AP scope  |  AP module  |  AP contents  |  AP index
Application module: Risk ISO/WD 10303-1264

Cover page
Table of contents
Copyright
Foreword
Introduction
1 Scope
2 Normative references
3 Terms, definitions and abbreviations

4 Information requirements
   4.1 Required AM ARMs
   4.2 ARM type definitions
   4.3 ARM entity definitions
5 Module interpreted model
   5.1 Mapping specification
   5.2 MIM EXPRESS short listing
     5.2.1 MIM type definitions
     5.2.2 MIM entity definitions

A MIM short names
B Information object registration
C ARM EXPRESS-G   EXPRESS-G
D MIM EXPRESS-G   EXPRESS-G
E Computer interpretable listings
Bibliography
Index

4 Information requirements

This clause specifies the information requirements for the Risk application module. The information requirements are specified as the Application Reference Model (ARM) of this application module.

NOTE 1  A graphical representation of the information requirements is given in Annex C.

NOTE 2  The mapping specification is specified in 5.1. It shows how the information requirements are met by using common resources and constructs defined or imported in the MIM schema of this application module.

The following EXPRESS specification begins the Risk_arm schema and identifies the necessary external references.

EXPRESS specification:

*)
SCHEMA Risk_arm;
(*

4.1 Required AM ARMs

The following EXPRESS interface statements specify the elements imported from the ARMs of other application modules.

EXPRESS specification:

*)
USE FROM Activity_arm;    --  ISO/TS 10303-1047

USE FROM Activity_method_arm;    --  ISO/TS 10303-1049

USE FROM Activity_method_assignment_arm;    --  ISO/TS 10303-1249

USE FROM Approval_arm;    --  ISO/TS 10303-1012

USE FROM Classification_assignment_arm;    --  ISO/TS 10303-1114

USE FROM Condition_arm;    --  ISO/TS 10303-1253

USE FROM Date_time_assignment_arm;    --  ISO/TS 10303-1014

USE FROM Document_assignment_arm;    --  ISO/TS 10303-1122

USE FROM Event_arm;    --  ISO/TS 10303-1064

USE FROM Justification_arm;    --  ISO/TS 10303-1263

USE FROM Person_organization_arm;    --  ISO/TS 10303-1011

USE FROM Person_organization_assignment_arm;    --  ISO/TS 10303-1013

USE FROM Probability_arm;    --  ISO/TS 10303-1252

USE FROM Probability_distribution_arm;    --  ISO/TS 10303-1274

USE FROM Product_identification_arm;    --  ISO/TS 10303-1017

USE FROM Property_assignment_arm;    --  ISO/TS 10303-1030

USE FROM Resource_item_arm;    --  ISO/TS 10303-1268

USE FROM State_definition_arm;    --  ISO/E2 WD 10303-1255
(*

NOTE 1   The schemas referenced above are specified in the following part of ISO 10303:

Activity_arm ISO/TS 10303-1047
Activity_method_arm ISO/TS 10303-1049
Activity_method_assignment_arm ISO/TS 10303-1249
Approval_arm ISO/TS 10303-1012
Classification_assignment_arm ISO/TS 10303-1114
Condition_arm ISO/TS 10303-1253
Date_time_assignment_arm ISO/TS 10303-1014
Document_assignment_arm ISO/TS 10303-1122
Event_arm ISO/TS 10303-1064
Justification_arm ISO/TS 10303-1263
Person_organization_arm ISO/TS 10303-1011
Person_organization_assignment_arm ISO/TS 10303-1013
Probability_arm ISO/TS 10303-1252
Probability_distribution_arm ISO/TS 10303-1274
Product_identification_arm ISO/TS 10303-1017
Property_assignment_arm ISO/TS 10303-1030
Resource_item_arm ISO/TS 10303-1268
State_definition_arm ISO/E2 WD 10303-1255

NOTE 2   See Annex C, Figures C.1, C.2, C.3, C.4, C.5, C.6, C.7, C.8and C.9 for a graphical representation of this schema.

4.2 ARM type definitions

This subclause specifies the ARM types for this application module. The ARM types and definitions are specified below.

4.2.1 activity_risk_source   EXPRESS-G

The activity_risk_source type is an extension of the risk_source_item type. It adds the data types Activity and Activity_method to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE activity_risk_source = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON risk_source_item WITH
   (Activity,
    Activity_method);
END_TYPE;
(*

4.2.2 lessons_learned_select   EXPRESS-G

The lessons_learned_select type is an extension of the documented_element_select type. It adds the data types Applied_risk_source_assignment, Risk and Risk_criteria to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE lessons_learned_select = EXTENSIBLE SELECT BASED_ON documented_element_select WITH
   (Applied_risk_source_assignment,
    Risk,
    Risk_criteria);
END_TYPE;
(*

4.2.3 mitigation_select   EXPRESS-G

The mitigation_select type allows for the designation of the data types Applied_probability_assignment, Applied_risk_impact_assignment, Applied_risk_source_assignment, Risk, Risk_consequence, Risk_level, Risk_perception, Risk_perception_relationship and Risk_relationship.

EXPRESS specification:

*)
TYPE mitigation_select = SELECT
   (Applied_probability_assignment,
    Applied_risk_impact_assignment,
    Applied_risk_source_assignment,
    Risk,
    Risk_consequence,
    Risk_level,
    Risk_perception,
    Risk_perception_relationship,
    Risk_relationship);
END_TYPE;
(*

4.2.4 probability_select   EXPRESS-G

The probability_select type allows for the designation of the data types Probability and Probability_distribution.

