tuned via
continuous trade-off taking into account many factors
inherent to the mission scenario (as shown in Fig. 2). In
this frame, the different specificities between civil
airborne systems and space transportation systems,
which are intrinsic to their respective mission
architecture, will be considered, for example in terms of
servicing (maintainability) and failures rate (reliability)
[1].
Fig. 2. Role of critical functions in Safety process
(e.g. SAE ARP4761)
IAC-16-D6.2-D2.9
Based on the identification of these critical
functions, we will compare the implementation of safety
process in both aviation and space exploration fields,
and assess the similarities in terms of methodology,
requirements, and criteria for evaluation of failure
conditions. This comparison will be performed based on
the following standards, requirements and guidelines:
• For Space: NASA NPR 8705-2B [3], NPR 8705-5A
[4] and PRA guideline [5],
• For Aviation: ARP4761 [8]/ ARP4754A [9] and AC
25.1309 [16].
3.2.2 Common objectives for aviation and space
safety assessment
Both Aviation standards and Space procedures/
guidelines share major targets in terms of safety
assessment:
• Define the set of mission requirements that ensure
the requested level of mission safety,
• Provide guidance in implementing fail-safe design,
with an emphasis on redundancy and monitoring,
including eliminating common mode failures and
hazards (seen as the causes of the unsafe control),
• Implement the system safety assessment process on
the critical functions that may have catastrophic
failure conditions,
• Are based on safety rules coming from lessons learnt
and recommendations from the past, e.g.:
o Aviation: millions of flight hours per year,
o Space: Apollo, ISS, space shuttle, exploration
missions (to come),
regarding different aspects such as design,
manufacturing, testing, instrumentation, review and
control. Most of them are used commonly within the
global safety community as best practices. They are
particularly valuable for large and complex programs
that require a certain codification of the lessons learnt.
The implementation of the safety assessment
process implies tools (e.g. analysis, methodology) and
criteria (to achieve certification) to cover all mission
phases from lift-off to re-entry, and also include the
launch preparation phases. Moreover, a combination of
quantitative (e.g. probabilistic) and qualitative (e.g.
failure tolerance or redundancy) technical safety and
mission requirements complement each other by
compensating for weaknesses in one or the other
analysis type [19].
3.2.3 Comparison of safety tools (e.g. analysis,
methodology)
While comparing aviation standards and space
exploration procedures, we can obtain the list of safety
Page 4 of 8
 67th International Astronautical Congress (IAC), Guadalajara, Mexico, 26-30 September 2016.
Copyright ©2016 by the International Astronautical Federation (IAF). All rights reserved.
analyses and methodologies that combine existing
techniques.
In NASA NPR 8705-2B [3], aviation/ space
common approaches or tools for performance of this
activity include, but are not limited to:
• Traditional safety and reliability analysis techniques:
o Hazard Analysis (HA),
o Fault Tree Analysis (FTA),
o Failure Modes and Effects Analysis (FMEA),
o Damage Modes and Effects Analysis (DMEA),
o Critical Items Lists (CIL),
• Probabilistic Risk Assessment (PRA),
• Simulation modeling techniques (e.g. physics-based
simulations of the failure environments),
• Accident Precursor Analysis (APA).
The integration of design and safety analysis
consists in the active and iterative application of these
techniques, and in the use of the collective results from
these analyses to inform design decisions. The
integrated analysis is done in a consistent manner
throughout the program and at the overall system level.
This implies that techniques such as Hazard Analysis,
Failure Modes and Effects Analysis, and Probabilistic
Risk Analyses cannot be performed in isolation and that
such analyses should be internally consistent. The
resulting assessments and rankings, along with
probabilistic safety requirements, serve to inform
decisions regarding safety enhancing measures such as
necessary failure tolerance levels, margins, abort
triggers, and crew survival capabilities.
The list of corresponding analysis and methods in the
aviation standard ARP 4761 [8] is the following:
For the Hazard Analyses (as shown in Fig. 3):
• The scenarios leading to the “loss of vehicle” are
assessed with estimates of their frequencies, and are
specified in terms of functional-level events ! this
list of dysfunctional scenarios with the assessment of
their criticality is equivalent to the Functional
Hazard Assessment (FHA) in the ARP4761.
