Legal information

Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)

ARCH.903 Assess & mitigate the operational risks


Note the following look-up table. The approach for business, security and safety risks is generally the same, using a state model to identify potential undesired transitions.

We have a general set of terms for the state model, and a specific term for each of the three main areas of risk being assessed.


Loss state

(something bad has happened)

Not-allowed state

(something bad could happen)

Transition from allowed to not-allowed state

Allowed state

(nothing bad can happen)

SafetyAccidentHazardous stateHazard occurrenceSafe state
SecurityLossThreat stateVulnerability occurrenceNon-threat state
BusinessLossNot-allowed stateBusiness risk occurrenceAllowed state