Part 3: Governance, Risk, and Compliance
This article is part of a 3-part series on privatization of government processes.
Since the successful manned SpaceX launch in May, NASA has repeatedly made clear their intention to use commercial resources for space flight programs moving forward. On Friday, for instance, NASA administrator Jim Bridenstein announced the release of a new Request for Information (RFI) for commercial suborbital spacecraft.
In our previous articles, we explained how the SpaceX launch and NASA Commercial Crew Program demonstrate the need for case management solutions like contract management and Freedom of Information Act (FOIA) request management software. However, the increased risk of commercial involvement also means that NASA will require robust governance, risk, and compliance software solutions to perform inspections, audits, and investigations.
According to Stephanie Balaouras, Vice President of Security and Risk Research at Forrester, “Third-party risk is one of the biggest risks facing enterprises today. When one of these partners mismanages your customers’ private data or suffers a cyberattack or undermines your products’ quality or safety . . . it’s your company that owns the legal and regulatory risk.” This assessment also applies to government agencies, especially as their relationships with commercial entities increase.
Commercial employees may not be held to the same standards of government employees, presenting risk to NASA programs and goals. This disparity was recently highlighted when video footage surfaced of Elon Musk, founder and CEO of SpaceX, smoking cannabis. The incident prompted NASA Administrator Jim Bridenstine to launch a performance and safety review of SpaceX and Boeing to examine “everything and anything that could impact safety” prior to manned flights.
In a statement, NASA Aerospace Safety Advisory Panel (ASAP) Chair Patricia Sanders said that “NASA should expect both providers to exhibit a safety culture appropriate for human space flight.” But it is not enough to demand that companies adhere to such terms—NASA must clearly outline safety requirements in commercial contracts, and employ state-of-the-art technology to enforce these rules. Unlike internal reviews, auditing separate commercial entities involves more parties, more coordination, and more documentation, and therefore exemplifies a greater need for audit tracking and management software like eCase Audit.
Within the eCase Audit and eCase Investigations solution architecture, every process and action is automatically monitored and tracked within the system. Agencies no longer have to worry about the liability and bottleneck risks associated with retaining duplicate files within email and other siloed systems. The process is standardized to follow federal procedures outlined in the Generally Accepted Government Auditing Standards (GAGAS) Yellow Book. Additionally, the software solution is secure, available as SaaS through our FedRAMP-certified data center, AWS, Microsoft Azure, and on-premises.
NASA’s safety review of SpaceX and Boeing, conducted last year, ultimately gave the green light to a successful manned SpaceX launch. As similar reviews become standard procedure, NASA and other agencies can look to eCase to ensure that the reviews, as well as other audits, investigations, and inspections, are managed and tracked securely.