• These scenarios, that involve several distinct system
failures, may contain a very large number of such
combinations of failure conditions ! the list of
failure conditions at system level associated to sub-
system level safety requirements is equivalent to the
Preliminary System Safety Assessment (PSSA) in
the ARP4761, and the sub-system safety
requirements include DALs.
• For each system failure occurring in a particular
scenario, there may be many distinct combinations
of component-level failures that yield that system
failure. These combinations are called “minimal cut
sets” (MCSs). The MCSs are one of the major
outputs of a PRA. They are a basis for quantification
of top event likelihood and also provide qualitative
insight ! this assessment down to component level
IAC-16-D6.2-D2.9
and back to the system level is equivalent to the
System Safety Assessment (SSA) in ARP4761. It
aims to update the failure conditions list or FHA,
which includes rationales showing compliance with
safety requirements (qualitative and quantitative).
Fig. 3. FHA, PSSA and SSA
Fault Tree Analysis (FTA) and Failure Modes and
Effects Analysis (FMEA): they are common methods in
both aviation and space.
Damage Modes and Effects Analysis (DMEA): it
reveals damage modes and their domino effects to guide
the design and operations ! it is equivalent to the
Zonal Safety Analysis (ZSA) in ARP4761. This analysis
is usually supported by a Common Cause Analysis
(CCA), which is used to find and eliminate or mitigate
common causes for multiple failures.
For Critical Items Lists (CIL): the Failure Mode
and Effects Analysis (FMEA) is performed to identify
failure modes. As part of this process, critical failure
modes that could lead to loss of life or loss of mission
are also identified. These critical failure modes are then
placed into a CIL, which is carefully examined for
programmatic control by implementing inspection
requirements, test requirements and/ or special design
features or changes, which would minimize the failure
modes occurrence [20] ! the control of these critical
failure modes is monitored via a Particular Risk
Analysis in ARP4761.
For Probabilistic Risk Assessment (PRA): this is a
scenario-based probabilistic risk analysis. Quite
generally, a scenario is prevented through prevention of
all of its MCSs, and each MCS is prevented through
prevention of any of its elements. The role of the PRA
in the context is to quantify each risk/ MCS, by taking
into account the individual risks/ MCS that surface
during the program/ project [5] ! this risk assessment
enables to define particular probabilistic safety
requirements when quantitative risk assessment is
deemed necessary (e.g. without sufficient experience
based engineering data) and is equivalent to a Particular
Risk Analysis in ARP4761.
Simulation modeling techniques: they are common
methods in both aviation and space (e.g. failure
Page 5 of 8
 67th International Astronautical Congress (IAC), Guadalajara, Mexico, 26-30 September 2016.
Copyright ©2016 by the International Astronautical Federation (IAF). All rights reserved.
propagation is a complex process that usually augments
generic statistical data with computer simulations).
Accident Precursor Analysis (APA): it provides a
systematic means of analysing candidate accident
precursors by evaluating anomaly occurrences for their
system safety implications and, through both analytical
and deliberative methods used to project to other
circumstances, identifying those that portend more
serious consequences to come if effective corrective
action is not taken [5]. This aims to update the Hazard
Analysis when an anomaly occurs ! this Accident
Precursor Analysis is well integrated into the FHA,
PSSA, and SSA as the implementation of corrective
mitigation actions after anomalies investigation is
equivalent, and particularly well controlled in the
aviation safety process.
The assessment of the safety analyses between
Aviation (ARP 4761 [8]) and NASA Space Safety
procedures (NPR 8705-2B [3]) show that the
methodology for safety assessment process is similar as
based on the same tools in both areas. So, from the
methodology point of view, space transportation
approach could be easily inspired by the existing
methods and analysis, already standardised for aviation
and applicable to space transportation capabilities.
3.2.4 Comparison of safety criteria
The assessment of dedicated criteria for failure
conditions - for any mission scenario, system, at any
mission phase - is way more difficult to be established
by comparison of aviation standards and space
procedures. As recalled in chapter 2.3 here above, the
mission constraints are very different between civil
aircraft and space transportation vehicle due to their
specific environment and mission architecture; this will
indeed lead to different quantitative and qualitative
criteria that will be used in the definition of the overall
set of safety requirements to be applied to the respective
missions.
