default logo
TC 56



Risk assessment standards


The following documents are an extract of the dependability standards pertaining to risk. IEC 31010 refers to a number of risk techniques, some of which have dependability standards – see section R2 below. Other risk techniques within IEC 31010 are shown in section R3 below

R1.  Risk standards


IEC 31010:2019


Risk management – Risk assessment techniques

IEC 31010:2019 is published as a double logo standard with ISO and provides guidance on the selection and application of techniques for assessing risk in a wide range of situations. The techniques are used to assist in making decisions where there is uncertainty, to provide information about particular risks and as part of a process for managing risk. The document provides summaries of a range of techniques, with references to other documents where the techniques are described in more detail.

Keywords: uncertainty, risk management

IEC 62198:2013


Managing risk in projects – Application guidelines

Applicable to any project with a technological content. Provides a general introduction to project risk management, its subprocesses and influencing factors. Guidelines are provided on the organizational requirements for implementing the process of risk management appropriate to the various phases of a project

Go to top

R2.  Risk techniques within IEC 31010 with dependability standards


IEC 60812:2018


Failure modes and effects analysis (FMEA and FMECA)

IEC 60812:2018 explains how failure modes and effects analysis (FMEA), including the failure modes, effects and criticality analysis (FMECA) variant, is planned, performed, documented and maintained. The purpose of FMEA is to establish how items or processes might fail to perform their function so that appropriate treatments can be identified. An FMEA provides a systematic method for identifying modes of failure together with their effects, both locally and globally. The technique may also include identifying the causes of failure modes. Failure modes can be prioritized to support decisions about treatment. The FMEA for different applications is described.

Keywords: failure modes and effects analysis (FMEA), failure modes effects and criticality analysis (FMECA)

IEC 61882:2016


Hazard and operability studies (HAZOP studies) – Application guide

Provides a guide for HAZOP studies of systems using guide words. It gives guidance on application of the technique and on the HAZOP study procedure, including definition, preparation, examination sessions and resulting documentation and follow-up. Documentation examples, as well as a broad set of examples encompassing various applications, illustrating HAZOP studies are also provided.

IEC 62502:2010


Analysis techniques for dependability – Event tree analysis (ETA)

Specifies the consolidated basic principles of event tree analysis (ETA) and provides guidance on modelling the consequences of an initiating event as well as analysing these consequences qualitatively and quantitatively in the context of dependability and risk related measures

IEC 61025:2006
Ed 3.0 in progress


Fault tree analysis (FTA)

Fault Tree analysis is concerned with the identification and analysis of events and conditions that cause or may potentially cause a defined top event. This event is usually a failure or degradation of system performance or safety or other important attribute of the system The standard defines symbols and terminology, describes how to construct a fault tree, and how to carry out qualitative and quantitative analysis.

IEC 62740:2015


Root cause analysis (RCA)

Describes the basic principles of root cause analysis (RCA), specifies the steps that a process for RCA should include and describes a range of techniques for identifying root causes. The standard describes each RCA technique together with its strengths and weaknesses and identifies a number of attributes which assists with the selection of an appropriate technique in particular circumstances. Causes can relate to design processes and techniques, organizational characteristics, human aspects and external events. RCA can be used for investigating the causes of non-conformances in quality (and other) management systems as well as for failure analysis, for example in maintenance or equipment testing.

IEC 62508:2010


Guidance on human aspects of dependability

IEC 62508:2010 provides guidance on the human aspects of dependability, and the human-centred design methods and practices that can be used throughout the whole system life cycle to improve dependability performance. This standard describes qualitative approaches.

IEC 61165:2006


Application of Markov techniques

This international standard provides guidance on the application of Markov techniques to model and analyze a system and estimate reliability, availability, maintainability and safety measures. This standard is applicable to all industries where systems, which exhibit state-dependent behaviour, have to be analyzed. The Markov techniques covered by this standard assume constant time-independent state transition rates. Such techniques are often called homogeneous Markov techniques.

