1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS ISO 11231:2010Space systems Probabilisticrisk assessment (PRA)BS ISO 11231:2010 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 11231:20
2、10.The UK participation in its preparation was entrusted to TechnicalCommittee ACE/68/-/5, Space systems and operations - Programmemanagement.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessar
3、yprovisions of a contract. Users are responsible for its correctapplication. BSI 2010ISBN 978 0 580 66382 6ICS 49.140Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee o
4、n 31 August 2010.Amendments issued since publicationDate Text affectedBS ISO 11231:2010Reference numberISO 11231:2010(E)ISO 2010INTERNATIONAL STANDARD ISO11231First edition2010-08-01Space systems Probabilistic risk assessment (PRA) Systmes spatiaux valuation du risque probabiliste (PRA) BS ISO 11231
5、:2010ISO 11231:2010(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
6、downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in
7、 the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the addr
8、ess given below. COPYRIGHT PROTECTED DOCUMENT ISO 2010 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO
9、 at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2010 All rights reservedBS ISO 11231:2010ISO 11231:20
10、10(E) ISO 2010 All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Normative references1 3 Terms, definitions and abbreviated terms1 3.1 Terms and definitions .1 3.2 Abbreviated terms .3 4 Principles of probabilistic risk assessment .4 4.1 General .4 4.2 Safety risk assessment
11、 concept5 4.3 Concept of risk and probabilistic risk assessment .7 5 Objectives, uses, and benefits of probabilistic risk assessment.8 6 PRA requirements and process.10 6.1 Probabilistic risk assessment requirements10 6.2 Overview of the probabilistic risk assessment process .10 6.3 Probabilistic ri
12、sk assessment tasks10 7 Peer review.15 7.1 General .15 7.2 Internal peer reviews.15 7.3 External peer reviews15 8 Probabilistic risk assessment report data content requirements .16 Bibliography17 BS ISO 11231:2010ISO 11231:2010(E) iv ISO 2010 All rights reservedForeword ISO (the International Organi
13、zation for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been establishe
14、d has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
15、International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Pub
16、lication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent
17、 rights. ISO 11231 was prepared by Technical Committee ISO/TC 20, Aircraft and space vehicles, Subcommittee SC 14, Space systems and operations. BS ISO 11231:2010ISO 11231:2010(E) ISO 2010 All rights reserved vIntroduction Structured risk management processes use qualitative and quantitative risk as
18、sessment techniques to support optimal decisions regarding safety and the likelihood of mission success, as provided for in ISO 17666. The most systematic and comprehensive methodology for conducting these evaluations is probabilistic risk assessment (PRA). Probabilistic risk assessment has, over th
19、e past three decades, become the principal analytic method for identifying and analysing risk from project and complex systems. Its utility for risk management (RM) has been proven in many industries, including aerospace, electricity generation, petrochemical and defence. PRA is a methodology used t
20、o identify and evaluate risk, in order to facilitate RM activities by identifying dominant contributors to risk, so that resources can be effectively allocated to address significant risk drivers and not wasted on items that contribute insignificantly to the risk. In addition to analysing risk, PRA
21、provides a framework to quantify uncertainties in events and event sequences that are important to system safety. By enabling the quantification of uncertainty, PRA informs decision makers on the sources of uncertainty and provides information on the worth of investment resources in reducing uncerta
22、inty. In this way, PRA supplements traditional safety analyses that support safety-related decisions. Through the use of PRA, safety analyses are capable of focussing on both the likelihood and severity of events and consequences that adversely impact safety. PRA differs from reliability analysis in
23、 two important respects: a) PRA allows a more precise quantification of uncertainty both for individual events and for the overall system; b) PRA applies more informative evaluations that quantify metrics related to the occurrence of highly adverse consequences (e.g. fatalities, loss of mission), as
24、 opposed to narrowly defined system performance metrics (e.g. mean-time-to-failure). PRA also differs from hazard analysis, which identifies and evaluates metrics related to the effects of high-consequence and low-probability events, treating them as if they had happened, i.e. without regard to thei
25、r likelihood of occurrence. In addition, the completeness of the set of accident scenarios cannot be assured in the conduct of a hazard analysis. PRA results are more diverse and directly applicable to resource allocation and other RM decision-making based on a broader spectrum of consequence metric
26、s. Through the PRA process, weaknesses and vulnerabilities of the system that can adversely impact safety, performance and mission success are identified. These results in turn provide insights into viable RM strategies to reduce risk and direct the decision maker to areas where expenditure of resou
27、rces to improve design and operation might be more effective. The most useful applications of PRA have been in the risk evaluation of complex systems that can result in low-probability and high-consequence scenarios, or the evaluation of complex scenarios consisting of chains of events that collecti
28、vely may adversely impact system safety more than individually. BS ISO 11231:2010BS ISO 11231:2010INTERNATIONAL STANDARD ISO 11231:2010(E) ISO 2010 All rights reserved 1Space systems Probabilistic risk assessment (PRA) 1 Scope This International Standard supports and complements the implementation o
