DETERMINATION OF RISK, RISK CLASSIFICATION · 23/04/2018 The Acceptability of Risk 40 Safety Risk -...
Transcript of DETERMINATION OF RISK, RISK CLASSIFICATION · 23/04/2018 The Acceptability of Risk 40 Safety Risk -...
DETERMINATION OF RISK,
RISK CLASSIFICATION
Lecture 8.
23/04/2018 The Acceptability of Risk 40
Safety Risk - Reminder
• The significance of a hazardous effect in an application is called „safety risk”.
• Safety risk is the combination of the :
• (predicted) frequency or probability,
• and the severity of the consequences or outcomes of
• a hazard.
• The safety risk can be influenced by other risk parameters.
• The risk can be determined by:
• quantitatively,
• or risk classification/qualitatively.
Severity
Frequency
Risk
23/04/2018 The Acceptability of Risk 41
Summary of Basic Risks
23/04/2018 The Acceptability of Risk 42
Summary of Basic Risks
23/04/2018 The Acceptability of Risk 43
Quantitive Risk Determination, Example - 1
• Failure of a particular component is likely to result in an explosion that could kill 100
people. It is estimated, that this component will fail once in every 10 000 years.
• What is the risk associated with this component?
• 𝑅𝑖𝑠𝑘 = 𝑠𝑒𝑣𝑒𝑟𝑖𝑡𝑦 𝑥 𝑓𝑟𝑒𝑞𝑢𝑒𝑛𝑐𝑦
• 𝑅𝑖𝑠𝑘 = 100 𝑑𝑒𝑎𝑡ℎ𝑠 𝑥 0.00011
𝑦𝑒𝑎𝑟
• 𝑅𝑖𝑠𝑘 = 0.01𝑑𝑒𝑎𝑡ℎ
𝑦𝑒𝑎𝑟
23/04/2018 The Acceptability of Risk 44
Quantitive Risk Determination, Example - 2
• In a country with a population of 50 000 000, approximately 25 people are killed each
year by lightning. What is the risk associated with death from this cause?
• The fraction of the population killed per year is 25/50 000 000= 5x10-7.
• The associated risk may be expressed by saying that each individual has a probability of
5x10-7 of being killed by lightning in any given year in the given country.
• Alternatively we could say that the population as a whole is exposed to a risk of 5x10-7
deaths per person-year.
23/04/2018 The Acceptability of Risk 45
Damage, Injuries
• transport is a hazardous facility, it endangers thesafety of:
• persons,
• objects,
• environment.
• 𝑣𝑖𝑐𝑡𝑖𝑚𝑠 = 𝑑𝑒𝑎𝑡ℎ𝑠 + 0.1 𝑥 𝑠𝑒𝑟𝑖𝑜𝑢𝑠 𝑖𝑛𝑗𝑢𝑟𝑖𝑒𝑠 +0.01 𝑥 𝑚𝑖𝑛𝑜𝑟 𝑖𝑛𝑗𝑢𝑟𝑖𝑒𝑠
• 1 𝑣𝑖𝑐𝑡𝑖𝑚 = 1 𝑑𝑒𝑎𝑡ℎ = 10 𝑠𝑒𝑟𝑖𝑜𝑢𝑠 𝑖𝑛𝑗𝑢𝑟𝑖𝑒𝑠 == 100 𝑚𝑖𝑛𝑜𝑟 𝑖𝑛𝑗𝑢𝑟𝑖𝑒𝑠
• eg. from an accident insurrance:
23/04/2018 The Acceptability of Risk 46
Individual Risk
• Example:
• rockfall in a railway section once in 10 years,
• there are 100 trains in a year,
• a train passes trought this hazardous section under 4 sec.
person
death
day
year
trip
tripevent
year
dayyear
eventDaHRRi iii 1
sec606024
100sec
4
36510
1
yearperson
deathRii
6102,1• HRi = hazard rate
• Dai = damage
23/04/2018 The Acceptability of Risk 47
Collective Risk
• the sum of the individual risks
• Eg.
