1、BSI Standards PublicationBS EN 16601-80:2014Space project managementPart 80: Risk managementBS EN 16601-80:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN 16601-80:2014.It supersedes BS EN ISO 17666:2003 which is withdrawn.The UK participation in its prepar
2、ation was entrusted to TechnicalCommittee ACE/68, Space systems and operations.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correc
3、tapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 83333 5ICS 49.140Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Comm
4、ittee on 31 August 2014.Amendments issued since publicationDate Text affectedBS EN 16601-80:2014EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORMEN 16601-80 August 2014 ICS 49.140 Supersedes EN ISO 17666:2003 English version Space project management - Part 80: Risk management Systmes spatiaux - Part
5、ie 80: Management des risques Raumfahrtsysteme - Teil 80: Risikomanagement This European Standard was approved by CEN on 14 December 2013. CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for givingthis European Standard the status
6、of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member. This European Standard exists in three official versions (English, F
7、rench, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN and CENELEC members are the national standards bodies and
8、 national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portug
9、al, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN/CENELEC All rights of exploitation in any form and by any means reserved worldwide for CEN national Members and for CENELEC Members. Ref.
10、No. EN 16601-80:2014 EBS EN 16601-80:2014EN 16601-80:2014 (E) 2 Table of contentsForeword 4 Introduction 5 1 Scope. 6 2 Normative references. 7 3 Terms, definitions and abbreviated terms 8 3.1 Terms from other standards 8 3.2 Terms specific to the present standard . 8 3.3 Abbreviated terms. 9 4 Prin
11、ciples of risk management10 4.1 Risk management concept .10 4.2 Risk management process .10 4.3 Risk management implementation in a project10 4.4 Risk management documentation.11 5 The risk management process12 5.1 Overview of the risk management process .12 5.2 Risk management steps and tasks .14 6
12、 Risk management implementation .21 6.1 General considerations.21 6.2 Responsibilities.21 6.3 Project life cycle considerations22 6.4 Risk visibility and decision making 22 6.5 Documentation of risk management .22 7 Risk management requirements .24 7.1 General.24 7.2 Risk management process requirem
13、ents24 7.3 Risk management implementation requirements 27 Annex A (normative) Risk management policy document - DRD29 BS EN 16601-80:2014EN 16601-80:2014 (E)3 A.1 DRD identification.29 A.2 Expected response. 29 Annex B (normative) Risk management plan - DRD.32 B.1 DRD identification.32 B.2 Expected
14、response. 32 Annex C (normative) Risk assessment report - DRD .35 C.1 DRD identification.35 C.2 Expected response . 35 Annex D (informative) Risk register example and ranked risk log example 37 Annex E (informative) Contribution of ECSS Standards to the risk management process .40 E.1 General.40 E.2
15、 ECSS-M ST-Standards.40 E.3 ECSS-Q Standards. 40 E.4 ECSS-E Standards. 41 Bibliography.42 FiguresFigure 5-1: The steps and cycles in the risk management process.13 Figure 5-2: The tasks associated with the steps of the risk management process within the risk management cycle.13 Figure 5-3: Example o
16、f a severityofconsequence scoring scheme14 Figure 5-4: Example of a likelihood scoring scheme.15 Figure 5-5: Example of risk index and magnitude scheme16 Figure 5-6: Example of risk magnitude designations and proposed actions for individual risks .16 Figure 5-7: Example of a risk trend.20 BS EN 1660
17、1-80:2014EN 16601-80:2014 (E) 4 Foreword This document (EN 16601-80:2014) has been prepared by Technical Committee CEN/CLC/TC 5 “Space”, the secretariat of which is held by DIN. This standard (EN16601-80:2014) originates from ECSS-M-ST-80C. This European Standard shall be given the status of a natio
18、nal standard, either by publication of an identical text or by endorsement, at the latest by February 2015, and conflicting national standards shall be withdrawn at the latest by February 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of pat
19、ent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document supersedes EN ISO 17666:2003. This document has been developed to cover specifically space systems and has therefore precedence over any EN covering the same scope but with a wid
20、er domain of applicability (e.g. : aerospace). According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, For
21、mer Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. BS EN 16601-80:2014EN 16601-80:2014 (E)5
22、 Introduction Risks are a threat to project success because they have negative effects on the project cost, schedule and technical performance, but appropriate practices of controlling risks can also present new opportunities with positive impact. The objective of project risk management is to ident
23、ify, assess, reduce, accept, and control space project risks in a systematic, proactive, comprehensive and cost effective manner, taking into account the projects technical and programmatic constraints. Risk is considered tradable against the conventional known project resources within the managemen
24、t, programmatic (e.g. cost, schedule) and technical (e.g. mass, power, dependability, safety) domains. The overall risk management in a project is an iterative process throughout the project life cycle, with iterations being determined by the project progress through the different project phases, an
25、d by changes to a given project baseline influencing project resources. Risk management is implemented at each level of the customer-supplier network. Known project practices for dealing with project risks, such as system and engineering analyses, analyses of safety, critical items, dependability, c
26、ritical path, and cost, are an integral part of project risk management. Ranking of risks according to their criticality for project success, allowing management attention to be directed to the essential issues, is a major objective of risk management. The project actors agree on the extent of the r
27、isk management to be implemented in a given project depending on the project definition and characterization. BS EN 16601-80:2014EN 16601-80:2014 (E) 6 1 ScopeThis Standard defines the principles and requirements for integrated risk management on a space project; it explains what is needed to implem
28、ent a projectintegrated risk management policy by any project actor, at any level (i.e. customer, first level supplier, or lower level suppliers). This Standard contains a summary of the general risk management process, which is subdivided into four (4) basic steps and nine (9) tasks. The risk manag