EXPRESS specification:

*)
TYPE probability_select = SELECT
   (Probability,
    Probability_distribution);
END_TYPE;
(*

4.2.5 probable_event   EXPRESS-G

The probable_event type is an extension of the probable_item type. It adds the data type Event to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE probable_event = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON probable_item WITH
   (Event);
END_TYPE;
(*

4.2.6 probable_item   EXPRESS-G

The probable_item type is an extensible list of alternate data types. Additional alternate data types are specified in select data types that extend the probable_item type.

NOTE   This empty extensible select requires extension in a further module to ensure that entities that refer to it have at least one valid instantiation.

EXPRESS specification:

*)
TYPE probable_item = EXTENSIBLE GENERIC_ENTITY SELECT;
END_TYPE;
(*

4.2.7 product_risk_source   EXPRESS-G

The product_risk_source type is an extension of the risk_source_item type. It adds the data type Product to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE product_risk_source = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON risk_source_item WITH
   (Product);
END_TYPE;
(*

4.2.8 risk_activity_item   EXPRESS-G

The risk_activity_item type is an extension of the activity_item type. It adds the data types Applied_risk_source_assignment, Risk_analysis, Risk_assessment, Risk_communication, Risk_control, Risk_estimation, Risk_evaluation, Risk_identification and Risk_reduction to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE risk_activity_item = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON activity_item WITH
   (Applied_risk_source_assignment,
    Risk_analysis,
    Risk_assessment,
    Risk_communication,
    Risk_control,
    Risk_estimation,
    Risk_evaluation,
    Risk_identification,
    Risk_reduction);
END_TYPE;
(*

4.2.9 risk_activity_method_item   EXPRESS-G

The risk_activity_method_item type is an extension of the activity_method_item type. It adds the data type Risk_treatment to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE risk_activity_method_item = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON activity_method_item WITH
   (Risk_treatment);
END_TYPE;
(*

4.2.10 risk_approval_item   EXPRESS-G

The risk_approval_item type is an extension of the approval_item type. It adds the data types Risk_perception and Risk_reduction to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE risk_approval_item = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON approval_item WITH
   (Risk_perception,
    Risk_reduction);
END_TYPE;
(*

4.2.11 risk_classification_item   EXPRESS-G

The risk_classification_item type is an extension of the classification_item type. It adds the data types Applied_probability_assignment, Applied_risk_impact_assignment, Risk, Risk_consequence, Risk_perception, Risk_perception_relationship, Risk_relationship and Risk_stakeholder to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE risk_classification_item = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON classification_item WITH
   (Applied_probability_assignment,
    Applied_risk_impact_assignment,
    Risk,
    Risk_consequence,
    Risk_perception,
    Risk_perception_relationship,
    Risk_relationship,
    Risk_stakeholder);
END_TYPE;
(*

4.2.12 risk_communication_select   EXPRESS-G

The risk_communication_select type allows for the designation of the data types Applied_probability_assignment, Applied_risk_impact_assignment, Applied_risk_source_assignment, Lessons_learned, Risk, Risk_assessment, Risk_consequence, Risk_context, Risk_control, Risk_criteria, Risk_estimation, Risk_evaluation, Risk_identification, Risk_perception, Risk_perception_relationship, Risk_status and Risk_treatment.

EXPRESS specification:

*)
TYPE risk_communication_select = SELECT
   (Applied_probability_assignment,
    Applied_risk_impact_assignment,
    Applied_risk_source_assignment,
    Lessons_learned,
    Risk,
    Risk_assessment,
    Risk_consequence,
    Risk_context,
    Risk_control,
    Risk_criteria,
    Risk_estimation,
    Risk_evaluation,
    Risk_identification,
    Risk_perception,
    Risk_perception_relationship,
    Risk_status,
    Risk_treatment);
END_TYPE;
(*

4.2.13 risk_condition_item   EXPRESS-G

The risk_condition_item type is an extension of the condition_item type. It adds the data type Risk_status to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE risk_condition_item = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON condition_item WITH
   (Risk_status);
END_TYPE;
(*

4.2.14 risk_date_or_date_time_item   EXPRESS-G

The risk_date_or_date_time_item type is an extension of the date_or_date_time_item type. It adds the data types Applied_probability_assignment, Applied_risk_impact_assignment, Applied_risk_source_assignment, Risk, Risk_attitude, Risk_consequence, Risk_context, Risk_criteria, Risk_evaluation, Risk_perception, Risk_perception_relationship, Risk_reduction, Risk_relationship, Risk_status and Risk_treatment to the list of alternate data types.

EXPRESS specification:

*)
TYPE risk_date_or_date_time_item = SELECT BASED_ON date_or_date_time_item WITH
   (Applied_probability_assignment,
    Applied_risk_impact_assignment,
    Applied_risk_source_assignment,
    Risk,
    Risk_attitude,
    Risk_consequence,
    Risk_context,
    Risk_criteria,
    Risk_evaluation,
    Risk_perception,
    Risk_perception_relationship,
    Risk_reduction,
    Risk_relationship,
    Risk_status,
    Risk_treatment);
END_TYPE;
(*

4.2.15 risk_estimation_select   EXPRESS-G

The risk_estimation_select type allows for the designation of the data types Applied_probability_assignment, Applied_risk_impact_assignment and Risk_consequence.

EXPRESS specification:

*)
TYPE risk_estimation_select = SELECT
   (Applied_probability_assignment,
    Applied_risk_impact_assignment,
    Risk_consequence);
END_TYPE;
(*

4.2.16 risk_evaluation_select   EXPRESS-G

The risk_evaluation_select type allows for the designation of the data types Risk_level and Risk_perception.

