Space systems - Risk management (ISO/DIS 17666:2015)

Systèmes spatiaux - Management des risques (ISO/DIS 17666:2015)

Vesoljski sistemi - Obvladovanje tveganja (ISO/DIS 17666:2015)

General Information

Status
Not Published
Technical Committee
Current Stage
4098 - Decision to abandon - Enquiry
Due Date
01-Aug-2016
Completion Date
13-Jan-2016

RELATIONS

Buy Standard

Draft
prEN ISO 17666:2016
English language
25 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
oSIST prEN ISO 17666:2016
01-februar-2016
Vesoljski sistemi - Obvladovanje tveganja (ISO/DIS 17666:2015)
Space systems - Risk management (ISO/DIS 17666:2015)
Systèmes spatiaux - Management des risques (ISO/DIS 17666:2015)
Ta slovenski standard je istoveten z: prEN ISO 17666
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
49.140 Vesoljski sistemi in operacije Space systems and
operations
oSIST prEN ISO 17666:2016 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO 17666:2016
---------------------- Page: 2 ----------------------
oSIST prEN ISO 17666:2016
DRAFT INTERNATIONAL STANDARD
ISO/DIS 17666
ISO/TC 20/SC 14 Secretariat: ANSI
Voting begins on: Voting terminates on:
2015-11-19 2016-02-19
Space systems — Risk management
Systèmes spatiaux — Management des risques
ICS: 49.140
ISO/CEN PARALLEL PROCESSING
This draft has been developed within the International Organization for
Standardization (ISO), and processed under the ISO lead mode of collaboration
as defined in the Vienna Agreement.
This draft is hereby submitted to the ISO member bodies and to the CEN member
bodies for a parallel five month enquiry.

Should this draft be accepted, a final draft, established on the basis of comments

received, will be submitted to a parallel two-month approval vote in ISO and
THIS DOCUMENT IS A DRAFT CIRCULATED
formal vote in CEN.
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
To expedite distribution, this document is circulated as received from the
IN ADDITION TO THEIR EVALUATION AS
committee secretariat. ISO Central Secretariat work of editing and text
BEING ACCEPTABLE FOR INDUSTRIAL,
composition will be undertaken at publication stage.
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 17666:2015(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. ISO 2015
---------------------- Page: 3 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666:2015(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2015, Published in Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2015 – All rights reserved
---------------------- Page: 4 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666
Contents Page

Foreword ................................................................................................................ Error! Bookmark not defined.

Introduction ............................................................................................................ Error! Bookmark not defined.

1 Scope ...................................................................................................................................................... 1

2 Terms, definitions and abbreviated terms .......................................................................................... 1

3 Principles of risk management ............................................................................................................ 3

4 The risk management process ............................................................................................................. 4

5 Risk management implementation .................................................................................................... 10

6 Risk management requirements ........................................................................................................ 12

Annex A (informative) Risk register example and ranked risk log example ............................................... 16

Annex B (informative) Risk Management Plan (DRD) ................................................................................... 18

Bibliography ...................................................................................................................................................... 20

ISO/DIS 17666 iii
---------------------- Page: 5 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies

(ISO member bodies). The work of preparing International Standards is normally carried out through ISO

technical committees. Each member body interested in a subject for which a technical committee has been

established has the right to be represented on that committee. International organizations, governmental and

non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the

International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of technical committees is to prepare International Standards. Draft International Standards

adopted by the technical committees are circulated to the member bodies for voting. Publication as an

International Standard requires approval by at least 75 % of the member bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO 17666 was prepared by the Technical Committee ISO/TC 20, Aircraft and space vehicles, Subcommittee

SC 14, Space systems and operations.
iv ISO/DIS 17666
---------------------- Page: 6 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666
Introduction

Risks are a threat to the project success because they have negative effects on the project cost, schedule and

technical performance, but appropriate practices of controlling risks can also present new opportunities with

positive impact.

The objective of project risk management is to identify, assess, reduce, accept, and control space project risks

in a systematic, proactive, comprehensive, and cost-effective manner, taking into account the project’s

technical and programmatic constraints. Risk is considered tradable against the conventional known project

resources within the management, programmatic (e.g. cost, schedule), and technical (e.g. mass, power,

dependability, safety) domains. The overall risk management in a project is an iterative process throughout

the project life cycle, with iterations being determined by the project progress through the different project

phases, and by changes to a given project baseline influencing project resources.

Risk management is implemented at each level of the customer-supplier network.

Known project practices for dealing with project risks, such as system and engineering analyses, analyses of

safety, critical items, dependability, critical path, and cost, are an integral part of project risk management.

Ranking of risks according to their criticality for the project success, allowing management attention to be

directed to the essential issues, is a major objective of risk management.