• in a train, there are 650 passengers:
year
deathRi
yearperson
deathpersonRiRi
o
io
4108,7
6102,1650
23/04/2018 The Acceptability of Risk 48
Connection between RAMS Components
• D Danger
• H Hazard
• HR Hazard Rate
• Da Damage
• Ri Risk
• S Safety
• R Reliability
• A Availability
• M Maintainibility
• µ Repair Rate
• λ Failure Rate
• t Time
• P Probability
• Riunuzul Unacceptable Risk
Risk Classification
23/04/2018 The Acceptability of Risk 50
Risk Classification
• In such cases severity and frequency data must be combined in less mechanical way
(severity x frequency).
• The result of this process is a risk classification of the risk associated with a particular
hazard.
• This classification is sometimes called a risk class, a risk level or a risk factor.
• Used and categorized parameters could be:
• severity,
• frequency,
• controllability etc…
23/04/2018 The Acceptability of Risk 51
Consequence Categories – Severity, Examples, EN 50126
CENELEC EN 50126-1:2017, Railway applications - The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS) - Part 1: Generic RAMS process
23/04/2018 The Acceptability of Risk 52
Consequence Categories – Severity, Examples, EN 50126
23/04/2018 The Acceptability of Risk 53
Consequence Categories – Severity, Examples, EN 50126
23/04/2018 The Acceptability of Risk 54
Consequence Categories – Severity, Examples, EN 50126
23/04/2018 The Acceptability of Risk 55
Consequence Categories – Severity, Examples
Software Testing & Analysis (F22ST3) Safety-Critical Systems Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh
23/04/2018 The Acceptability of Risk 56
Frequency Categories – Examples, EN 50126
23/04/2018 The Acceptability of Risk 57
Frequency Categories – Examples, EN 50126
23/04/2018 The Acceptability of Risk 58
Frequency Categories – Examples
Software Testing & Analysis (F22ST3) Safety-Critical Systems Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh
23/04/2018 The Acceptability of Risk 59
Risk Acceptance Categories – Examples, EN 50126
23/04/2018 The Acceptability of Risk 60
Risk Classification – Examples, EN 50126
23/04/2018 The Acceptability of Risk 61
Risk Classification – Examples
Software Testing & Analysis (F22ST3) Safety-Critical Systems Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh
23/04/2018 The Acceptability of Risk 62
Risk Classification – Examples
23/04/2018 The Acceptability of Risk 63
Severity Categories
(Vehicle Industry, AAAM, ISO 26262)
• AIS 0: no injury
• AIS 1: minor injury (skin damage, muscle pain…)
• AIS 2: moderate injury (deeper cutting damage, less, than 12 hours of loss of
consciousness)
• AIS 3: serious injury (bone fracture [not skull], joint injury…)
• AIS 4: severe injury with probable survival (severe bone injury, less, than 12 hours of
loss of consciousness)
• AIS 5: critical injury, life-threatening injury with uncertain possibility to survive (more,
than 12 hours of loss of consciousness, internal bleeding…)
• AIS 6: maximum injury, fatal injury, death
23/04/2018 The Acceptability of Risk 64
Severity Categories – ISO 26262
AIS
23/04/2018 The Acceptability of Risk 65
Severity Classsification – Examples, ISO 26262
• S0: bumps with roadside infrastructure/damage entering or exiting parking space,
• S1: side impact with a narrow stationary object, eg. crashing into a tree with very low
speed/collision with minimal vehicle overlap (10% to 20%),
• S2: side collision with a passenger car (eg. intrudes upon passenger compartment) with
very low speed/pedestrian or bicycle accident while turning (city intersection and
streets),
• S3: side impact with a narrow stationary object, eg. crashing into a tree with medium
speed/ reaor or front collision with another passenger car with medium speed