EXPRESS specification:

*)
TYPE risk_evaluation_select = SELECT
   (Risk_level,
    Risk_perception);
END_TYPE;
(*

4.2.17 risk_identification_select   EXPRESS-G

The risk_identification_select type allows for the designation of the data types Applied_risk_impact_assignment, Applied_risk_source_assignment, Risk, Risk_consequence, Risk_criteria and Risk_perception.

EXPRESS specification:

*)
TYPE risk_identification_select = SELECT
   (Applied_risk_impact_assignment,
    Applied_risk_source_assignment,
    Risk,
    Risk_consequence,
    Risk_criteria,
    Risk_perception);
END_TYPE;
(*

4.2.18 risk_impact_item   EXPRESS-G

The risk_impact_item type is an extensible list of alternate data types. Additional alternate data types are specified in select data types that extend the risk_impact_item type.

NOTE   This empty extensible select requires extension in a further module to ensure that entities that refer to it have at least one valid instantiation.

EXPRESS specification:

*)
TYPE risk_impact_item = EXTENSIBLE GENERIC_ENTITY SELECT;
END_TYPE;
(*

4.2.19 risk_justification_item   EXPRESS-G

The risk_justification_item type is an extension of the justification_item type. It adds the data types Risk_reduction and Risk_treatment to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE risk_justification_item = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON justification_item WITH
   (Risk_reduction,
    Risk_treatment);
END_TYPE;
(*

4.2.20 risk_organization_or_person_in_organization_item   EXPRESS-G

The risk_organization_or_person_in_organization_item type is an extension of the organization_or_person_in_organization_item type. It adds the data types Applied_probability_assignment, Applied_risk_impact_assignment, Applied_risk_source_assignment, Risk, Risk_attitude, Risk_consequence, Risk_context, Risk_criteria, Risk_evaluation, Risk_perception, Risk_perception_relationship, Risk_reduction, Risk_relationship, Risk_stakeholder, Risk_status and Risk_treatment to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE risk_organization_or_person_in_organization_item = EXTENSIBLE SELECT BASED_ON organization_or_person_in_organization_item WITH
   (Applied_probability_assignment,
    Applied_risk_impact_assignment,
    Applied_risk_source_assignment,
    Risk,
    Risk_attitude,
    Risk_consequence,
    Risk_context,
    Risk_criteria,
    Risk_evaluation,
    Risk_perception,
    Risk_perception_relationship,
    Risk_reduction,
    Risk_relationship,
    Risk_stakeholder,
    Risk_status,
    Risk_treatment);
END_TYPE;
(*

4.2.21 risk_property_assignment_select   EXPRESS-G

The risk_property_assignment_select type is an extension of the property_assignment_select type. It adds the data types Risk and Risk_relationship to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE risk_property_assignment_select = EXTENSIBLE SELECT BASED_ON property_assignment_select WITH
   (Risk,
    Risk_relationship);
END_TYPE;
(*

4.2.22 risk_resource_assignment_item   EXPRESS-G

The risk_resource_assignment_item type is an extension of the resource_assignment_item type. It adds the data types Applied_risk_source_assignment, Risk_analysis, Risk_assessment, Risk_communication, Risk_control, Risk_estimation, Risk_evaluation, Risk_identification, Risk_reduction and Risk_treatment to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE risk_resource_assignment_item = EXTENSIBLE SELECT BASED_ON resource_assignment_item WITH
   (Applied_risk_source_assignment,
    Risk_analysis,
    Risk_assessment,
    Risk_communication,
    Risk_control,
    Risk_estimation,
    Risk_evaluation,
    Risk_identification,
    Risk_reduction,
    Risk_treatment);
END_TYPE;
(*

4.2.23 risk_source_item   EXPRESS-G

The risk_source_item type is an extensible list of alternate data types. Additional alternate data types are specified in select data types that extend the risk_source_item type.

NOTE   This empty extensible select requires extension in a further module to ensure that entities that refer to it have at least one valid instantiation.

EXPRESS specification:

*)
TYPE risk_source_item = EXTENSIBLE GENERIC_ENTITY SELECT;
END_TYPE;
(*

4.2.24 state_risk_impact   EXPRESS-G

The state_risk_impact type is an extension of the risk_impact_item type. It adds the data type State_definition to the list of alternate data types.

NOTE  The list of entity data types may be extended in application modules that use the constructs of this module.

EXPRESS specification:

*)
TYPE state_risk_impact = EXTENSIBLE GENERIC_ENTITY SELECT BASED_ON risk_impact_item WITH
   (State_definition);
END_TYPE;
(*

4.3 ARM entity definitions

This subclause specifies the ARM entities for this module. Each ARM application entity is an atomic element that embodies a unique application concept and contains attributes specifying the data elements of the entity. The ARM entities and definitions are specified below.

4.3.1 Applied_probability_assignment   EXPRESS-GMapping table

An Applied_probability_assignment is an association of a Probability or Probability_distribution using assigned_probability to one or more events.

NOTE    This entity assigns a Probability or Probability_distribution to the items, such as a probable_event. The consequences of such an Event are represented by Risk_consequence.

EXPRESS specification:

*)
ENTITY Applied_probability_assignment;
  assigned_probability : probability_select;
  items : SET[1:?] OF probable_item;
END_ENTITY;
(*

Attribute definitions:

assigned_probability: an identifier for the Probability or Probability_distribution of identified items.

items: the object whose Probability or Probability_distribution is given by assigned_probability

4.3.2 Applied_risk_impact_assignment   EXPRESS-GMapping table

An Applied_risk_impact_assignment is an association of a Risk_impact using assigned_risk_impact to items.