Considerations for defining these criteria for space
exploration missions are in continuous evolution,
demonstrating the complexity of the safety assessment
activity to reach a dedicated international consensus and
regulations. As an example, it is worth mentioning that
NPR 8705-2 has been updated:
NPR 8705-2 (no revision) [2] has been initially
released in 2003 at the time of the application of the
human-rating requirements for International Space
Station missions. It was based on two-failures tolerance
(2 FT) to prevent hazards that could result in loss of life.
It means that three independent failures would have to
occur to lead to a catastrophic consequence. This
deterministic approach has provided an excellent
assurance for System safety and has been for years the
IAC-16-D6.2-D2.9
single reference for human-rating requirements.
Besides, the IAASS proposal for space safety standard
considers this 2 FT requirement regarding catastrophic
hazards [21].
Nevertheless, over the life of programs, process
errors or other unforeseen events could still cause
controls to fail. So, the concept of Spacecraft
Vulnerability Reduction (SVR) [6] has been envisioned
as an opportunity to optimize design choices within the
design parameters. Additional separation of redundancy
or layouts of equipment to establish natural barriers
were examples seen as improving the safety of design
without adding another layer of safety to further reduce
the likelihood of occurrence. Additional considerations
– to minimize weight (use smaller launch vehicles and
raise performance) versus mission cost and schedule –
have also increased the need for a safety approach in
favour of more risk-based decisions making process,
including a more engineering approach in the
establishment of proper levels of safety. NASA released
the NPR 8705 revision 2B [3] where the acceptable
level of safety is now reached by:
• Single failure tolerance (1FT), and
• A probabilistic requirement specified in the
Probabilistic Risk Assessment (PRA) procedure [4].
So, the definition of quantitative/ qualitative criteria
for safety assessment depends on various parameters
that are not only based on technical considerations, but
also considers programmatic (cost/ schedule) and
management aspects for mission success (more risk-
based decisions making process). Moreover, several risk
mitigation strategies are available to reach the requested
level of mission safety. That’s why; the set of safety
requirements defining space exploration safety
regulations is not mature yet.
3.2.5 Other parameters to be considered for safety
assessment
Other parameters have to be considered to reach
international consensus regulating space exploration. An
independent study [22] – mandated by Commercial
Space Launch Amendments Act of 2004 – has
addressed in particular the standards of safety and
concepts of operation that should guide the regulation
for human space flight. In this frame, it has evaluated
whether the standard of safety should vary by class or
type of vehicle, by purpose of flight, or other
considerations. The main principles considered in the
development of this analysis were:
• Leverage relevant experience (both internal and
external) to characterize the considerations that go
into developing standards,
• Provide an acceptable level of spaceflight
participant, crew, and third party safety/ casualty
Page 6 of 8
 67th International Astronautical Congress (IAC), Guadalajara, Mexico, 26-30 September 2016.
Copyright ©2016 by the International Astronautical Federation (IAF). All rights reserved.
mitigation while minimizing overly complex,
cumbersome, and undefined processes and
standards,
• Allow for the broadest possible ranges of design,
concepts of operations, and flight purposes/ uses,
• Develop the standards in a manner that minimizes
the need for detailed case-by-case analyses.
The feedback from industry on these topics reveals
the following key recommendations:
• Need for preventing the establishment of highly
invasive or cumbersome regulations that would
discourage private risk taking and investment,
• No need to attempt to perform regulation by class, or
type of vehicle, or purpose of flight, due to the
unavailability of sufficient relevant experience &
data. It would only serve to artificially restrict
innovation and unique design approaches,
• Need for providing a path towards evolutionary
improvements in regulation. Using aircraft industry
examples, more rigorous rules and regulations could
be implemented and enforced as the experience base
matures,
• As the human spaceflight industrial base matures,
opportunities exist to refine this proposed
methodology, the related data requests and
documentation, and the regulations. This is
analogous to the pre-FAR era of commercial
aircraft. Another option is to begin to enforce
increasing levels of crew/ mission survival and/ or
apply FAR-type regulations derived from past data.