The project actors agree on the extent of the risk management to be implemented into a given project

depending on the project definition and characterization.
ISO/DIS 17666 v
---------------------- Page: 7 ----------------------
oSIST prEN ISO 17666:2016
---------------------- Page: 8 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666
1 Scope

This Standard defines, extending the requirements of ISO 14300-1, the principles and requirements for

integrated risk management on a space project; it explains what is needed to implement a project-integrated

risk management policy by any project actor, at any level (i.e. customer, first-level supplier, or lower-level

suppliers).

This Standard contains a summary of the general risk management process, which is subdivided into four (4)

basic steps and nine (9) tasks. The implementation can be tailored to project specific conditions.

The risk management process requires information exchange among all project domains and provides

visibility over risks, with a ranking according to their criticality for the project; these risks are monitored and

controlled according to the rules defined for the domains to which they belong.

The fields of application of this standard are all the space project phases. A definition of project phasing is

given in ISO 14300-1.

When viewed from the perspective of a specific programme or project context, the requirements defined in this

Standard should be tailored to match the genuine requirements of a particular profile and circumstances of a

programme or project.

NOTE Tailoring is a process by which individual requirements or specifications, standards, and related documents are

evaluated and made applicable to a specific programme or project by selection, and in some exceptional cases,

modification and addition of requirements in the standards.
2 Terms, definitions and abbreviated terms
2.1 Terms and definitions
For the purposes of this Standard, the following terms and definitions apply.
2.1.1
acceptance of (risk)
decision to cope with consequences, should a risk scenario materialise

NOTE 1: A risk can be accepted when its magnitude is less than a given threshold, defined in the risk management policy.

NOTE 2: In the context of risk management, acceptance can mean that even though a risk is not eliminated, its existence

and magnitude are acknowledged and tolerated.
2.1.2
(risk) communication

all information and data necessary for risk management addressed to a decision maker and to relevant actors

within the project hierarchy
2.1.3
(risk) index

score used to measure the magnitude of the risk; it is a combination of the likelihood of occurrence and the

severity of consequence, where scores are used to measure likelihood and severity

2.1.4
individual (risk)
risk identified, assessed, and mitigated as a distinct risk items in a project
2.1.5
(risk) management
ISO/DIS 17666 1
---------------------- Page: 9 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666

systematic and iterative optimisation of the project resources, performed according to the established project

risk management policy
2.1.6
(risk) management policy

describes the organisation’s attitude towards risks, how it conducts risk management, the risks it is prepared

to accept and defines the main requirements for the risk management plan
2.1.7
(risk) management process

consists of all the project activities related to the identification, assessment, reduction, acceptance, and

feedback of risks
2.1.8
overall (risk)

risk resulting from the assessment of the combination of individual risks and their impact on each other, in the

context of the whole project

NOTE: Overall risk can be expressed as a combination of qualitative and quantitative assessment.

2.1.9
(risk) reduction

implementation of measures that leads to reduction of the likelihood or severity of risk

NOTE: Preventive measures aim at eliminating the cause of a problem situation, and mitigation measures aim at

preventing the propagation of the cause to the consequence or reducing the severity of the consequence or the likelihood

of the occurrence.
2.1.10
residual (risk)
risk remaining after implementation of risk reduction measures
2.1.11
resolved (risk)
risk that has been rendered acceptable
2.1.12
risk

undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative

consequence on a project

NOTE: Risks arise from uncertainty due to a lack of predictability or control of events. Risks are inherent to any project

and can arise at any time during the project life cycle; reducing these uncertainties reduces the risk.

2.1.13
(risk) scenario

sequence or combination of events leading from the initial cause to the unwanted consequence

NOTE: The cause can be a single event or something activating a dormant problem.
2.1.14
(risk) trend
evolution of risks throughout the life cycle of a project
2.1.15
unresolved (risk)

risk for which risk reduction attempts are not feasible, cannot be verified, or have proven unsuccessful: a risk

remaining unacceptable
2 ISO/DIS 17666
---------------------- Page: 10 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666
2.2 Abbreviated terms
The following abbreviated terms are defined and used within this Standard.
ECSS European Cooperation for Space Standardization
IEC International Electrotechnical Commission
3 Principles of risk management
3.1 Risk management concept

Risk management is a systematic and iterative process for optimising resources in accordance with the

project’s risk management policy. It is integrated through defined roles and responsibilities into the day to day

activities in all project domains. Risk management assists managers and engineers when including risk

aspects in management and engineering practices and judgement throughout the project life cycle. It is

performed in an integrated, holistic way, maximising the overall benefits in areas such as:

 design, construction, testing, operation, maintenance, and disposal, together with their interfaces;

 control over risk consequences;
 management, cost, and schedule.

This process adds value to the data that is routinely developed, maintained, and reported.

3.2 Risk management process

The entire spectrum of risks is assessed. Tradeoffs are made among different, and often competing, goals.