EXPRESS specification:

*)
ENTITY Applied_risk_impact_assignment;
  assigned_risk_impact : Risk_impact;
  items : SET[1:?] OF risk_impact_item;
END_ENTITY;
(*

Attribute definitions:

assigned_risk_impact: an identifier for the Risk_impact of identified items.

items: the object whose Risk_impact is given by assigned_risk_impact.

4.3.3 Applied_risk_source_assignment   EXPRESS-GMapping table

An Applied_risk_source_assignment is the association of a Risk using assigned_risk to product or activity data.

EXPRESS specification:

*)
ENTITY Applied_risk_source_assignment;
  assigned_risk : Risk;
  items : SET[1:?] OF risk_source_item;
  risk_context : Risk_context;
END_ENTITY;
(*

Attribute definitions:

assigned_risk: an identifier for the Risk of identified items.

items: the object whose Risk is given by assigned_risk.

risk_context: an identifier that relates a Risk_context with an assigned_risk.

4.3.4 Applied_risk_status_assignment   EXPRESS-GMapping table

An Applied_risk_status_assignment is the association of a Risk_status to a set of one or more risk entities.

EXPRESS specification:

*)
ENTITY Applied_risk_status_assignment;
  risk : SET[1:?] OF Risk;
  risk_status : Risk_status;
END_ENTITY;
(*

Attribute definitions:

risk: an identifier for the set of Risk entities with an identified Risk_status.

risk_status: the Risk_status of the set of Risk entities.

4.3.5 Lessons_learned   EXPRESS-GMapping table

A Lessons_learned is a type of Document_assignment to associate a document with risk data, where the assigned document provides information about the Risk, Risk_criteria, Applied_risk_source_assignment data with which it is associated.

EXPRESS specification:

*)
ENTITY Lessons_learned
  SUBTYPE OF (Document_assignment);
  SELF\Document_assignment.is_assigned_to : lessons_learned_select;
END_ENTITY;
(*

Attribute definitions:

is_assigned_to: the lessons_learned_select for the Lessons_learned.

4.3.6 Organization_stakeholder   EXPRESS-GMapping table

A Organization_stakeholder is a type of Risk_stakeholder and Organization that identifies the stakeholder as an organization.

EXPRESS specification:

*)
ENTITY Organization_stakeholder
  SUBTYPE OF (Organization, Risk_stakeholder);
END_ENTITY;
(*

4.3.7 Person_in_organization_stakeholder   EXPRESS-GMapping table

A Person_in_organization_stakeholder is a type of Risk_stakeholder and Person_in_organization that identifies the stakeholder as a person in an organization.

EXPRESS specification:

*)
ENTITY Person_in_organization_stakeholder
  SUBTYPE OF (Person_in_organization, Risk_stakeholder);
END_ENTITY;
(*

4.3.8 Risk   EXPRESS-GMapping table

A Risk is the potential for realization of unwanted negative consequences of an event.

NOTE 1   DRAFT ISO GUIDE 73:2001 defines Risk as the combination of the probability of an event and its consequence. In some situations, risk is a deviation from the expected.

NOTE 2   The realization of the combination of the probability of an event and its consequence is represented by Risk_perception.

NOTE 3   The probability of an event is represented by the assignment of the entity Applied_probability_assignment to Probability or Probability_distribution with the probable_event select to identify the event. The consequence of a such an event is is represented by Risk_consequence.

NOTE 4   In situations where a Risk_consequence results in or causes an identifiable impact, for example, to the environment, the representation of such an impact is represented by Risk_impact.

EXAMPLE 1   'Line shutdown' is an example of Risk in the context of a manufacturing system's reliability.

EXAMPLE 2   'Transportation jam-up', 'customer anger', 'collateral damage', and 'greater susceptibility to interruption of supply during crises' are all examples of Risk.

EXAMPLE 3   'Privacy' and 'security' are examples of Risk for the telecommunications industry.

EXAMPLE 4   'Fly-by-wire', the form-fit-function replacement of mechanical devices with a combination of electrical, hydraulic, and pneumatic units.

EXAMPLE 5   Timing such as 'premature rejection' and 'premature commitment' are other examples of Risk.

EXPRESS specification:

*)
ENTITY Risk;
  id : STRING;
  name : STRING;
  description : OPTIONAL STRING;
END_ENTITY;
(*

Attribute definitions:

id: the identifier for the Risk. The value of this attribute need not be specified.

name: the words by which the Risk is known.

description: the text that provides further information about the Risk. The value of this attribute need not be specified.

4.3.9 Risk_acceptance   EXPRESS-GMapping table

A Risk_acceptance is the decision to accept a Risk. A Risk_acceptance is a type of Risk_treatment.

NOTE    The decision to accept a Risk depends on the evaluation of Risk_criteria with an existing Risk_perception. Such an evaluation is represented by Risk_evaluation.

EXPRESS specification:

*)
ENTITY Risk_acceptance
  SUBTYPE OF (Risk_treatment);
END_ENTITY;
(*

4.3.10 Risk_analysis   EXPRESS-GMapping table

A Risk_analysis is a systematic use of information to identify sources and to estimate the risk.

NOTE 1   Risk analysis provides a basis for Risk_evaluation and Risk_treatment.

NOTE 2   Information can include historical data, theoretical analysis, informed opinions, or the concerns of a Risk_stakeholder.

