Space systems — Risk management

ISO 17666:2016 defines, extending the requirements of ISO 14300‑1, the principles and requirements for integrated risk management on a space project. It explains what is needed to implement a project-integrated risk management policy by any project actor, at any level (i.e. customer, first-level supplier, or lower-level suppliers). It contains a summary of the general risk management process, which is subdivided into four (4) basic steps and nine (9) tasks. The implementation can be tailored to project-specific conditions. The risk management process requires information exchange among all project domains and provides visibility over risks, with a ranking according to their criticality for the project; these risks are monitored and controlled according to the rules defined for the domains to which they belong. The fields of application of ISO 17666:2016 are all the space project phases. A definition of project phasing is given in ISO 14300‑1. When viewed from the perspective of a specific programme or project context, the requirements defined in ISO 17666:2016 are tailored to match the genuine requirements of a particular profile and circumstances of a programme or project.

Systèmes spatiaux — Management des risques

General Information

Status
Published
Publication Date
13-Nov-2016
Current Stage
9093 - International Standard confirmed
Completion Date
14-Mar-2022
Ref Project

Relations

Buy Standard

Standard
ISO 17666:2016 - Space systems -- Risk management
English language
20 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO
STANDARD 17666
Second edition
2016-11-15
Space systems — Risk management
Systèmes spatiaux — Management des risques
Reference number
ISO 17666:2016(E)
©
ISO 2016

---------------------- Page: 1 ----------------------
ISO 17666:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 17666:2016(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
4 Abbreviated terms . 3
5 Principles of risk management . 3
5.1 Risk management concept . 3
5.2 Risk management process . 3
5.3 Risk management implementation into a project . 3
5.4 Risk management documentation . 4
6 The risk management process . 4
6.1 Overview of the risk management process . 4
6.2 Risk management steps and tasks . 6
6.2.1 Step 1: Define risk management implementation requirements. 6
6.2.2 Step 2: Identify and assess the risks . 9
6.2.3 Step 3: Decide and act . 9
6.2.4 Step 4: Monitor, communicate, and accept risks .10
7 Risk management implementation .11
7.1 General considerations .11
7.2 Responsibilities .11
7.3 Project life cycle considerations .12
7.4 Risk visibility and decision making .12
7.5 Documentation of risk management.12
8 Risk management requirements .13
8.1 General .13
8.2 Risk management process requirements .13
8.3 Risk management implementation requirements .15
Annex A (informative) Risk register example and ranked risk log example .16
Annex B (informative) Risk management plan (DRD) .18
Bibliography .20
© ISO 2016 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 17666:2016(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/TC 20, Aircraft and space vehicles, Subcommittee
SC 14, Space systems and operations.
This second edition cancels and replaces the first edition (ISO 17666:2003), of which it constitutes a
minor revision. Annex B has been added in this edition and contains a DRD for consideration when
preparing the risk management plan.
iv © ISO 2016 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 17666:2016(E)

Introduction
Risks are a threat to the project success because they have negative effects on the project cost, schedule
and technical performance, but appropriate practices of controlling risks can also present new
opportunities with positive impact.
The objective of project risk management is to identify, assess, reduce, accept, and control space project
risks in a systematic, proactive, comprehensive, and cost-effective manner, taking into account the
project’s technical and programmatic constraints. Risk is considered tradable against the conventional
known project resources within the management, programmatic (e.g. cost, schedule), and technical (e.g.
mass, power, dependability, safety) domains. The overall risk management in a project is an iterative
process throughout the project life cycle, with iterations being determined by the project progress
through the different project phases, and by changes to a given project baseline influencing project
resources.
Risk management is implemented at each level of the customer-supplier network.
Known project practices for dealing with project risks, such as system and engineering analyses,
analyses of safety, critical items, dependability, critical path, and cost, are an integral part of project
risk management. Ranking of risks according to their criticality for the project success, allowing
management attention to be directed to the essential issues, is a major objective of risk management.
The project actors agree on the extent of the risk management to be implemented into a given project
depending on the project definition and characterization.
© ISO 2016 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 17666:2016(E)
Space systems — Risk management
1 Scope
This document defines, extending the requirements of ISO 14300-1, the principles and requirements
for integrated risk management on a space project. It explains what is needed to implement a project-
integrated risk management policy by any project actor, at any level (i.e. customer, first-level supplier,
or lower-level suppliers).
This document contains a summary of the general risk management process, which is subdivided into
four (4) basic steps and nine (9) tasks. The implementation can be tailored to project-specific conditions.
The risk management process requires information exchange among all project domains and provides
visibility over risks, with a ranking according to their criticality for the project; these risks are
monitored and controlled according to the rules defined for the domains to which they belong.
The fields of application of this document are all the space project phases. A definition of project phasing
is given in ISO 14300-1.
When viewed from the perspective of a specific programme or project context, the requirements
defined in this document are tailored to match the genuine requirements of a particular profile and
circumstances of a programme or project.
NOTE Tailoring is a process by which individual requirements or specifications, standards, and related
documents are evaluated and made applicable to a specific programme or project by selection, and in some
exceptional cases, modification and addition of requirements in the standards.
2 Normative references
There are no normative references in this document.
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
3.1.1
acceptance of risk
decision to cope with consequences, should a risk scenario materialise
Note 1 to entry: A risk can be accepted when its magnitude is less than a given threshold, defined in the risk
management policy.
Note 2 to entry: In the context of risk management, acceptance can mean that even though a risk is not eliminated,
its existence and magnitude are acknowledged and tolerated.
© ISO 2016 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 17666:2016(E)

