SIST EN ISO 17666:2004
(Main)Space systems - Risk management (ISO 17666:2003)
Space systems - Risk management (ISO 17666:2003)
ISO 17666:2003 extends the requirements of ISO 14300-1, the principles and requirements for integrated risk management on a space project. It explains what is needed to implement a project-integrated risk management policy by any project actor, at any level (i.e. customer, first-level supplier, or lower-level suppliers).
ISO 17666:2003 contains a summary of the general risk management process, which is subdivided into four (4) basic steps and nine (9) tasks. The implementation can be tailored to project-specific conditions.
The risk management process requires information exchange among all project domains and provides visibility over risks, with a ranking according to their criticality for the project. These risks are monitored and controlled according to the rules defined for the domains to which they belong.
ISO 17666:2003 is applicable to all space project phases, as defined in ISO 14300-1.
When viewed from the perspective of a specific programme or project context, the requirements defined in ISO 17666:2003 should be tailored to match the genuine requirements of a particular profile and circumstances of a programme or project.
Raumfahrtsysteme - Risikomanagement (ISO 17666:2003)
Diese Europäische Norm legt in Ergänzung der Anforderungen nach ISO 14300-1 Grundsätze für und Anforderungen an das integrierte Risikomanagement für Raumfahrtprojekte fest; sie erläutert, was zur Umsetzung einer projektintegrierten Risikomanagementpolitik von jedem Projektbeteiligten auf allen Ebenen, d. h. den Kunden, Lieferanten oder Zulieferern der ersten Ebene oder Vorlieferanten, verlangt wird.
Diese Europäische Norm enthält eine Zusammenfassung aller Elemente des Risikomanagementprozesses, der in vier (4) Schritte und neun (9) Aufgaben unterteilt wird, wobei die Durchführung des Prozesses an die projektspezifischen Bedingungen angepasst werden kann.
Der Risikomanagementprozess erfordert den Informationsaustausch zwischen sämtlichen Projektbereichen und liefert eine Übersicht über die Risiken, die entsprechend ihrer Kritikalität für das Projekt eingestuft werden; diese Risiken sind nach den Regeln zu überwachen und zu steuern, die für den jeweiligen Bereich festgelegt sind.
Der Anwendungsbereich dieser Norm erstreckt sich auf sämtliche Phasen von Raumfahrtprojekten. Eine
Definition von Projektphasen findet sich in ISO 14300-1.
Im Kontext eines spezifischen Programm- oder Projektumfeldes sollten die in dieser Europäischen Norm festgelegten Anforderungen an die profilspezifischen Anforderungen oder die Umstände eines bestimmten
Projekts angepasst werden.
ANMERKUNG Tailoring ist ein Verfahren, bei dem einzelne Anforderungen in Spezifikationen, Normen und ähnlichen Dokumenten bewertet und für ein bestimmtes Projekt durch Auswahl oder in Ausnahmefällen, durch Modifikation bestehender oder Hinzufügen neuer Anforderungen anwendbar gemacht werden.
Systemes spatiaux - Management des risques (ISO 17666:2003)
L'ISO 17666:2003 définit, dans la continuité des exigences de l'ISO 14300-1, les principes et les exigences d'un management des risques intégré pour un projet spatial. Elle présente les éléments nécessaires à la mise en oeuvre d'une politique de management des risques intégrée par tout acteur du projet, à tous les niveaux (client, fournisseur de premier niveau ou fournisseurs de niveaux inférieurs).
L'ISO 17666:2003 contient un résumé du processus général de management des risques qui est subdivisé en quatre (4) phases essentielles et neuf (9) tâches. La mise en oeuvre peut être adaptée aux conditions spécifiques du projet.
Le processus de management des risques implique un échange d'informations entre tous les domaines du projet et fournit une visibilité sur les risques et une classification en fonction de leur criticité vis-à-vis du projet. Ces risques sont surveillés et maîtrisés en fonction des règles définies du domaine auquel ils appartiennent.
L'ISO 17666:2003 s'applique à toutes les phases du projet spatial, comme défini dans l'ISO 14300-1.
Dans le contexte d'un projet ou d'un programme spécifique, il convient d'adapter les exigences définies dans l'ISO 17666:2003 aux exigences véritables relatives au profil spécifique et aux circonstances particulières du projet ou du programme.