EXPRESS specification:

*)
ENTITY Risk_analysis;
  risk_identification : Risk_identification;
  risk_estimate : SET[1:?] OF Risk_estimation;
END_ENTITY;
(*

Attribute definitions:

risk_identification: the identifiable risk data type that is a part of a Risk_analysis.

risk_estimate: the estimated risk entity data types that are part of a Risk_analysis.

4.3.11 Risk_assessment   EXPRESS-GMapping table

A Risk_assessment is an overall process of Risk_analysis and Risk_evaluation.

EXPRESS specification:

*)
ENTITY Risk_assessment;
  risk_analysis : SET[1:?] OF Risk_analysis;
  risk_evaluation : SET[1:?] OF Risk_evaluation;
END_ENTITY;
(*

Attribute definitions:

risk_analysis: the Risk_analysis that is part of the Risk_assessment.

risk_evaluation: the Risk_evaluation that is part of the Risk_assessment.

4.3.12 Risk_attitude   EXPRESS-GMapping table

A Risk_attitude is a factor that helps weigh the criticality of the Risk_level.

NOTE    A negative number means risk attractive and gives a concave function if increasing, a convex if decreasing. For a risk averse utility function the risk attitude number should be positive if the function is increasing, negative if decreasing utility. The converse applies for risk attractive utility functions.

EXPRESS specification:

*)
ENTITY Risk_attitude;
  criticality_factor : NUMBER;
END_ENTITY;
(*

Attribute definitions:

criticality_factor: the factor that indicates whether the attitude towards a risk is risk averse or risk attractive.

4.3.13 Risk_avoidance   EXPRESS-GMapping table

A Risk_avoidance is a type of Risk_treatment that is a decision not to become involved in, or action to withdraw from, a risk situation.

NOTE    The decision may be taken based on the result of risk evaluation.

EXPRESS specification:

*)
ENTITY Risk_avoidance
  SUBTYPE OF (Risk_treatment);
END_ENTITY;
(*

4.3.14 Risk_communication   EXPRESS-GMapping table

A Risk_communication is an exchange or sharing of information about risk between the decision-maker and other stakeholders

NOTE    The information can relate to the existence, nature, form, probability, severity, acceptability, treatment, or other aspects of risk.

EXPRESS specification:

*)
ENTITY Risk_communication;
  inputs : SET[1:?] OF risk_communication_select;
  communicator : Risk_stakeholder;
  communicatee : SET[1:?] OF Risk_stakeholder;
END_ENTITY;
(*

Attribute definitions:

inputs: the set of risk data that comprise of the Risk_communication.

communicator: the decision-maker or stakeholder that is exchanging or sharing the risk data.

communicatee: the stakeholder or stakeholders that are receiving the risk data being exchanged or shared.

4.3.15 Risk_consequence   EXPRESS-GMapping table

A Risk_consequence is the outcome of an event.

NOTE 1   There may be one or more consequences of an event.

NOTE 2   Consequences can range from positive to negative. However, consequences are always negative for safety aspects.

NOTE 3   Consequences can be expressed qualitatively or quantitatively.

EXPRESS specification:

*)
ENTITY Risk_consequence;
  name : STRING;
  description : OPTIONAL STRING;
END_ENTITY;
(*

Attribute definitions:

name: the words by which the Risk_consequence is known.

description: the text that provides further information about the Risk_consequence. The value of this attribute need not be specified.

4.3.16 Risk_containment   EXPRESS-GMapping table

A Risk_containment is a type of Risk_treatment that is a decision to prevent the expansion of a risk situation.

NOTE    The decision to prevent the expansion of a Risk depends on the evaluation of Risk_criteria with an existing Risk_perception. Such an evaluation is represented by Risk_evaluation.

EXPRESS specification:

*)
ENTITY Risk_containment
  SUBTYPE OF (Risk_treatment);
END_ENTITY;
(*

4.3.17 Risk_context   EXPRESS-GMapping table

A Risk_context is a set of circumstances surrounding a particular risk element.

NOTE 1   The role of Applied_risk_source_assignment is represented by a Risk_context.

NOTE 2   Objective assessments of an instance of Risk_perception that involve a criticality factor is represented by Risk_level. The corresponding objective of a Risk_level is represented by Risk_objective.

EXAMPLE 1   'Safety' is an example of a role type of Risk_context.

EXAMPLE 2   'Maintaining operation readiness' is another example of Risk_context.

EXPRESS specification:

*)
ENTITY Risk_context;
  name : STRING;
  description : OPTIONAL STRING;
END_ENTITY;
(*

Attribute definitions:

name: the words by which the Risk_context is known.

description: the text that provides further information about the Risk_context. The value of this attribute need not be specified.

4.3.18 Risk_control   EXPRESS-GMapping table

A Risk_control is an action implementing risk management decisions.

NOTE    Risk control may involve monitoring, re-evaluation, and compliance with decisions.

EXPRESS specification:

*)
ENTITY Risk_control;
  monitor : SET[1:?] OF Risk_assessment;
END_ENTITY;
(*

Attribute definitions:

monitor: the set of Risk_assessment entities that is part of the Risk_control

4.3.19 Risk_criteria   EXPRESS-GMapping table

A Risk_criteria is a type of Risk_perception that is an entity that identifies the terms of reference by which the significance of risk elements are assessed.

NOTE 1   Risk criteria can be standards used to translate numerical risk estimates (e.g. 10-7 per year) as produced by a risk analysis into value judgements (e.g. `negligible risk') that can be set against other value judgements (e.g. `high economic benefits') in a decision-making process.