23/04/2018 The Acceptability of Risk 66
Frequency – ISO 26262
• Categories: E0, E1, E2, E3, E4
• E0 is assigned to situations which, altough identified during a hazard and risk analysis,
are considered to be unusual or incredible
• eg. a vehicle involved in an accident which includes an aeroplane landing on highway
• remaining levels (E1, E2, E3, E4) are assigned for situations that can become hazardous
depending either the duration of a situation (temporal overlap) or the frequency of
occurrence of a situation
23/04/2018 The Acceptability of Risk 67
Frequency Categories – ISO 26262
• based on the duration:
• based on the frequency:
23/04/2018 The Acceptability of Risk 68
Controllability – ISO 26262
• ability to avoid a specified harm or damage through the timely reactions of the persons
involved, possibly with support from external measures
• persons involved can be include the driver, passengers or persons in the vicinity of the vehicle’s
exterior,
• external measure: measure, that is separate an distinct from the item which reduces or mitigates the
risk
23/04/2018 The Acceptability of Risk 69
Controllability and Hazardous Events – Examples, ISO
26262
• C0 (everybody): unexpected radio volume increase – maintain intended driving path,
• C1 (99%+): faulty adjustment of seat position while driving – brake to slow/stop
vehicle,
• C2 (90%+): failure of ABS during emergency breaking - maintain intended driving path,
• C3 (90%-): failure of brakes - maintain intended driving path, stay in lane.
23/04/2018 The Acceptability of Risk 70
Risk Classification – ISO 26262
risk categories:
negligible (QM – quality
managemenet needed),
A (very low probability) –
D (high, having resonable
possibility)
23/04/2018 The Acceptability of Risk 71
Risk Graph – General Scheme (IEC 61508)
23/04/2018 The Acceptability of Risk 72
Risk Graph – General Scheme (IEC 61508)
23/04/2018 The Acceptability of Risk 73
Risk Graph – General Scheme (IEC 61508)
23/04/2018 The Acceptability of Risk 74
Risk Graph - Example
Door Closing System – Inadvertent Operation
C1
C2
F2
P1
P2
P1
P2
F1
F2
C3
C4
F1
–
–
1
2
3
4
5
6 7
6
5
4
3
2
1
–
7
8
6
5
4
3
2
1
W3 W2 W1 Risk parameter Classification
Consequence(Severity)
C1 Minor injury
C2Serious permanent injury to one or more persons;death to one person
C3 Death to several peopleC4 Very many people killed
Frequency of, andexposure time in, the hazardous zone.
F1 Rare to more often exposure in the hazardous zone
F2 Frequent to permanent exposure in the hazardous zone
Possibility of avoidingthe hazardous event.
P1 Possible under certain conditions
P2 Almost impossible
Probability of the unwantedoccurrence.
W1A very slight probability that the unwanted occurrenceswill come to pass and only a few unwanted occurrences are likely
W2A slight probability that the unwanted occurrences will come to pass and few unwanted occurrences are likely
W3A relatively high probability that the unwanted occurrences will come to pass and frequent unwanted occurrences are likely
23/04/2018 The Acceptability of Risk 75
Risk Graph - Example
Door Closing System – Inadvertent Operation
C1
C2
F2
P1
P2
P1
P2
F1
F2
C3
C4
F1
–
–
1
2
3
4
5
6 7
6
5
4
3
2
1
–
7
8
6
5
4
3
2
1
W3 W2 W1 Risk parameter Classification
Consequence(Severity)
C1 Minor injury
C2Serious permanent injury to one or more persons;death to one person
C3 Death to several peopleC4 Very many people killed
Frequency of, andexposure time in, the hazardous zone.
F1 Rare to more often exposure in the hazardous zone
F2 Frequent to permanent exposure in the hazardous zone
Possibility of avoidingthe hazardous event.
P1 Possible under certain conditions
P2 Almost impossible
Probability of the unwantedoccurrence.