Space systems - Risk management (ISO 17666:2003)
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN ISO 17666:2004
01-maj-2004
Space systems - Risk management (ISO 17666:2003)
Space systems - Risk management (ISO 17666:2003)
Raumfahrtsysteme - Risikomanagement (ISO 17666:2003)
Systemes spatiaux - Management des risques (ISO 17666:2003)
Ta slovenski standard je istoveten z: EN ISO 17666:2003
ICS:
49.140 Vesoljski sistemi in operacije Space systems and
operations
SIST EN ISO 17666:2004 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN ISO 17666:2004
---------------------- Page: 2 ----------------------
SIST EN ISO 17666:2004
EUROPEAN STANDARD
EN ISO 17666
NORME EUROPÉENNE
EUROPÄISCHE NORM
April 2003
ICS 49.140
English version
Space systems - Risk management (ISO 17666:2003)
Systèmes spatiaux - Management des risques (ISO
17666:2003)
This European Standard was approved by CEN on 6 December 2002.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the Management Centre has the same status as the official
versions.
CEN members are the national standards bodies of Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands, Norway, Portugal, Slovakia, Spain, Sweden, Switzerland and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: rue de Stassart, 36 B-1050 Brussels
© 2003 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 17666:2003 E
worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
Contents page
Foreword.4
1 Scope .6
2 Terms, definitions and abbreviated terms .6
2.1 Terms and definitions.6
2.2 Abbreviated terms .8
3 Principles of risk management.8
3.1 Risk management concept .8
3.2 Risk management process .8
3.3 Risk management implementation into a project.8
3.4 Risk management documentation .9
4 The risk management process .9
4.1 Overview of the risk management process.9
4.2 Risk management steps and tasks .10
5 Risk management implementation .15
5.1 General considerations .15
5.2 Responsibilities.15
5.3 Project life cycle considerations.16
5.4 Risk visibility and decision making .16
5.5 Documentation of risk management.16
6 Risk management requirements .17
6.1 General.17
6.2 Risk management process requirements .17
6.3 Risk management implementation requirements.19
Annex A (informative) Risk register example and ranked risk log example .21
Bibliography .24
2
---------------------- Page: 4 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
Figures page
Figure 1 — The steps and cycles in the risk management process.9
Figure 2 — The tasks associated with the steps of the risk management process within the risk management cycle
.............................................................................................................................................................................10
Figure 3 — Example of a severity-of-consequence scoring scheme .11
Figure 4 — Example of a likelihood scoring scheme.11
Figure 5 — Example of risk index and magnitude scheme .12
Figure 6 — Example of risk magnitude designations and proposed actions for individual risks.12
Figure 7 — Example of a risk trend .15
3
---------------------- Page: 5 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
Foreword
This document (EN ISO 17666:2003) has been prepared by the European Cooperation for Space Standardization
(ECSS) for CEN in close collaboration with Technical Committee ISO/TC 20 " Aircraft and space vehicles".
This European Standard shall be given the status of a national standard, either by publication of an identical text or
by endorsement, at the latest by October 2003, and conflicting national standards shall be withdrawn at the latest
by October 2003.
Annex A is informative.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to implement this European Standard: Austria, Belgium, Czech Republic, Denmark, Finland,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands, Norway, Portugal,
Slovakia, Spain, Sweden, Switzerland and the United Kingdom.
4
---------------------- Page: 6 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
Introduction
Risks are a threat to the project success because they have negative effects on the project cost, schedule and
technical performance, but appropriate practices of controlling risks can also present new opportunities with
positive impact.
The objective of project risk management is to identify, assess, reduce, accept, and control space project risks in a
systematic, proactive, comprehensive, and cost-effective manner, taking into account the project’s technical and
programmatic constraints. Risk is considered tradable against the conventional known project resources within the
management, programmatic (e.g. cost, schedule), and technical (e.g. mass, power, dependability, safety) domains.
The overall risk management in a project is an iterative process throughout the project life cycle, with iterations
being determined by the project progress through the different project phases, and by changes to a given project
baseline influencing project resources.
Risk management is implemented at each level of the customer-supplier network.