NOTE 2   Risk criteria comprise the technical aspect of the decision-making process.

NOTE 3   Individual Risk_criteria may be used to ensure that individual persons are not exposed to excessive risks for a given time frame, such as 'individual risks per year'.

NOTE 4   Criteria may be affected by the perceptions of stakeholders and by legal or regulatory requirements.

EXAMPLE 1   Associated cost and benefits, legal and statutory requirements, socio-economic and environmental aspects, the concerns of stakeholders, priorities and other inputs to the assessment of Risk are examples of Risk_criteria.

EXAMPLE 2   'Acceptable' and 'tolerable' are used, at times interchangeably, as Risk_criteria.

EXAMPLE 3   'Unacceptable' and 'intolerable' are also used as Risk_criteria.

EXAMPLE 4   'Maximum intolerable level' and 'broadly acceptable level' are additional examples of Risk_criteria.

EXAMPLE 5   An individual risk of '0.001' per year is an example of an individual Risk_criteria.

EXPRESS specification:

*)
ENTITY Risk_criteria
  SUBTYPE OF (Risk_perception);
END_ENTITY;
(*

4.3.20 Risk_estimation   EXPRESS-GMapping table

A Risk_estimation is used to assign values to the probability and consequences of a risk.

NOTE    Risk estimation can consider cost, benefits, the concerns of stakeholders, and other variables, as appropriate for Risk_evaluation.

EXPRESS specification:

*)
ENTITY Risk_estimation;
  inputs : SET[0:?] OF Risk_context;
  outputs : SET[1:?] OF risk_estimation_select;
END_ENTITY;
(*

Attribute definitions:

inputs: the set of Risk_evaluations that are used as part of the Risk_estimation.

outputs: the set from risk_estimation_select that is used as part of the Risk_estimation.

4.3.21 Risk_evaluation   EXPRESS-GMapping table

A Risk_evaluation is a process that compares the risk data types using risk_evaluation_select against given Risk_criteria to determine the significance of the Risk.

NOTE    Risk_evaluation may be used to assist in the acceptance or treatment decision.

EXPRESS specification:

*)
ENTITY Risk_evaluation;
  id : OPTIONAL STRING;
  name : STRING;
  description : OPTIONAL STRING;
  items : SET[1:?] OF risk_evaluation_select;
  risk_criteria : SET[1:?] OF Risk_criteria;
  risk_treatment : Risk_treatment;
END_ENTITY;
(*

Attribute definitions:

id: the identifier for the Risk_evaluation. The value of this attribute need not be specified.

name: the words by which the Risk_evaluation is known.

description: the text that provides further information about the Risk_evaluation. The value of this attribute need not be specified.

items: the set of data types from risk_evaluation_select that is part of the Risk_evaluation.

risk_criteria: the set of data types from Risk_criteria that is part of the Risk_evaluation

risk_treatment: the Risk_treatment used that is part of the Risk_evaluation

4.3.22 Risk_identification   EXPRESS-GMapping table

A Risk_identification is a process to find, list, and characterize elements of risk.

NOTE    Elements can include source, event, consequence, and probability. These elements are selected using risk_identification_select.

NOTE    Risk identification can also identify the concerns of stakeholders such as specific Risk_criteria.

EXPRESS specification:

*)
ENTITY Risk_identification;
  inputs : SET[1:?] OF risk_identification_select;
  risk_stakeholder : OPTIONAL Risk_stakeholder;
END_ENTITY;
(*

Attribute definitions:

inputs: the set of risk data types using risk_identification_select that is part of the Risk_identification.

risk_stakeholder: the concerned Risk_stakeholder that is part of the Risk_identification. The value of this attribute need not be specified.

4.3.23 Risk_impact   EXPRESS-GMapping table

A Risk_impact is a type of Risk_consequence considered to be a set of one or more secondary effects related to or resulting from a particular Risk_consequence.

NOTE    A Risk_impact is considered as an aftereffect of an immediate Risk_consequence which is identified by causal_consequence.

EXAMPLE 1   "Placement of a animal species 'A' on the endangered species list" as a result of the installation of a nuclear power plant.

EXAMPLE 2   'Groundwater contamination' as a result of chemical tankers loading and discharging hazardous chemicals weekly at port 'A'.

EXPRESS specification:

*)
ENTITY Risk_impact
  SUBTYPE OF (Risk_consequence);
  causal_consequence : OPTIONAL Risk_consequence;
END_ENTITY;
(*

Attribute definitions:

causal_consequence: the causal_consequence that resulted in one or more Risk_impact entities. The value of the attribute need not be specified.

4.3.24 Risk_level   EXPRESS-GMapping table

A Risk_level is a type of Risk_perception that has an identifiable goal or Risk_objective.

NOTE    A Risk_level includes a Risk_attitude that helps weigh the criticality of the Risk_level.

EXPRESS specification:

*)
ENTITY Risk_level
  SUBTYPE OF (Risk_perception);
  risk_attitude : Risk_attitude;
  SELF\Risk_perception.risk_context RENAMED risk_objective : Risk_objective;
END_ENTITY;
(*

Attribute definitions:

risk_attitude: the Risk_attitude by which a Risk_level is assessed.

risk_objective: the identifiable goal that is part of a Risk_level.

4.3.25 Risk_level_relationship   EXPRESS-GMapping table

A Risk_level_relationship is a type of Risk_perception_relationship that associates two instances of Risk_level.