W1A very slight probability that the unwanted occurrenceswill come to pass and only a few unwanted occurrences are likely
W2A slight probability that the unwanted occurrences will come to pass and few unwanted occurrences are likely
W3A relatively high probability that the unwanted occurrences will come to pass and frequent unwanted occurrences are likely
23/04/2018 The Acceptability of Risk 76
Risk Graph - Example
Door Closing System – Inadvertent Operation
C1
C2
F2
P1
P2
P1
P2
F1
F2
C3
C4
F1
–
–
1
2
3
4
5
6 7
6
5
4
3
2
1
–
7
8
6
5
4
3
2
1
W3 W2 W1 Risk parameter Classification
Consequence(Severity)
C1 Minor injury
C2Serious permanent injury to one or more persons;death to one person
C3 Death to several peopleC4 Very many people killed
Frequency of, andexposure time in, the hazardous zone.
F1 Rare to more often exposure in the hazardous zone
F2 Frequent to permanent exposure in the hazardous zone
Possibility of avoidingthe hazardous event.
P1 Possible under certain conditions
P2 Almost impossible
Probability of the unwantedoccurrence.
W1A very slight probability that the unwanted occurrenceswill come to pass and only a few unwanted occurrences are likely
W2A slight probability that the unwanted occurrences will come to pass and few unwanted occurrences are likely
W3A relatively high probability that the unwanted occurrences will come to pass and frequent unwanted occurrences are likely
23/04/2018 The Acceptability of Risk 77
Risk Graph - Example
Door Closing System – Inadvertent Operation
C1
C2
F2
P1
P2
P1
P2
F1
F2
C3
C4
F1
–
–
1
2
3
4
5
6 7
6
5
4
3
2
1
–
7
8
6
5
4
3
2
1
W3 W2 W1 Risk parameter Classification
Consequence(Severity)
C1 Minor injury
C2Serious permanent injury to one or more persons;death to one person
C3 Death to several peopleC4 Very many people killed
Frequency of, andexposure time in, the hazardous zone.
F1 Rare to more often exposure in the hazardous zone
F2 Frequent to permanent exposure in the hazardous zone
Possibility of avoidingthe hazardous event.
P1 Possible under certain conditions
P2 Almost impossible
Probability of the unwantedoccurrence.
W1A very slight probability that the unwanted occurrenceswill come to pass and only a few unwanted occurrences are likely
W2A slight probability that the unwanted occurrences will come to pass and few unwanted occurrences are likely
W3A relatively high probability that the unwanted occurrences will come to pass and frequent unwanted occurrences are likely
23/04/2018 The Acceptability of Risk 78
Risk Graph - Example
Door Closing System – Inadvertent Operation
C1
C2
F2
P1
P2
P1
P2
F1
F2
C3
C4
F1
–
–
1
2
3
4
5
6 7
6
5
4
3
2
1
–
7
8
6
5
4
3
2
1
W3 W2 W1 Risk parameter Classification
Consequence(Severity)
C1 Minor injury
C2Serious permanent injury to one or more persons;death to one person
C3 Death to several peopleC4 Very many people killed
Frequency of, andexposure time in, the hazardous zone.
F1 Rare to more often exposure in the hazardous zone
F2 Frequent to permanent exposure in the hazardous zone
Possibility of avoidingthe hazardous event.
P1 Possible under certain conditions
P2 Almost impossible
Probability of the unwantedoccurrence.
W1A very slight probability that the unwanted occurrenceswill come to pass and only a few unwanted occurrences are likely
W2A slight probability that the unwanted occurrences will come to pass and few unwanted occurrences are likely
W3A relatively high probability that the unwanted occurrences will come to pass and frequent unwanted occurrences are likely
23/04/2018 The Acceptability of Risk 79
Example – Vehicle Industry
• the car is stopped on a ramp:
• hill start assist is not working:
• red light, in a ramp,
• parking on a slope,
• etc…
23/04/2018 The Acceptability of Risk 80
Severity, Frequency
• S0: no injuries,
• S1: light to moderate injuries,
• S2: severe to life-threatening (survival
probable) injuries,
• S3: life-threatening (survival uncertain) to
fatal injuries.