Known project practices for dealing with project risks, such as system and engineering analyses, analyses of
safety, critical items, dependability, critical path, and cost, are an integral part of project risk management. Ranking
of risks according to their criticality for the project success, allowing management attention to be directed to the
essential issues, is a major objective of risk management.
The project actors agree on the extent of the risk management to be implemented into a given project depending
on the project definition and characterisation.
5
---------------------- Page: 7 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
1 Scope
This European Standard defines, extending the requirements of ISO 14300-1, the principles and
requirements for integrated risk management on a space project; it explains what is needed to
implement a project-integrated risk management policy by any project actor, at any level (i.e. customer,
first-level supplier, or lower-level suppliers).
This European Standard contains a summary of the general risk management process, which is
subdivided into four (4) basic steps and nine (9) tasks. The implementation can be tailored to project-
specific conditions.
The risk management process requires information exchange among all project domains and provides
visibility over risks, with a ranking according to their criticality for the project; these risks are monitored
and controlled according to the rules defined for the domains to which they belong.
The fields of application of this standard are all the space project phases. A definition of project phasing
is given in ISO 14300-1.
When viewed from the perspective of a specific programme or project context, the requirements defined
in this European Standard should be tailored to match the genuine requirements of a particular profile
and circumstances of a programme or project.
NOTE Tailoring is a process by which individual requirements or specifications, standards, and related
documents are evaluated and made applicable to a specific programme or project by selection, and in some
exceptional cases, modification and addition of requirements in the standards.
2 Terms, definitions and abbreviated terms
2.1 Terms and definitions
For the purposes of this European Standard, the following terms and definitions apply.
2.1.1
acceptance of (risk)
decision to cope with consequences, should a risk scenario materialise
NOTE 1 A risk can be accepted when its magnitude is less than a given threshold, defined in the risk
management policy.
NOTE 2 In the context of risk management, acceptance can mean that even though a risk is not
eliminated, its existence and magnitude are acknowledged and tolerated.
2.1.2
(risk) communication
all information and data necessary for risk management addressed to a decision maker and to relevant
actors within the project hierarchy
2.1.3
(risk) index
score used to measure the magnitude of the risk; it is a combination of the likelihood of occurrence and
the severity of consequence, where scores are used to measure likelihood and severity
6
---------------------- Page: 8 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
2.1.4
individual (risk)
risk identified, assessed, and mitigated as a distinct risk items in a project
2.1.5
(risk) management
systematic and iterative optimisation of the project resources, performed according to the established
project risk management policy
2.1.6
(risk) management policy
describes the organisation’s attitude towards risks, how it conducts risk management, the risks it is
prepared to accept and defines the main requirements for the risk management plan
2.1.7
(risk) management process
consists of all the project activities related to the identification, assessment, reduction, acceptance, and
feedback of risks
2.1.8
overall (risk)
risk resulting from the assessment of the combination of individual risks and their impact on each other,
in the context of the whole project
NOTE Overall risk can be expressed as a combination of qualitative and quantitative assessment.
2.1.9
(risk) reduction
implementation of measures that leads to reduction of the likelihood or severity of risk
NOTE Preventive measures aim at eliminating the cause of a problem situation, and mitigation measures aim
at preventing the propagation of the cause to the consequence or reducing the severity of the consequence or the
likelihood of the occurrence.
2.1.10
residual (risk)
risk remaining after implementation of risk reduction measures
2.1.11
resolved (risk)
risk that has been rendered acceptable
2.1.12
risk
undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative
consequence on a project
NOTE Risks arise from uncertainty due to a lack of predictability or control of events. Risks are inherent to any
project and can arise at any time during the project life cycle; reducing these uncertainties reduces the risk.
2.1.13
(risk) scenario
sequence or combination of events leading from the initial cause to the unwanted consequence
NOTE The cause can be a single event or something activating a dormant problem.
2.1.14
(risk) trend
evolution of risks throughout the life cycle of a project
7
---------------------- Page: 9 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
2.1.15
unresolved (risk)
risk for which risk reduction attempts are not feasible, cannot be verified, or have proven unsuccessful: a
risk remaining unacceptable
2.2 Abbreviated terms
The following abbreviated terms are defined and used within this European Standard.