29、ement process requires information exchange among all project domains, and provides visibility over risks, with a ranking according to their criticality for the project; these risks are monitored and controlled according to the rules defined for the domains to which they belong. The fields of applic
30、ation of this Standard are all the activities of all the space project phases. A definition of project phasing is given in ECSS-M-ST-10. This standard may be tailored for the specific characteristics and constraints of a space project in conformance with ECSS-S-ST-00. BS EN 16601-80:2014EN 16601-80:
31、2014 (E)7 2 Normative referencesThe following normative documents contain provisions which, through reference in this text, constitute provisions of this ECSS Standard. For dated references, subsequent amendments to, or revisions of any of these publications do not apply. However, parties to agreeme
32、nts based on this ECSS Standard are encouraged to investigate the possibility of applying the most recent editions of the normative documents indicated below. For undated references the latest edition of the publication referred to applies. EN reference Reference in text Title EN 16601-00-01 ECSS-ST
33、-00-01 ECSS system - Glossary of terms EN 16601-10 ECSS-M-ST-10 Space project management Project planning and implementation BS EN 16601-80:2014EN 16601-80:2014 (E) 8 3 Terms, definitions and abbreviated terms3.1 Terms from other standardsFor the purpose of this Standard, the terms and definitions f
34、rom ECSS-ST-00-01 apply, in particular for the following terms: risk residual risk risk management risk management policy 3.2 Terms specific to the present standard3.2.1 acceptance of (risk)decision to cope with consequences, should a risk scenario materialize NOTE 1 A risk can be accepted when its
35、magnitude is less than a given threshold, defined in the risk management policy. NOTE 2 In the context of risk management, acceptance can mean that even though a risk is not eliminated, its existence and magnitude are acknowledged and tolerated. 3.2.2 (risk) communicationall information and data nec
36、essary for risk management addressed to a decisionmaker and to relevant actors within the project hierarchy 3.2.3 (risk) indexscore used to measure the magnitude of the risk; it is a combination of the likelihood of occurrence and the severity of consequence, where scores are used to measure likelih
37、ood and severity 3.2.4 individual (risk)risk identified, assessed, and mitigated as a distinct risk items in a project BS EN 16601-80:2014EN 16601-80:2014 (E)9 3.2.5 (risk) management processconsists of all the project activities related to the identification, assessment, reduction, acceptance, and
38、feedback of risks 3.2.6 overall (risk)risk resulting from the assessment of the combination of individual risks and their impact on each other, in the context of the whole project NOTE Overall risk can be expressed as a combination of qualitative and quantitative assessment. 3.2.7 (risk) reductionim
39、plementation of measures that leads to reduction of the likelihood or severity of risk NOTE Preventive measures aim at eliminating the cause of a problem situation, and mitigation measures aim at preventing the propagation of the cause to the consequence or reducing the severity of the consequence o
40、r the likelihood of the occurrence. 3.2.8 resolved (risk)risk that has been rendered acceptable 3.2.9 (risk) scenariosequence or combination of events leading from the initial cause to the unwanted consequence NOTE The cause can be a single event or something activating a dormant problem. 3.2.10 (ri
41、sk) trendevolution of risks throughout the life cycle of a project 3.2.11 unresolved (risk)risk for which risk reduction attempts are not feasible, cannot be verified, or have proved unsuccessful: a risk remaining unacceptable 3.3 Abbreviated termsFor the purpose of this standard, the abbreviated te
42、rms of ECSS-S-ST-00-01 and the following apply: Abbreviation Meaning IEC International Electrotechnical Commission BS EN 16601-80:2014EN 16601-80:2014 (E) 10 4 Principles of risk management4.1 Risk management conceptRisk management is a systematic and iterative process for optimizing resources in ac
43、cordance with the projects risk management policy. It is integrated through defined roles and responsibilities into the daytoday activities in all project domains and at all project levels. Risk management assists managers and engineers by including risk aspects in management and engineering practic
44、es and judgements throughout the project life cycle, including the preparation of project requirements documents. It is performed in an integrated, holistic way, maximizing the overall benefits in areas such as: design, manufacturing, testing, operation, maintenance, and disposal, together with thei
45、r interfaces; control over risk consequences; management, cost, and schedule. 4.2 Risk management process The entire spectrum of risks is assessed. Trade-offs are made among different, and often competing, goals. Undesired events are assessed for their severity and likelihood of occurrence. The asse
46、ssments of the alternatives for mitigating the risks are iterated, and the resulting measurements of performance and risk trend are used to optimize the tradable resources. Within the risk management process, available risk information is produced and structured, facilitating risk communication and
47、management decision making. The results of risk assessment and reduction and the residual risks are communicated to the project team for information and follow-up. 4.3 Risk management implementation in a project Risk management requires corporate commitment in each actors organization and the establ
48、ishment of clear lines of responsibility and accountability from the top corporate level downwards. Project management has the overall responsibility for the implementation of risk management, ensuring an integrated, coherent approach for all project domains. BS EN 16601-80:2014EN 16601-80:2014 (E)1
49、1 Independent validation of data ensures the objectiveness of risk assessment, performed as part of the risk management process. Risk management is a continuous, iterative process. It constitutes an integral part of normal project activity and is embedded within the existing management processes. It utilizes the existing elements of the project management processes to the maximum possible extent. 4.4 Risk management documentationThe risk management process is documented to ensure that the risk management policies (see Annex A) are well established, understood, impl