IEC 60300-3-11:2009


Dependability management – Part 3-11: Application guide – Reliability centred maintenance

Provides guidelines for the development of an initial preventive maintenance programme for equipment and structures using reliability centred maintenance (RCM) analysis techniques. RCM analysis can be applied to items such as ground vehicle, ship, power station, aircraft, etc, which are made up of equipment and structure, e.g. a building, airframe or ship’s hull. Typically an equipment comprises a number of electrical , mechanical, instrumentation or control systems and subsystems which can be further broken down into progressively smaller groupings, as required.

Keywords: Reliability, management, quality assurance systems, maintenance, terotechnology, research methods, quality, quality management, availability, safety, analysis, failure.

Go to top

R3.  Other risk techniques within IEC31010





Brainstorming is a process used to stimulate and encourage a group of people to develop ideas related to one of more topics of any nature. The term “brainstorming” is often used very loosely to mean any type of group discussion, but effective brainstorming requires a conscious effort to ensure that the thoughts of others in the group are used as tools to stimulate the creativity of each participant. Any analysis or critique of the ideas is carried out separately from the brainstorming.



Delphi technique

The Delphi technique is a procedure to gain consensus of opinion from a group of experts. It is a method to collect and collate judgments on a particular topic through a set of sequential questionnaires. An essential feature of the Delphi technique is that experts express their opinions individually, independently and anonymously while having access to the other experts’ views as the process progresses.



Nominal group technique

The nominal group technique, like brainstorming, aims to collect ideas. Views are first sought individually with no interaction between group members, then are discussed by the group. Members then vote privately on the ideas and a group decision is them made



Structured or semi-structured interviews

In a structured interview, individual interviewees are asked a set of prepared questions. A semi-structured interview is similar, but allows more freedom for a conversation to explore issues which arise. In a semi-structured interview opportunity is explicitly provided to explore areas which the interviewee might wish to cover.




Surveys generally engage more people than interviews and usually ask more restricted questions. Typically, a survey will involve a computer- or paper-based questionnaire. Questions often offer yes/no answers, choices from a rating scale or choices from a range of options. This allows statistical analysis of the results, which is a feature of such methods. Some questions with free answers can be included, but their number should be limited because of analysis difficulties.



Checklists, classifications and taxonomies

Checklists are used during risk assessment in various ways such as to assist in understanding the context, in identifying risk and in grouping risks for various purposes during analysis. They are also used when managing risk, for example to classify controls and treatments, to define accountabilities and responsibilities, or to report and communicate risk.



Scenario analysis

Scenario analysis is a name given to a range of techniques that involve developing models of how the future might turn out. In general terms, it consists of defining a plausible scenario and working through what might happen given various possible future developments. Scenario analysis involves defining in some detail the scenario under consideration and exploring the implication of the scenario and the associated risk



Structured what if technique (SWIFT)

SWIFT is a high-level risk identification technique that can be used independently, or as part of a staged approach to make bottom-up methods such as HAZOP or FMEA more efficient. SWIFT uses structured brainstorming (B.1.2) in a facilitated workshop where a predetermined set of guidewords (timing, amount, etc.) are combined with prompts elicited from participants that often begin with phrases such as “what if?” or “how could?”. It is similar to HAZOP but applied at a system or subsystem rather than on the designer’s intent.



Cindynic approach

Cindynics literally means the science of danger. The cindynic approach identifies intangible risk sources and drivers that might give rise to many different consequences. In particular, it identifies and analyses inconsistencies, ambiguities, omissions, ignorance (termed deficits), and divergences between stakeholders (termed dissonances).



Ishikawa analysis (fishbone) method

Ishikawa analysis uses a team approach to identify possible causes of any desirable or undesirable event, effect, issue or situation. The possible contributory factors are organized into broad categories to cover human, technical and organizational causes. The information is depicted in a fishbone (also called Ishikawa) diagram.



Bow tie analysis

A bow tie is a graphical depiction of pathways from the causes of an event to its consequences. It shows the controls that modify the likelihood of the event and those that modify the consequences if the event occurs. It can be considered as a simplified representation of a fault tree or success tree (analysing the cause of an event) and an event tree (analysing the consequences). Bow tie diagrams can be constructed starting from fault and event trees, but are more often drawn directly by a team in a workshop scenario.



