Risk evaluation Risk treatment

1
Risk evaluationRisk treatment
2
Risk Management Process
3
Risk Management Process

• The main elements of the risk management process
  are
• Context identification
• Identify areas of relevance and the background
  and structure of the evaluation. Develop risk
  evaluation criteria, against which risk is to be
  evaluated.
• Risk identification
• Identify what, why and how things can go wrong as
  the basis for further analysis.
• Risk analysis
• For each hazard analyse, evaluate and document
  their consequences.
• Estimate their likelihood /frequency.

4
Risk Management Process

• Risk evaluation
• Combine consequence and likelihood to produce an
  estimated level of risk for each hazard.
• Compare estimated levels of risk agianst
  pre-established criteria.
• This enables risks to be ranked so as to identify
  management priorities.
• If the levels of risk established are low, then
  risks may fall into an acceptable category and
  treatment may not be required.
• Risk treatment
• Accept and monitor low-priority risks.
• Identify options for risk treatment for hazards
  with non acceptable risks.
• Assess alternative treatment options, which
  includes consideration of funding.

5
Risk classification

• When quantitative methods are used to describe
  the severity end frequency of a hazard, it is
  possible to produce a numerical value for the
  associated risk by combining these two values.
• This is however not possible when qualitative
  measures are used.
• In such cases risk can be described by using a
  risk class (risk level, risk factor).
• The use of risk categories is common even where
  numerical values are used for severity and
  frequency of hazards, as this simplifies the
  adoption of standards and guidelines.
• Most standards define a set of risk classes and
  then set out development and design
  techniquesappropriate for each category of risk.

6
Risk classification
Severity of a hazardous event
Frequency / probability of a hazardous event
7
Risk classification - IEC 61508
8
The acceptability of risk -ALARP
ALARP As Low As is Reasonably Practicable
9
The acceptability of risk -ALARP

• IEC 61508 divides level of risk into three
  levels
• Unacceptable
• As Low As is Reasonably Possible (ALARP)
• Acceptable
• The uppermost level represents hazards where the
  risk is so great that it is deemed to be
  intolerable.
• The lowermost level represents hazards where the
  risk is so small that it generally can be
  neglected.
• In between these two levels lies a third level
  where a risk, though not insignificant, may be
  acceptable under certain circumstances.
• The criterion for acceptance of a particular risk
  is based on a decision as to whether it is as low
  as is reasonable practicable (ALARP). This is
  based on the benefits of the system and the cost
  of any further reduction.
• A risk within the ALARP level is never acceptable
  if it easily can be reduced.

10
The acceptability of risk
11
Levels of integrity

• Safety requirements differs widely between
  applications and is related to the risks
  involved.
• One can view the differing safety requirements in
  terms of the level of risk reduction required.
• High-risk systems require far more risk reduction
  compared to low-risk systems.
• A nuclear reactor protection system requires more
  risk reduction than an electric toaster!

12
Levels of integrity

• Differing requirements for safety systems lead to
  the concept of levels of integrity for
  safety-critical
• Safety integrity The likelihood of a
  safety-related system satisfactorily performing
  the required safety functions under all the
  stated conditions within a stated period of time.
  
• Although safety integrity can be expressed
  quantitatively, it is more common to allocate a
  system a safety integrity level.
• Safety integrity levels can be expressed both
  quantitatively, in terms of measures of
  performance , or qualitatively, in terms of
  system characteristics.

13
Levels of integrity

• Various standards classifies safety-critical
  systems into a different number of integrity
  levels.
• IEC 61508 defines 4 different integrity levels,
  where level 1 represents the least critical level
  and level 4 the most critical level. For each
  level
• the standard sets out target failure rates for
  systems operating in continuous mode (failures
  per year) and on demand mode (failures on
  demand).
• the standard also gives guidance on design - and
  development techniques that must be used for each
  level.

14
Allocation of integrity levels
Severity of hazardous event
HW integrity classification
Risk classification
Integrity classification
Systematic integrity classification
SW integrity classification
Frequency of hazardous event
Risk measure of the likelihood , and
consequences of a hazardous
event. Safety integrity measure of the
likelihood of the safety system correctly
performing its tasks.
15
Achievable levels of integrity?

• When developing critical systems, one must both
• Achieve a high level of integrity
• Demonstrate that this has been done
• Unfortunately, the latter often proves to be
  difficult, and perhaps even impossible, for
  critical systems.
• Possible requirements can be less than 1
  failure pr 1000 years, 10 000 years or 100 000
  years of operation. At present we know of no
  method of testing a system to demonstrate this
  level of performance. Is it possible to
  demonstrate this
• At present we know of no method of testing a
  system to demonstrate this level of performance.
• Instead, requirements to which activities that
  must be performed are listed.

16
Risk treatment

• Possible options for risk treatment
• Avoid the risk by deciding not to proceed with
  the activity likely to generate risk (where this
  is practicable).
• Reduce the likelihood of the occurrence
• Reduce the consequences
• Transfer the risk
• Retain the risk

17
Exercises

• Chapter 4 7, 9, 14, 17, 20, 21, 23