3.1.2
risk communication
all information and data necessary for risk management addressed to a decision maker and to relevant
actors within the project hierarchy
3.1.3
risk index
combined score used to measure the likelihood of occurrence, magnitude, and severity of risk
3.1.4
individual risk
risk identified, assessed, and mitigated as a distinct risk items in a project
3.1.5
risk management
systematic and iterative optimisation of the project resources, performed according to the established
project risk management policy
3.1.6
risk management policy
organisation’s attitude towards risks, how it conducts risk management, the risks it is prepared to
accept and how it defines the main requirements for the risk management plan
3.1.7
risk management process
all project activities related to the identification, assessment, reduction, acceptance, and feedback of risks
3.1.8
overall risk
risk resulting from the assessment of the combination of individual risks and their impact on each other,
in the context of the whole project
Note 1 to entry: Overall risk can be expressed as a combination of qualitative and quantitative assessment.
3.1.9
risk reduction
implementation of measures that leads to reduction of the likelihood or severity of risk
Note 1 to entry: Preventive measures aim at eliminating the cause of a problem situation, and mitigation measures
aim at preventing the propagation of the cause to the consequence or reducing the severity of the consequence or
the likelihood of the occurrence.
3.1.10
residual risk
risk remaining after implementation of risk reduction measures
3.1.11
resolved risk
risk that has been rendered acceptable
3.1.12
risk
undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative
consequence on a project
Note 1 to entry: Risks arise from uncertainty due to a lack of predictability or control of events. Risks are inherent
to any project and can arise at any time during the project life cycle; reducing these uncertainties reduces the risk.
2 © ISO 2016 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 17666:2016(E)

3.1.13
risk scenario
sequence or combination of events leading from the initial cause to the unwanted consequence
Note 1 to entry: The cause can be a single event or something activating a dormant problem.
3.1.14
risk trend
evolution of risks throughout the life cycle of a project
3.1.15
unresolved risk
risk for which risk reduction attempts are not feasible, cannot be verified, or have proven unsuccessful
Note 1 to entry: It can also be defined as a risk remaining unacceptable.
4 Abbreviated terms
The following abbreviated terms are defined and used within this document.
ECSS European Cooperation for Space Standardization
IEC International Electrotechnical Commission
5 Principles of risk management
5.1 Risk management concept
Risk management is a systematic and iterative process for optimising resources in accordance with the
project’s risk management policy. It is integrated through defined roles and responsibilities into the
day-to-day activities in all project domains. Risk management assists managers and engineers when
including risk aspects in management and engineering practices and judgement throughout the project
life cycle. It is performed in an integrated, holistic way, maximising the overall benefits in areas such as:
— design, construction, testing, operation, maintenance, and disposal, together with their interfaces,
— control over risk consequences, and
— management, cost, and schedule.
This process adds value to the data that is routinely developed, maintained, and reported.
5.2 Risk management process
The entire spectrum of risks is assessed. Trade-offs are made among different, and often competing,
goals. Undesired events are assessed for their severity and likelihood of occurrence. The assessments
of the alternatives for mitigating the risks are iterated, and the resulting measurements of performance
and risk trend are used to optimise the tradable resources.
Within the risk management process, available risk information is produced and structured, facilitating
risk communication and management decision making. The results of risk assessment and reduction
and the residual risks are communicated to the project team for information and follow-up.
5.3 Risk management implementation into a project
Risk management requires corporate commitment in each actor’s organisation and the establishment
of clear lines of responsibility and accountability from corporate level downwards. Project management
© ISO 2016 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 17666:2016(E)