EXPRESS specification:

*)
ENTITY Risk_level_relationship
  SUBTYPE OF (Risk_perception_relationship);
  SELF\Risk_perception_relationship.relating_risk_perception RENAMED relating_risk_level : Risk_level;
  SELF\Risk_perception_relationship.related_risk_perception RENAMED related_risk_level : Risk_level;
END_ENTITY;
(*

Attribute definitions:

relating_risk_level: one of the instances of Risk_level that is a part of the relationship.

related_risk_level: the other of the instances of Risk_level that is a part of the relationship.

4.3.26 Risk_objective   EXPRESS-GMapping table

A Risk_objective is a type of Risk_context that places a context for Risk_level assessments.

EXAMPLE    'Human safety', 'mission success', 'project time schedule', 'performance', and 'economy' are examples of Risk_objective.

EXPRESS specification:

*)
ENTITY Risk_objective
  SUBTYPE OF (Risk_context);
END_ENTITY;
(*

4.3.27 Risk_optimization   EXPRESS-GMapping table

A Risk_optimization is a type of Risk_treatment that minimizes the negative and to maximize the positive consequences and their respective probabilities.

NOTE 1   In the context of safety, Risk_optimization is focused on reducing the Risk

NOTE 2   Risk_optimization follows Risk_evaluation of Risk_criteria, including costs and legal requirements.

NOTE 3   Risk associated with Risk_control can be considered.

EXPRESS specification:

*)
ENTITY Risk_optimization
  SUBTYPE OF (Risk_treatment);
END_ENTITY;
(*

4.3.28 Risk_owner_assignment   EXPRESS-GMapping table

A Risk_owner_assignment is an association of one or more Risk entities with a Risk_stakeholder.

NOTE    There is typically only one type of risk owner for a set of risk.

EXPRESS specification:

*)
ENTITY Risk_owner_assignment;
  risk : SET[1:?] OF Risk;
  risk_owner : Risk_stakeholder;
END_ENTITY;
(*

Attribute definitions:

risk: the set of Risk entities that is part of the Risk_owner_assignment.

risk_owner: the Risk_stakeholder that is part of the Risk_owner_assignment.

4.3.29 Risk_perception   EXPRESS-GMapping table

A Risk_perception is a set of values or concerns with which a stakeholder views a particular Risk. The context in which a Risk_perception is made is represented by risk_context. A set of perceived_consequence is assigned to a Risk and a perceived_probability. As applicable, a set of perceived_impact may also be included as part of Risk_perception.

NOTE 1   There is only one probability for each perceived risk. The probability for something to happen does not vary depending on the consequences.

NOTE 2   Risk_perception depends on the stakeholder's expressed needs, issues, and knowledge.

NOTE 3   Risk_perception can differ from objective data.

NOTE 4   Risk_perception may be used qualitatively or quantitatively to form a risk matrix.

EXAMPLE 1   In the risk_context of 'human safety',

EXAMPLE 2   In the risk_context of 'mission success',

EXAMPLE 3   In the risk_context of 'project time schedule',

EXAMPLE 4   In the risk_context of 'performance',

EXAMPLE 5   In the risk_context of 'economy',

EXPRESS specification:

*)
ENTITY Risk_perception;
  name : STRING;
  description : OPTIONAL STRING;
  formation : Risk_perception_formation;
  perceived_probability : Applied_probability_assignment;
  perceived_consequence : SET[1:?] OF Risk_consequence;
  perceived_impact : SET[0:?] OF Risk_impact;
  risk_context : Risk_context;
  risk_status : Risk_status;
END_ENTITY;
(*

Attribute definitions:

name: the words by which the Risk_perception is known.

description: the text that provides further information about the Risk_perception. The value of this attribute need not be specified.

formation: the Risk_perception_formation that provides the definition of a particular Risk.

perceived_probability: the Applied_probability_assignment that provides the definition for the probability of a particular event.

perceived_consequence: the set of Risk_consequences that provides the definition for the consequences of a particular event transpiring.

perceived_impact: the set of Risk_impacts that provides the definition for the impacts of a particular event transpiring.

risk_context: an identifier that relates a Risk_context with a Risk_perception.

risk_status: an identifier that relates a Risk_status with a Risk_perception.

4.3.30 Risk_perception_formation   EXPRESS-GMapping table

A Risk_perception_formation is an identification of a specific version of Risk. A particular Risk_perception_formation is always related to exactly one Risk.

NOTE    Each instance of Risk is required to have an associated instance of Risk_perception_formation. A single Risk entity may have more than one associated Risk_perception_formation. The set of these Risk_perception_formation entities represents the revision history of the risk.

EXPRESS specification:

*)
ENTITY Risk_perception_formation;
  of_risk : Risk;
END_ENTITY;
(*

Attribute definitions:

of_risk: the Risk that is a part of the Risk_perception_formation.

4.3.31 Risk_perception_relationship   EXPRESS-GMapping table

A Risk_perception_relationship is an association between two instances of Risk_perception.

EXPRESS specification:

*)
ENTITY Risk_perception_relationship;
  name : STRING;
  description : OPTIONAL STRING;
  relating_risk_perception : Risk_perception;
  related_risk_perception : Risk_perception;
END_ENTITY;
(*

Attribute definitions:

name: the words by which the Risk_perception_relationship is known.

description: the text that provides further information about the Risk_perception_relationship. The value of this attribute need not be specified.

relating_risk_perception: one of the instances of Risk_perception that is a part of the relationship.

related_risk_perception: the other of the instances of Risk_perception that is a part of the relationship.

4.3.32 Risk_person_stakeholder   EXPRESS-GMapping table

A Risk_person_stakeholder is a type of Risk_stakeholder and Person that identifies the stakeholder as a person.