Undesired events are assessed for their severity and likelihood of occurrence. The assessments of the

alternatives for mitigating the risks are iterated, and the resulting measurements of performance and risk trend

are used to optimise the tradable resources.

Within the risk management process, available risk information is produced and structured, facilitating risk

communication and management decision making. The results of risk assessment and reduction and the

residual risks are communicated to the project team for information and follow-up.

3.3 Risk management implementation into a project

Risk management requires corporate commitment in each actor’s organisation and the establishment of clear

lines of responsibility and accountability from corporate level downwards. Project management has the overall

responsibility for the implementation of risk management, ensuring an integrated, coherent approach for all

project domains.

Risk management is a continuous, iterative process. It constitutes an integral part of normal project activity

and is embedded within the existing management processes. It utilises the existing elements of the project

management processes to the maximum extent possible.
3.4 Risk management documentation

The risk management process is documented to ensure that the risk management policies are established,

understood, implemented, and maintained, and that they are traceable to the origin and rationale of all risk-

related decisions made during the life of the project.
ISO/DIS 17666 3
---------------------- Page: 11 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666
4 The risk management process
4.1 Overview of the risk management process

The iterative four-step risk management process of a project is illustrated in Figure 1. The tasks to be

performed within each of these steps are shown in Figure 2.

Step 1 comprises the establishment of the risk management policy (Task 1) and risk management plan (Task

2), and is performed at the beginning of a project. The implementation of the risk management process

consists of a number of “risk management cycles” over the project duration comprising the Steps 2 to 4,

subdivided into the seven Tasks 3 to 9.

The period designated in the illustration with “Risk management process” comprises all the project phases of

the project concerned. The frequency and project events at which cycles are required in a project (only three

are shown in Figure 1 for illustration purposes) depend on the needs and complexity of the project and need

to be defined during Step 1. Unforeseen cycles are required when changes to, for example, the schedule,

technologies, techniques, and performance of the project baseline occur.

Risks at any stage of the project are controlled as part of the project management activities.

Figure 1 — The steps and cycles in the risk management process
4 ISO/DIS 17666
---------------------- Page: 12 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666

Figure 2 — The tasks associated with the steps of the risk management process within the risk

management cycle
4.2 Risk management steps and tasks
4.2.1 Step 1: Define risk management implementation requirements
4.2.1.1 Purpose

To initiate the risk management process by defining the project risk management policy and preparing the

project risk management plan .
4.2.1.2 Task 1: Define the risk management policy
The following activities are included in this task:
a) Identification of the set of resources with impact on risks.
b) Identification of the project goals and resource constraints.

c) Description of the project strategy for dealing with risks, such as the definition of margins and the

apportionment of risk between customer and supplier.
ISO/DIS 17666 5
---------------------- Page: 13 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666

d) Definition of scheme for ranking the risk goals according to the requirements of the project.

e) Establishment of scoring schemes for the severity of consequences and likelihood of occurrence for the

relevant tradable resources as shown in the examples given in Figures 3 and 4 ).

f) Establishment of a risk index scheme to denote the magnitudes of the risks of the various risk scenarios

as shown, for example in Figure 5 ).
Figure 3 — Example of a severity-of-consequence scoring scheme
Figure 4 — Example of a likelihood scoring scheme

g) Establishment of criteria to determine the actions to be taken on risks of various risk magnitudes and the

associated risk decision levels in the project structure (as in the example in Figure 6 ).

h) Definition of risk acceptance criteria for individual risks.

NOTE: The acceptability of likelihood of occurrence and severity of consequence are both program dependent.

For example, when a program is advancing new research, technology development or management, a high

probability of a consequence that greatly increase the cost can be acceptable.
i) Establishment of a method for the ranking and comparison of risks.
j) Establishment of a method to measure the overall risk.
k) Establishment of acceptance criteria for the overall risk.

l) Definition of the strategy for monitoring the risks and the formats to be used for communicating risk data

to the decision makers and all relevant actors within the project hierarchy.

m) Description of the review, decision, and implementation flow within the project concerning all risk

management matters.

In the examples, five categories are used for illustration only; more or fewer categories or designations are also possible.

In the example, risk magnitude categorization (“Red”, “Yellow”, “Green”) is used for illustration only. Different

designations are also possible.

In the example, risk magnitude designation, acceptability, and proposed actions are used for illustration only. Project-

specific policy definitions can be different.
6 ISO/DIS 17666
---------------------- Page: 14 ----------------------
oSIST prEN ISO 17666:2016
ISO/DIS 17666
Figure 5 — Example of risk index and magnitude scheme

Figure 6 — Example of risk magnitude designations and proposed actions for individual risks

4.2.1.3 Task 2: Prepare the risk management plan

The risk management plan contains the following typical data (see the informative annex B):

a) Description of the project risk management organisation including its role and responsibility.

b) Summary of the risk management policy.
c) The risk management-related documentation and follow-up concept.
d) The scope of risk management over the project duratio
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.