1、 IEC/ISO 31010Edition 1.0 2009-11INTERNATIONAL STANDARD NORME INTERNATIONALERisk management Risk assessment techniques Gestion des risques Techniques dvaluation des risques IEC/iSO 31010:2009 colourinsideTHIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2009 IEC, Geneva, Switzerland All rights reser
2、ved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IECs member National Committee in the country of the requester. If
3、you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information. Droits de reproduction rservs. Sauf indication contraire, aucune partie de cette
4、publication ne peut tre reproduite ni utilise sous quelque forme que ce soit et par aucun procd, lectronique ou mcanique, y compris la photocopie et les microfilms, sans laccord crit de la CEI ou du Comit national de la CEI du pays du demandeur. Si vous avez des questions sur le copyright de la CEI
5、ou si vous dsirez obtenir des droits supplmentaires sur cette publication, utilisez les coordonnes ci-aprs ou contactez le Comit national de la CEI de votre pays de rsidence. IEC Central Office 3, rue de Varemb CH-1211 Geneva 20 Switzerland Email: inmailiec.ch Web: www.iec.ch About the IEC The Inter
6、national Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes International Standards for all electrical, electronic and related technologies. About IEC publications The technical content of IEC publications is kept under constant review by the IEC. Please
7、 make sure that you have the latest edition, a corrigenda or an amendment might have been published. Catalogue of IEC publications: www.iec.ch/searchpub The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,). It also gives information
8、on projects, withdrawn and replaced publications. IEC Just Published: www.iec.ch/online_news/justpub Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available on-line and also by email. Electropedia: www.electropedia.org The worlds lea
9、ding online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical Vocabulary online. Customer Service Centre: www.iec.ch/webstore/custserv
10、If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service Centre FAQ or contact us: Email: csciec.ch Tel.: +41 22 919 02 11 Fax: +41 22 919 03 00 A propos de la CEI La Commission Electrotechnique Internationale (CEI) est la premire organis
11、ation mondiale qui labore et publie des normes internationales pour tout ce qui a trait llectricit, llectronique et aux technologies apparentes. A propos des publications CEI Le contenu technique des publications de la CEI est constamment revu. Veuillez vous assurer que vous possdez ldition la plus
12、rcente, un corrigendum ou amendement peut avoir t publi. Catalogue des publications de la CEI: www.iec.ch/searchpub/cur_fut-f.htm Le Catalogue en-ligne de la CEI vous permet deffectuer des recherches en utilisant diffrents critres (numro de rfrence, texte, comit dtudes,). Il donne aussi des informat
13、ions sur les projets et les publications retires ou remplaces. Just Published CEI: www.iec.ch/online_news/justpub Restez inform sur les nouvelles publications de la CEI. Just Published dtaille deux fois par mois les nouvelles publications parues. Disponible en-ligne et aussi par email. Electropedia:
14、 www.electropedia.org Le premier dictionnaire en ligne au monde de termes lectroniques et lectriques. Il contient plus de 20 000 termes et dfinitions en anglais et en franais, ainsi que les termes quivalents dans les langues additionnelles. Egalement appel Vocabulaire Electrotechnique International
15、en ligne. Service Clients: www.iec.ch/webstore/custserv/custserv_entry-f.htm Si vous dsirez nous donner des commentaires sur cette publication ou si vous avez des questions, visitez le FAQ du Service clients ou contactez-nous: Email: csciec.ch Tl.: +41 22 919 02 11 Fax: +41 22 919 03 00 IEC/ISO 3101
16、0Edition 1.0 2009-11INTERNATIONAL STANDARD NORME INTERNATIONALERisk management Risk assessment techniques Gestion des risques Techniques dvaluation des risques INTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION ELECTROTECHNIQUE INTERNATIONALE XDICS 03.100.01 PRICE CODECODE PRIXISBN 2-8318-1068-2co
17、lourinside 2 31010 IEC:2009 CONTENTS FOREWORD.4 INTRODUCTION.6 1 Scope.7 2 Normative references .7 3 Terms and definitions .7 4 Risk assessment concepts .7 4.1 Purpose and benefits 7 4.2 Risk assessment and the risk management framework8 4.3 Risk assessment and the risk management process8 4.3.1 Gen
18、eral .8 4.3.2 Communication and consultation .9 4.3.3 Establishing the context.9 4.3.4 Risk assessment .10 4.3.5 Risk treatment .10 4.3.6 Monitoring and review .11 5 Risk assessment process .11 5.1 Overview .11 5.2 Risk identification 12 5.3 Risk analysis .12 5.3.1 General .12 5.3.2 Controls Assessm
19、ent.13 5.3.3 Consequence analysis.14 5.3.4 Likelihood analysis and probability estimation .14 5.3.5 Preliminary Analysis 15 5.3.6 Uncertainties and sensitivities .15 5.4 Risk evaluation15 5.5 Documentation 16 5.6 Monitoring and Reviewing Risk Assessment17 5.7 Application of risk assessment during li
20、fe cycle phases .17 6 Selection of risk assessment techniques 17 6.1 General .17 6.2 Selection of techniques .17 6.2.1 Availability of Resources .18 6.2.2 The Nature and Degree of Uncertainty.18 6.2.3 Complexity 19 6.3 Application of risk assessment during life cycle phases .19 6.4 Types of risk ass
21、essment techniques 19 Annex A (informative) Comparison of risk assessment techniques .21 Annex B (informative) Risk assessment techniques .27 Bibliography90 Figure 1 Contribution of risk assessment to the risk management process.11 Figure B.1 Dose-response curve37 Figure B.2 Example of an FTA from I
22、EC 60-300-3-9.49 Figure B.3 Example of an Event tree52 31010 IEC:2009 3 Figure B.4 Example of Cause-consequence analysis .55 Figure B.5 Example of Ishikawa or Fishbone diagram 57 Figure B.6 Example of tree formulation of cause-and-effect analysis58 Figure B.7 Example of Human reliability assessment