EXPRESS specification:

*)
ENTITY Risk_person_stakeholder
  SUBTYPE OF (Person, Risk_stakeholder);
END_ENTITY;
(*

4.3.33 Risk_reduction   EXPRESS-GMapping table

A Risk_reduction is an action taken to lessen the probability, negative consequences, or both, associated with a particular Risk.

EXPRESS specification:

*)
ENTITY Risk_reduction;
  id : OPTIONAL STRING;
  name : STRING;
  description : OPTIONAL STRING;
  approach : Risk_treatment;
  resolves : SET[1:?] OF mitigation_select;
  risk_evaluation : OPTIONAL Risk_evaluation;
END_ENTITY;
(*

Attribute definitions:

id: the identifier for the Risk_reduction. The value of this attribute need not be specified.

name: the words by which the Risk_reduction is known.

description: the text that provides further information about the Risk_reduction. The value of this attribute need not be specified.

approach: the identifiable Risk_treatment used in carrying out the Risk_reduction.

resolves: the identifiable set of risk data elements that are mitigated by the Risk_reduction.

risk_evaluation: the identifiable Risk_evaluation used in carrying out the Risk_reduction. The value of the attribute need not be specified.

4.3.34 Risk_relationship   EXPRESS-GMapping table

A Risk_relationship is an association between two instances of Risk.

EXPRESS specification:

*)
ENTITY Risk_relationship;
  id : STRING;
  name : STRING;
  description : OPTIONAL STRING;
  relating_risk : Risk;
  related_risk : Risk;
END_ENTITY;
(*

Attribute definitions:

id: the identifier for the Risk_relationship. The value of this attribute need not be specified.

name: the words by which the Risk_relationship is known.

description: the text that provides further information about the Risk_relationship. The value of this attribute need not be specified.

relating_risk: one of the instances of Risk that is a part of the relationship.

related_risk: the other of the instances of Risk that is a part of the relationship.

4.3.35 Risk_retention   EXPRESS-GMapping table

A Risk_retention is is a type of Risk_treatment that accepts the burden of loss, or benefit of gain, from a particular Risk.

NOTE 1   Risk_retention includes the acceptance of risks that have not been identified or unknown knowns.

NOTE 2   Risk_retention does not include treatments involving insurance, or transfer by other means.

NOTE 3   There can be variability in the degree of acceptance and dependence on Risk_criteria.

EXPRESS specification:

*)
ENTITY Risk_retention
  SUBTYPE OF (Risk_treatment);
END_ENTITY;
(*

4.3.36 Risk_stakeholder   EXPRESS-GMapping table

A Risk_stakeholder is an individual, group or organization that may affect, be affected by, or perceive itself to be affected by, the Risk.

NOTE 1   The decision-maker is also a stakeholder.

NOTE 2   Stakeholder includes but has a broader meaning than interested party (which is defined in ISO 9000:2000).

EXPRESS specification:

*)
ENTITY Risk_stakeholder
  ABSTRACT SUPERTYPE ;
END_ENTITY;
(*

4.3.37 Risk_status   EXPRESS-GMapping table

A Risk_status is a representation of a status for the Risk.

EXPRESS specification:

*)
ENTITY Risk_status;
  name : STRING;
  description : OPTIONAL STRING;
END_ENTITY;
(*

Attribute definitions:

name: the words by which the Risk_status is known.

description: the text that provides further information about the Risk_status. The value of this attribute need not be specified.

4.3.38 Risk_transfer   EXPRESS-GMapping table

A Risk_transfer is a type of Risk_treatment that shares with another party the benefit of gain, or burden of loss, for a particular Risk.

NOTE 1   Risk_transfer may be carried out through insurance or other agreements.

NOTE 2   Risk_transfer can create new risks or modify existing Risk.

NOTE 3   Relocation of the source is not Risk_transfer.

NOTE 4   Legal or statutory requirements can limit, prohibit or mandate the transfer of certain Risk.

EXPRESS specification:

*)
ENTITY Risk_transfer
  SUBTYPE OF (Risk_treatment);
END_ENTITY;
(*

4.3.39 Risk_treatment   EXPRESS-GMapping table

A Risk_treatment is the process of selection and implementation of measures to modify Risk.

NOTE 1   The term Risk_treatment is sometimes used for the measures themselves.

NOTE 2   Risk_treatment measures can include avoiding, optimizing, transferring or retaining Risk.

EXAMPLE 1   'None assigned', 'accept', 'watch', 'mitigate', and 'prevent' are examples of Risk_treatment.

EXAMPLE 2   The heuristic process 'pause and reflect' is another example of Risk_treatment.

EXAMPLE 3   'Build in and maintain options', 'use open architectures', and 'do the hard parts first' are other examples of Risk_treatment.

EXPRESS specification:

*)
ENTITY Risk_treatment;
  name : STRING;
  description : OPTIONAL STRING;
  risk_analysis : Risk_analysis;
  primary_objective : mitigation_select;
  secondary_objectives : SET[0:?] OF mitigation_select;
END_ENTITY;
(*

Attribute definitions:

name: the words by which the Risk_treatment is known.

description: the text that provides further information about the Risk_treatment. The value of this attribute need not be specified.

risk_analysis: the identifiable Risk_analysis used in Risk_treatment.

primary_objective: the set of one or more risk data types identified as the primary objective used in Risk_treatment.

secondary_objectives: the set of one or more risk data types identified as the secondary objectives used in Risk_treatment.



*)
END_SCHEMA;  -- Risk_arm
(*


© ISO — All rights reserved