has the overall responsibility for the implementation of risk management, ensuring an integrated,
coherent approach for all project domains.
Risk management is a continuous, iterative process. It constitutes an integral part of normal project
activity and is embedded within the existing management processes. It utilises the existing elements of
the project management processes to the maximum extent possible.
5.4 Risk management documentation
The risk management process is documented to ensure that the risk management policies are
established, understood, implemented, and maintained, and that they are traceable to the origin and
rationale of all risk-related decisions made during the life of the project.
6 The risk management process
6.1 Overview of the risk management process
The iterative four-step risk management process of a project is illustrated in Figure 1. The tasks to be
performed within each of these steps are shown in Figure 2.
Step 1 comprises the establishment of the risk management policy (Task 1) and risk management plan
(Task 2), and is performed at the beginning of a project. The implementation of the risk management
process consists of a number of “risk management cycles” over the project duration comprising Steps 2
to 4, subdivided into seven: Tasks 3 to 9.
The period designated in the illustration with “Risk management process” comprises all the project
phases of the project concerned. The frequency and project events at which cycles are required in a
project (only three are shown in Figure 1 for illustration purposes) depend on the needs and complexity
of the project and need to be defined during Step 1. Unforeseen cycles are required when changes to, for
example, the schedule, technologies, techniques, and performance of the project baseline occur.
Risks at any stage of the project are controlled as part of the project management activities.
4 © ISO 2016 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 17666:2016(E)

Figure 1 — Steps and cycles in the risk management process
© ISO 2016 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO 17666:2016(E)

Figure 2 — Tasks associated with the steps of the risk management process within the risk
management cycle
6.2 Risk management steps and tasks
6.2.1 Step 1: Define risk management implementation requirements
6.2.1.1 Purpose
To initiate the risk management process by defining the project risk management policy and preparing
the project risk management plan.
6.2.1.2 Task 1: Define the risk management policy
The following activities are included in this task:
a) Identification of the set of resources with impact on risks.
b) Identification of the project goals and resource constraints.
c) Description of the project strategy for dealing with risks, such as the definition of margins and the
apportionment of risk between customer and supplier.
d) Definition of scheme for ranking the risk goals according to the requirements of the project.
6 © ISO 2016 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 17666:2016(E)

e) Establishment of scoring schemes for the severity of consequences and likelihood of occurrence for
the relevant tradable resources as shown in the examples given in Figures 3 and 4.
f) Establishment of a risk index scheme to denote the magnitudes of the risks of the various risk
scenarios as shown, for example, in Figure 5.
NOTE In the examples, five categories are used for illustration only; more or fewer categories or designations
are also possible.
Figure 3 — Example of a severity-of-consequence scoring scheme
NOTE In the examples, five categories are used for illustration only; more or fewer categories or designations
are also possible.
Figure 4 — Example of a likelihood scoring scheme
g) Establishment of criteria to determine the actions to be taken on risks of various risk magnitudes
and the associated risk decision levels in the project structure (as in the example in Figure 6).
h) Definition of risk acceptance criteria for individual risks.
NOTE The acceptability of likelihood of occurrence and severity of consequence are both
program dependent.
For example, when a program is advancing new research, technology development or management,
a high probability of a consequence that greatly increase the cost can be acceptable.
i) Establishment of a method for the ranking and comparison of risks.
j) Establishment of a method to measure the overall risk.
k) Establishment of acceptance criteria for the overall risk.
l) Definition of the strategy for monitoring the risks and the formats to be used for communicating
risk data to the decision makers and all relevant actors within the project hierarchy.
m) Description of the review, decision, and implementation flow within the project concerning all risk
management matters.
© ISO 2016 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO 17666:2016(E)

NOTE In the example, risk magnitude categorization (“Red,” “Yellow,” “Green”) is used for illustration only.
Different designations are also possible.
Figure 5 — Example of risk index and magnitude scheme
NOTE In the example, risk magnitude designation, acceptability, and proposed actions are used for
illustration only. Project-specific policy definitions can be different.
Figure 6 — Example of risk magnitude designations and proposed actions for individual risks
6.2.1.3 Task 2: Prepare the risk management plan
The risk management plan contains the following typical data (see the informative Annex B).
a) Description of the project risk management organisation including its role and responsibility.
b) Summary of the risk management policy.
c) The risk management-related documentation and follow-up concept.
d) The scope of risk management over the project duration.
8 © ISO 2016 – All rights reserved

---------------------- Page: 13 ----------------------
ISO 17666:2016(E)