23、.64 Figure B.8 Example Bow tie diagram for unwanted consequences .66 Figure B.9 Example of System Markov diagram .70 Figure B.10 Example of State transition diagram71 Figure B.11 Sample Bayes net 77 Figure B.12 The ALARP concept79 Figure B.13 Part example of a consequence criteria table84 Figure B.1
24、4 Part example of a risk ranking matrix 84 Figure B.15 Part example of a probability criteria matrix 85 Table A.1 Applicability of tools used for risk assessment .22 Table A.2 Attributes of a selection of risk assessment tools .23 Table B.1 Example of possible HAZOP guidewords .34 Table B.2 Markov m
25、atrix 70 Table B.3 Final Markov matrix72 Table B.4 Example of Monte Carlo Simulation .74 Table B.5 Bayes table data .77 Table B.6 Prior probabilities for nodes A and B77 Table B.7 Conditional probabilities for node C with node A and node B defined .77 Table B.8 Conditional probabilities for node D w
26、ith node A and node C defined .78 Table B.9 Posterior probability for nodes A and B with node D and Node C defined.78 Table B.10 Posterior probability for node A with node D and node C defined .78 4 31010 IEC:2009 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ RISK MANAGEMENT RISK ASSESSMENT TECHNIQUES
27、 FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on all questions concerning standardization in th
28、e electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted
29、to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely with the Internationa
30、l Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each te
31、chnical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC Pu
32、blications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transparently to the maximum extent possible in their n
33、ational and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity assessment
34、services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees,
35、servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publi
36、cation, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is drawn to the possibi
37、lity that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. International standard IEC/ISO 31010 has been prepared by IEC technical committee 56: Dependability together with the ISO TMB “
38、Risk management” working group. The text of this standard is based on the following documents: FDIS Rapport de vote56/1329/FDIS 56/1346/RVD Full information on the voting for the approval of this standard can be found in the report on voting indicated in the above table. In ISO, the standard has bee
39、n approved by 17 member bodies out of 18 having cast a vote. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. 31010 IEC:2009 5 The committee has decided that the contents of this publication will remain unchanged until the maintenance result date indicated on the
40、IEC web site under “http:/webstore.iec.ch“ in the data related to the specific publication. At this date, the publication will be reconfirmed; withdrawn; replaced by a revised edition; amended. IMPORTANT The colour inside logo on the cover page of this publication indicates that it contains colours
41、which are considered to be useful for the correct understanding of its contents. Users should therefore print this document using a colour printer. 6 31010 IEC:2009 INTRODUCTION Organizations of all types and sizes face a range of risks that may affect the achievement of their objectives. These obje
42、ctives may relate to a range of the organizations activities, from strategic initiatives to its operations, processes and projects, and be reflected in terms of societal, environmental, technological, safety and security outcomes, commercial, financial and economic measures, as well as social, cultu
43、ral, political and reputation impacts. All activities of an organization involve risks that should be managed. The risk management process aids decision making by taking account of uncertainty and the possibility of future events or circumstances (intended or unintended) and their effects on agreed
44、objectives. Risk management includes the application of logical and systematic methods for communicating and consulting throughout this process; establishing the context for identifying, analysing, evaluating, treating risk associated with any activity, process, function or product; monitoring and r
45、eviewing risks; reporting and recording the results appropriately. Risk assessment is that part of risk management which provides a structured process that identifies how objectives may be affected, and analyses the risk in term of consequences and their probabilities before deciding on whether furt
46、her treatment is required. Risk assessment attempts to answer the following fundamental questions: what can happen and why (by risk identification)? what are the consequences? what is the probability of their future occurrence? are there any factors that mitigate the consequence of the risk or that
47、reduce the probability of the risk? Is the level of risk tolerable or acceptable and does it require further treatment? This standard is intended to reflect current good practices in selection and utilization of risk assessment techniques, and does not refer to new or evolving concepts which have no
48、t reached a satisfactory level of professional consensus. This standard is general in nature, so that it may give guidance across many industries and types of system. There may be more specific standards in existence within these industries that establish preferred methodologies and levels of assess
49、ment for particular applications. If these standards are in harmony with this standard, the specific standards will generally be sufficient. 31010 IEC:2009 7 RISK MANAGEMENT RISK ASSESSMENT TECHNIQUES 1 Scope This International Standard is a supporting standard for ISO 31000 and provides guidance on selection and application of systematic techniques for ris