Hazard analysis and critical control points (HACCP)

Hazard analysis and critical control points (HACCP) was developed to ensure food safety for the NASA space program but can be used for non-food processes or activities. The technique provides a structure for identifying sources of risk (hazards or threats) and putting controls in place at all relevant parts of a process to protect against them. HACCP is used at operational levels although its results can support the overall strategy of an organization. HACCP aims to ensure that risks are minimized by monitoring and by controls throughout a process rather than through inspection at the end of the process.



Layers of protection analysis (LOPA)

LOPA analyses the reduction in risk that is achieved by set of controls. It can be considered as a particular case of an event tree (B.5.6) and is sometimes carried out as a follow up to a HAZOP study



Bayesian analysis

It is common to encounter problems where there is both data and subjective information. Bayesian analysis enables both types of information to be used in making decisions. Bayesian analysis is based on a theorem attributed to Reverend Thomas Bayes (1760). At its simplest, Bayes’ theorem provides a probabilistic basis for changing one’s opinion in the light of new evidence.



Bayesian networks and influence diagrams

A Bayesian network (Bayes’ net or BN) is a graphical model whose nodes represent the random variables (discrete and/or continuous) (Figure B.3). The nodes are connected by directed arcs that represent direct dependencies (which are often causal connections) between variables.



Business impact analysis (BIA)

Business impact analysis analyses how incidents and events could affect an organization’s operations, and identifies and quantifies the capabilities that would be needed to manage it.



Cause-consequence analysis (CCA)

In some circumstances an event that could be analysed by a fault tree is better addressed by CCA. For example:(i) if it is easier to develop event sequences than causal relationships; (ii) if the FTA might become very large;(iii) if there are separate teams dealing with different parts of the analysis.
In practice it is often not the top event that is defined first but potential events at the interface between the functional and technical domain.



Monte Carlo simulation

Some calculations carried out when analysing risk involve distributions. However, performing calculations with distributions is not easy as it is often not possible to derive analytical solutions unless the distributions have well-specified shapes, and then only with restrictions and assumptions that might not be realistic. In these circumstances, techniques such as Monte Carlo simulation provide a way of undertaking the calculations and developing results. Simulation usually involves taking random sample values from each of the input distributions, performing calculations to derive a result value, and then repeating the process through a series of iterations to build up a distribution of the results. The result can be given as a probability distribution of the value or some statistic such as the mean value.



Privacy impact analysis (PIA) / data protection impact analysis (DPIA)

Privacy impact analysis (PIA) (also called privacy impact assessment) and data protection impact analysis (DPIA) methods analyse how incidents and events could affect a person’s privacy (PI) and identify and quantify the capabilities that would be needed to manage it. A PIA/DPIA is a process for evaluating a proposal to identify the potential effects on individuals’ privacy and personal data.



Causal mapping

Causal mapping captures individual perceptions in the form of chains of argument into a directed graph amenable for examination and analysis. Events, causes and consequences can be depicted in the map. It identifies links and interactions between risks and themes within a list of risks and can be used to develop a causal map for an event that has occurred or proactively to capture a comprehensive and systemic appreciation of event scenarios



Cross impact analysis

Cross impact analysis is the general name given to a family of techniques designed to evaluate changes in the probability of the occurrence of a given set of events consequent on the actual occurrence of one of them.



Toxicological risk assessment

Risk assessment in the context of risks to plants, animals, ecological domains, and humans as a result of exposure to a range of environmental hazards involves the following steps. Risks to plants, animals, ecological domains, and humans can be due to physical, chemical and/or biological agents resulting in damage to DNA, birth defects, spread of disease, contamination of food chains and contamination of water



Value at risk (VaR)

Value at risk (VaR) is used widely in the financial sector to provide an indicator of the amount of possible loss in a portfolio of financial assets over a specific time period within a given confidence level. Losses greater than the VaR are suffered only with a specified small probability.



Conditional value at risk (CVaR) or expected shortfall (ES)

Conditional value at risk (CVaR), also called expected shortfall (ES), is a measure of the expected loss from a financial portfolio in the worst a % of cases. This is a similar measure to VaR, but it is more sensitive to the shape of the lower (loss) tail of the portfolio value distribution. CVaR(a) is the expected loss from those losses that only occur a certain percentage of the time.