6.2.2 Step 2: Identify and assess the risks
6.2.2.1 Purpose
To identify each of the risk scenarios, to determine then, based on the outputs from Step 1, the
magnitude of the individual risks and, finally, to rank them. Data from all project domains are used
(managerial, programmatic, and technical).
6.2.2.2 Task 3: Identify risk scenarios
The following activities are included in this task:
a) Identification of the risk scenarios, including causes and consequences, according to the risk
management policy.
b) Identification of the means of early warning (detection) for the occurrence of an undesirable event,
to prevent propagation of consequences.
c) Identification of the project objectives at risk.
6.2.2.3 Task 4: Assess the risks
The following activities are included in this task:
a) Determination of the severity of consequences of each risk scenario.
b) Determination of the likelihood of each risk scenario.
c) Determination of the risk index for each risk scenario.
d) Utilization of available information sources and application of suitable methods to support the
assessment process.
e) Determination of the magnitude of risk of each risk scenario.
f) Determination of the overall project risk through an evaluation of identified individual risks, their
magnitudes and interactions, and resultant impact on the project.
6.2.3 Step 3: Decide and act
6.2.3.1 Purpose
To analyse the acceptability of risks and risk reduction options according to the risk management
policy, and to determine the appropriate risk reduction strategy.
6.2.3.2 Task 5: Decide if the risks may be accepted
The following activities are included in this task:
a) Application of the risk acceptance criteria to the risks.
b) Identification of acceptable risks, the risk that will be subjected to risk reduction, and determination
of the management decision level.
c) For accepted risks, proceed directly to Step 4 (5.2.4); for unacceptable risks, proceed to Task 6
(5.2.3.3).
© ISO 2016 – All rights reserved 9

---------------------- Page: 14 ----------------------
ISO 17666:2016(E)

6.2.3.3 Task 6: Reduce the risks
The following activities are included in this task:
a) Determination of preventive and mitigation measures/options for each unacceptable risk.
b) Determination of risk reduction success, failure, and verification criteria.
c) Determination of the risk reduction potential of each measure in conjunction with the optimisation
of tradable resources.
d) Selection of the best risk reduction measures and decision on priorities for implementation, at the
appropriate decision making level in the project according to the risk management plan.
e) Verification of risk reduction.
f) Identification of the risks that cannot be reduced to an acceptable level and presentation to the
appropriate management level for disposition.
g) Identification of the reduced risks for which risk reduction cannot be verified.
h) Identification of the risk reduction potential of all risk reduction efforts with respect to the
overall risk.
i) Documentation of the successfully reduced risks in a resolved risks list; and the unsuccessfully
reduced risks in an unresolved risks list: present the latter to the appropriate management level
for disposition.
6.2.3.4 Task 7: Recommend acceptance
The following activities are included in this task:
a) Decision options for acceptance of risks.
b) Approval of acceptable and resolved risks.
c) Presentation of unresolved risks for further action.
6.2.4 Step 4: Monitor, communicate, and accept risks
6.2.4.1 Purpose
To track, monitor, update, iterate, and communicate, and finally accept the risks.
6.2.4.2 Task 8: Monitor and communicate the risks
The following activities are included in this task:
a) Periodical assessment and review of all identified risks and updating of the results after each
iteration of the risk management process.
b) Identification of changes to existing risks and initiation of new risk analysis needed in order to
decrease uncertainties.
c) Verification of the performance and effect of corresponding risk reduction.
d) Illustration of the risk trend over the project evolution by identifying how the magnitudes of risk
have changed over project time. An example of a risk trend of technical risks, which are main risk
contributors at the first project milestone, is provided in Figure 7. S1, S2, and S3 are three risk
scenarios.
e) Communication of the risks and the risk trend to the appropriate level of management.
10 © ISO 2016 – All rights reserved

---------------------- Page: 15 ----------------------
ISO 17666:2016(E)

f) Implementation of an alert system for new risks.
NOTE In the example, the evolution of S1 shows that in spite of risk reduction efforts, risk trend can worsen
before improvement.
Figure 7 — Example of a risk trend
6.2.4.3 Task 9: Submit risks for acceptance
The following activities are included in this task:
a) Submittal of the risks for formal risk acceptance by the appropriate level of management.
b) Return to Task 6 for risks not accepted.
7 Risk management implementation
7.1 General considerations
a) Risk management is performed within the normal project management structure, ensuring a
systematic risk identification, assessment, and follow-up of risks.
b) Risk management is implemented as a team effort, with tasks and responsibilities being assigned
to the functions and individuals within the project organisation with the most relevant expertise in
the areas concerned by a given risk.
c) The results of risk management are considered in the routine project management process a
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.