Mission assurance activities could further augment
these options. These options are submitted to
discussion within Agencies, Safety Association and
industry. For instance, this last option is supported
by IAASS that has proposed to not wait for industry
to get maturation for starting the elaboration a global
safety. Instead IAASS promotes since years the idea
of creating an international space safety institute that
can develop globally space standards [23].
So, these other parameters have still to be discussed
between the different partners (in particular agencies et
industry), in order to converge on a common approach
based on the series of proposals that have emerged.
4. Conclusion
The aviation Safety standard ARP4761 is a valuable
guideline for the elaboration of a Safety Assessment
process for human-rating Space Exploration, in terms of
methods & analysis, as it offers a Safety approach that
enables to reach the requested level of Safety for such a
challenging mission. Nevertheless, when it comes to the
implementation of Safety requirements related to failure
conditions applied to crew transportation and operation
IAC-16-D6.2-D2.9
capabilities, dedicated criteria (quantitative and
qualitative) need to be defined. In this frame, we
observe a clear need for more maturation of the
concepts at this step: several risk mitigation strategies
exist (mixing technical, managerial and programmatic
considerations).
Agencies and industry have started iterating on these
aspects on a collaboration manner, and need to find their
way on how to advance innovative mission concepts,
while being compliant to stringent Certification criteria.
Disclaimer
This article was prepared or accomplished by Aline
Decadi in her personal capacity. The opinions expressed
in this article are the author's own and do not reflect the
view of the European Space Agency.
References
[1] A. Decadi, Develop global safety synergies for long-
range human space exploration, with focus on
launch systems, IAASS, Melbourne, Florida, 18-20
May 2016
[2] NASA NPR 8705 (no revision), Human-Rating
Requirements for Space Systems, NASA Offices of
Safety & Mission Assurance, 19 June 2003
[3] NASA NPR 8705-2B, Human-Rating Requirements
for Space Systems, NASA Offices of Safety &
Mission Assurance, 6 May 2008
[4] NASA NPR 8705-5A, Technical Probabilistic Risk
Assessment (PRA) Procedures for Safety and
Mission Success for NASA Programs and Projects,
7 June 2010
[5] NASA/SP-2011-3421, The Probabilistic Risk
Assessment Procedures Guide for NASA Managers
and Practitioners, second edition, December 2011
[6] M. S. Buchanan, M. K. Saemisch, Enhancing
Human Spaceflight Safety Through Spacecraft
Survivability Engineering, AIAA 2009-6523,
Pasadena, California, 14 - 17 September 2009
[7] Dr. C. H. Shivers, NASA Space Safety Standards
and Procedures for Human Rating Requirements,
2009
[8] ARP4761, Guidelines and Methods for Conducting
the Safety Assessment Process on Civil Airborne
Systems and Equipment, 1996
[9] ARP4754A, Guidelines For Development Of Civil
Aircraft and Systems, 2010
[10] RTCA/DO-254, Design Assurance Guidance for
Airborne Electronic Hardware, 2000
[11] RTCA/DO-178C, Design Assurance Guidance for
Airborne Electronic Software, 2011
[12] US FAR 25.1309-1, 1988
[13] EASA CS-25.1309, 2011
[14] US FAR 23
Page 7 of 8
 67th International Astronautical Congress (IAC), Guadalajara, Mexico, 26-30 September 2016.
Copyright ©2016 by the International Astronautical Federation (IAF). All rights reserved.

[15] EASA CS-23 [21] IAASS-ISSB-S-1700-REV-B, Space Safety

[16] AC 25.1309-1, 1988
[17] AMC 25.1309
[18] Global Exploration Roadmap (GER), August 2013,
www.globalspaceexploration.org
[19] NASA NPR 8715.3C, NASA General Safety
Program Requirements, 12 March 2008
[20] Identification, Control, and Management of Critical
Items Lists, http://llis.nasa.gov/lesson/803
standard for commercial human-rated system, March
2010
[22] Commercial Space Launch Amendments Act of
2004, Analysis of Human Space Flight Safety, 11
November 2008
[23] Joseph N. Pelton, The Vision: An International
Institute for Space Safety, Space Safety Magazine, Fall
2011

IAC-16-D6.2-D2.9 Page 8 of 8

View publication stats