As low as reasonably practicable (ALARP) and so far as is reasonably practicable (SFAIRP)

ALARP and SFAIRP are acronyms that embody the principle of “reasonably practicable”. They represent criteria where the test for acceptability or tolerability of a risk is whether it is reasonably practicable to do more to reduce risk. ALARP generally requires that the level of risk is reduced to as low as reasonably practicable. SFAIRP generally requires that safety is ensured so far as is reasonably practicable. Reasonably practicable has been defined in legislation or in case law in some countries



Frequency-number (F-N) diagrams

An F-N diagram is a special case of a quantitative consequence/likelihood matrix. In this application the X axis represents the cumulative number of fatalities and the Y axis the frequency with which they occur. Both scales are logarithmic to fit with typical data. The risk criteria are generally displayed as straight lines on the graph where the higher the slope of the line, the higher the aversion to a higher number of fatalities compared to a lower number.



Pareto charts

A Pareto chart is a tool for selecting a limited number of tasks that will produce significant overall effect. It uses the Pareto principle (also known as the 80/20 rule), which is the idea that 80 % of problems are produced by 20 % of causes, or that by doing 20 % of the work one can generate 80 % of the benefit



Risk indices

Risk indices provide a measure of risk which is derived using a scoring approach and ordinal scales. Factors which are believed to influence the magnitude of risk are identified, scored and combined using an equation that attempts to represent the relationship between them. In the simplest formulations, factors that increase the level of risk are multiplied together and divided by those that decrease the level of risk. Where possible the scales and the way they are combined are based on evidence and data.



Cost/benefit analysis (CBA)

Cost/benefit analysis weighs the total expected costs of options in monetary terms against their total expected benefits in order to choose the most effective or the most profitable option. It can be qualitative or quantitative, or involve a combination of quantitative and qualitative elements, and can be applied at any level of an organization.



Decision tree analysis

A decision tree models the possible pathways that follow from an initial decision that must be made (for example, whether to proceed with Project A or Project B). As the two hypothetical projects proceed, a range of events might occur and different predictable decisions will need to be made. These are represented in tree format, similar to an event tree. The probability of the events can be estimated together with the expected value or utility of the final outcome of each pathway.



Game theory

Game theory is a means to model the consequences of different possible decisions given a number of possible future situations. The future situations can be determined by a different decision maker (e.g. a competitor) or by an external event, such as success or failure of a technology or a test. For example, assume the task is to determine the price of a product taking into account the different decisions that could be made by different decision makers (called players) at different times. The pay-off for each player involved in the game, relevant to the time period concerned, can be calculated and the strategy with the optimum payoff for each player selected. Game theory can also be used to determine the value of information about the other player or the different possible outcomes (e.g. success of a technology). There are different types of games, for example cooperative/non–cooperative, symmetric/asymmetric, zero-sum/non-zero-sum, simultaneous/sequential, perfect information and imperfect information, combinatorial games, stochastic outcomes.



Multi-criteria analysis (MCA)

MCA uses a range of criteria to transparently assess and compare the overall performance of a set of options. In general, the goal is to produce an order of preference for a set of options. The analysis involves the development of a matrix of options and criteria which are ranked and aggregated to provide an overall score for each option. These techniques are also known as multi-attribute (or multiple attribute) or multi-objective decision making. There are many variants of this technique, with many software applications to support them.



Risk registers

A risk register brings together information about risks and their treatment to inform those exposed to risks and those who have responsibility for their management. It can be in paper or data base format and generally includes (i)a short description of the risk (e.g. a name, the consequences and sequence of events leading to consequences, etc.); (ii) a statement about the likelihood of consequences occurring; (iii) sources or causes of the risk; (iv) what is currently being done to control the risk. It can also include a list of further actions required.



Consequence/likelihood matrix (risk matrix or heat map)

The consequence/likelihood matrix (also referred to as a risk matrix or heat map) is a way to display risks according to their consequence and likelihood and to combine these characteristics to display a rating for the significance of risk.




Where a risk might have a range of consequence values, they can be displayed as a probability distribution of consequences (PDF). The data can also be plotted as a cumulative distribution (CDF), sometimes referred to as an S-curve. The PDF may be parametric or non-parametric. The probability that a consequence will exceed a particular value can be read directly off the S curve

Go to top