29、f the risk management process defined in ISO 17666 in situations when application of quantitative risk assessment is deemed necessary. This International Standard defines the principles, process, implementation and requirements for conducting a quantitative risk assessment, and explains the details
30、of probabilistic risk assessment (PRA) as applied to safety. While PRA can be applied to project risk management involving cost and schedule, this application is outside the scope of this International Standard. This International Standard provides the basic requirements and procedures for use of PR
31、A techniques to assess safety or mission risk and success in space programmes and projects. This International Standard is applicable to all international space projects involving: the design of space vehicles for the transportation of personnel in space; the design of space and non-terrestrial plan
32、etary stations inhabited by human beings; the design of space and launch vehicles powered by, or carrying, nuclear materials; other projects as directed by authorities or clients. These types of projects generally involve scenarios, chains of events or activities that could result in the death of, o
33、r serious injury to, members of the public, astronauts or pilots, or the workforce, or the loss of critical or high-value equipment and property. For other types of projects, it is intended that PRA be performed at the discretion of the project management. 2 Normative references The following refere
34、nced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 17666, Space systems Risk management 3 Terms, definitions and abb
35、reviated terms 3.1 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 17666 and the following apply. 3.1.1 acceptable risk safety risk, the severity and the probability of which may be reasonably accepted by humanity, without durable or irreversible fores
36、eeable consequences on health, Earth, and the environment, at the present time and in the future ISO 14620-2:2000, definition 3.1 BS ISO 11231:2010ISO 11231:2010(E) 2 ISO 2010 All rights reserved3.1.2 expert judgment systematic and structured elicitation of likelihood data through estimation and ass
37、essment by specialists NOTE 1 “Structured” implies the use of a method; “systematic” means regularly. NOTE 2 Mathematical aggregation of individual judgments is generally preferred over behavioural or consensus aggregation. 3.1.3 likelihood probability of occurrence or measure for the occurrence rat
38、e or frequency of an event, a hazard scenario or consequence 3.1.4 likelihood reference frame relative indicator against which the likelihood is expressed NOTE The likelihood reference frame is linked to the structure of the analysis. A typical reference frame in use in space projects is “per missio
39、n”. 3.1.5 risk quantitative or qualitative measure for the severity of a potential damage and the probability of incurring that damage ISO 14620-2:2000, definition 3.27 NOTE Risks arise from uncertainty due to a lack of predictability or control of events. Risks are inherent to any project and can a
40、rise at any time during the project life cycle; reducing these uncertainties reduces the risk. 3.1.6 risk contributor single event or particular set of events upon which the risk depends NOTE Risk contributors can be ranked relative to each other by their risk contribution (3.1.7). 3.1.7 risk contri
41、bution measure of the decrease of the likelihood of a top consequence, when the events associated with the corresponding risk contributor are assumed not to occur NOTE 1 Risk contribution indicates (and is directly proportional to) the “risk reduction potential” of the risk contributor. Important ri
42、sk contributors are events, which have a high-risk contribution and risk reduction potential. NOTE 2 Risk contribution provides a systematic measure that makes it possible to rank design and operation constituents of a system from a safety risk point of view. It allows the identification of high ris
43、k or vulnerable areas in the system, which can then serve as drivers for safety improvements. 3.1.8 safety risk measure of the potential consequences of a hazard (e.g. expected number of casualties) considering the probability of the associated mishap, the harm caused to people, and the damage cause
44、d to public and private property and the environment ISO 14620-2:2000, definition 3.30 NOTE 1 Safety risk is always associated with a specific hazard scenario or a particular set of scenarios. The risk posed by a single scenario is called “individual scenario risk”. The risk posed by the combination
45、 of individual risks and their impact on each other is called “overall risk”. NOTE 2 The magnitude of safety risk is represented by the severity and the likelihood of the consequence. BS ISO 11231:2010ISO 11231:2010(E) ISO 2010 All rights reserved 33.1.9 (risk) scenario sequence or combination of ev
46、ents leading from the initial cause to the unwanted consequence ISO 17666:2003, definition 2.1.13 NOTE The cause can be a single event or something activating a dormant problem. 3.1.10 stakeholder individual or organization that stands to gain or to lose as a result of risk consequences 3.1.11 uncer
47、tainty lack of certitude resulting from inaccuracies of input parameters, analysis process, or both ECSS-P-001B:2004, definition 3.216 NOTE Uncertainty can be represented as an interval with an upper and lower value or as an uncertainty distribution. 3.1.12 uncertainty contributor single event or pa
48、rticular set of events upon which the uncertainty of the top consequence depends NOTE Uncertainty contributors can be ranked relative to each other by their uncertainty contribution (3.1.13). 3.1.13 uncertainty contribution measure of the decrease of the uncertainty of a top consequence, when the li
49、kelihoods of the events associated with the corresponding uncertainty contributor are assumed to be without uncertainty NOTE 1 Uncertainty contribution indicates (and is directly proportional to) the “uncertainty reduction potential” of the uncertainty contributor. Important uncertainty contributors are events, which have a high uncertainty contribution and uncertainty reduction potential. NOTE 2 Uncertainty contribution provides a systematic measure that makes it possible to rank data and information sources. 3.2 Abbreviat