• E0: incredibly unlikely,
• E1: not specified, more, than once a
year,
• E2: <1% of average operating time,
sometimes in a year,
• E3: 1% to 10% of average operating
time, sometimes in a month,
• E4: >10% of average operating time
(often).
23/04/2018 The Acceptability of Risk 81
Severity, Frequency
• S0: no injuries,
• S1: light to moderate injuries,
• S2: severe to life-threatening (survival
probable) injuries,
• S3: life-threatening (survival uncertain) to
fatal injuries.
• E0: incredibly unlikely,
• E1: not specified, more, than once a
year,
• E2: <1% of average operating time,
sometimes in a year,
• E3: 1% to 10% of average operating
time, sometimes in a month,
• E4: >10% of average operating time
(often).
23/04/2018 The Acceptability of Risk 82
Severity, Frequency
• S0: no injuries,
• S1: light to moderate injuries,
• S2: severe to life-threatening (survival
probable) injuries,
• S3: life-threatening (survival uncertain) to
fatal injuries.
• E0: incredibly unlikely,
• E1: not specified, more, than once a
year,
• E2: <1% of average operating time,
sometimes in a year,
• E3: 1% to 10% of average operating
time, sometimes in a month,
• E4: >10% of average operating time
(often).
23/04/2018 The Acceptability of Risk 83
Controllability
• C0: controllable in general,
• C1: 99% or more of all drivers or other traffic participants are usually able to avoid
harm,
• C2: 90% or more of all drivers or other traffic participants are usually able to avoid
harm,
• C3: less than 90% of all drivers or other traffic participants are usually able, or barely
able to avoid harm.
23/04/2018 The Acceptability of Risk 84
Controllability
• C0: controllable in general,
• C1: 99% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C2: 90% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C3: less than 90% of all drivers or
other traffic participants are usually
able, or barely able to avoid harm.
• Question:
• Is there a driver in the car?
23/04/2018 The Acceptability of Risk 85
Controllability
• With a driver:
• C0: controllable in general,
• C1: 99% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C2: 90% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C3: less than 90% of all drivers or
other traffic participants are usually
able, or barely able to avoid harm.
• Without a driver:
• C0: controllable in general,
• C1: 99% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C2: 90% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C3: less than 90% of all drivers or
other traffic participants are usually
able, or barely able to avoid harm.
23/04/2018 The Acceptability of Risk 86
Controllability
• With a driver:
• C0: controllable in general,
• C1: 99% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C2: 90% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C3: less than 90% of all drivers or
other traffic participants are usually
able, or barely able to avoid harm.
• Without a driver:
• C0: controllable in general,
• C1: 99% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C2: 90% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C3: less than 90% of all drivers or
other traffic participants are usually
able, or barely able to avoid harm.
23/04/2018 The Acceptability of Risk 87
Controllability
• With a driver:
• C0: controllable in general,
• C1: 99% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C2: 90% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C3: less than 90% of all drivers or
other traffic participants are usually
able, or barely able to avoid harm.
• Without a driver:
• C0: controllable in general,
• C1: 99% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C2: 90% or more of all drivers or
other traffic participants are usually
able to avoid harm,
• C3: less than 90% of all drivers or
other traffic participants are usually
able, or barely able to avoid harm.
23/04/2018 The Acceptability of Risk 88
Classification
23/04/2018 The Acceptability of Risk 89
Classification
23/04/2018 The Acceptability of Risk 90
Classification
23/04/2018 The Acceptability of Risk 91
Classification
without
driver
with driver
End of Lecture 8.
Thank you for your attention!