Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)
ARCH.903 Assess & mitigate the operational risks
- ARCH.171 Prepare business risk analysis
- ARCH.172 Prepare security risk analysis
- ARCH.173 Prepare safety risk analysis
- ARCH.020 Identify & classify operational deviations
- ARCH.011 Assess operational performance risks of scenario
- ARCH.017 Assess security risks of scenario
- ARCH.024 Assess operational safety risks of scenario
- ARCH.029 Allocate risk control responsibilities (op. activity to op. entity/actor)
- ARCH.175 Produce consolidated operational deviation analysis report
Note the following look-up table. The approach for business, security and safety risks is generally the same, using a state model to identify potential undesired transitions.
We have a general set of terms for the state model, and a specific term for each of the three main areas of risk being assessed.
Loss state (something bad has happened) | Not-allowed state (something bad could happen) | Transition from allowed to not-allowed state | Allowed state (nothing bad can happen) | |
---|---|---|---|---|
Safety | Accident | Hazardous state | Hazard occurrence | Safe state |
Security | Loss | Threat state | Vulnerability occurrence | Non-threat state |
Business | Loss | Not-allowed state | Business risk occurrence | Allowed state |