Abbreviation Meaning
ECSS European Cooperation for Space Standardization
IEC International Electrotechnical Commission
3 Principles of risk management
3.1 Risk management concept
Risk management is a systematic and iterative process for optimising resources in accordance with the
project’s risk management policy. It is integrated through defined roles and responsibilities into the day
to day activities in all project domains. Risk management assists managers and engineers when
including risk aspects in management and engineering practices and judgement throughout the project
life cycle. It is performed in an integrated, holistic way, maximising the overall benefits in areas such as:
• design, construction, testing, operation, maintenance, and disposal, together with their interfaces;
• control over risk consequences;
• management, cost, and schedule.
This process adds value to the data that is routinely developed, maintained, and reported.
3.2 Risk management process
The entire spectrum of risks is assessed. Trade-offs are made among different, and often competing,
goals. Undesired events are assessed for their severity and likelihood of occurrence. The assessments
of the alternatives for mitigating the risks are iterated, and the resulting measurements of performance
and risk trend are used to optimise the tradable resources.
Within the risk management process, available risk information is produced and structured, facilitating
risk communication and management decision making. The results of risk assessment and reduction
and the residual risks are communicated to the project team for information and follow-up.
3.3 Risk management implementation into a project
Risk management requires corporate commitment in each actor’s organisation and the establishment of
clear lines of responsibility and accountability from corporate level downwards. Project management has
the overall responsibility for the implementation of risk management, ensuring an integrated, coherent
approach for all project domains.
Risk management is a continuous, iterative process. It constitutes an integral part of normal project
activity and is embedded within the existing management processes. It utilises the existing elements of
the project management processes to the maximum extent possible.
8
---------------------- Page: 10 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
3.4 Risk management documentation
The risk management process is documented to ensure that the risk management policies are
established, understood, implemented, and maintained, and that they are traceable to the origin and
rationale of all risk-related decisions made during the life of the project.
4 The risk management process
4.1 Overview of the risk management process
The iterative four-step risk management process of a project is illustrated in Figure 1. The tasks to be
performed within each of these steps are shown in Figure 2.
Step 1 comprises the establishment of the risk management policy (Task 1) and risk management plan
(Task 2), and is performed at the beginning of a project. The implementation of the risk management
process consists of a number of “risk management cycles” over the project duration comprising the
Steps 2 to 4, subdivided into the seven Tasks 3 to 9.
The period designated in the illustration with “Risk management process” comprises all the project
phases of the project concerned. The frequency and project events at which cycles are required in a
project (only three are shown in Figure 1 for illustration purposes) depend on the needs and complexity
of the project and need to be defined during Step 1. Unforeseen cycles are required when changes to,
for example, the schedule, technologies, techniques, and performance of the project baseline occur.
Risks at any stage of the project are controlled as part of the project management activities.
Figure 1 — The steps and cycles in the risk management process
9
---------------------- Page: 11 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
Figure 2 — The tasks associated with the steps of the risk management process within the risk
management cycle
4.2 Risk management steps and tasks
4.2.1 Step 1: Define risk management implementation requirements
4.2.1.1 Purpose
To initiate the risk management process by defining the project risk management policy and preparing
the project risk management plan.
4.2.1.2 Task 1: Define the risk management policy
The following activities are included in this task:
a) Identification of the set of resources with impact on risks.
b) Identification of the project goals and resource constraints.
c) Description of the project strategy for dealing with risks, such as the definition of margins and the
apportionment of risk between customer and supplier.
d) Definition of scheme for ranking the risk goals according to the requirements of the project.
10
---------------------- Page: 12 ----------------------
SIST EN ISO 17666:2004
EN ISO 17666:2003 (E)
e) Establishment of scoring schemes for the severity of consequences and likelihood of occurrence for
)
1
the relevant tradable resources as shown in the examples given in Figures 3 and 4 .
f) Establishment of a risk index scheme to denote the magnitudes of the risks of the various risk
)
2
scenarios as shown, for example in Figure 5 .
!
Figure 3 — Example of a severity-of-consequence scoring scheme
" #
$
$%&
$
' (
)
$
*$
+%$
,
$ )
$
%$
,,
- & )
$%$
,,,
.
$ )
/
$% ,,,,
Figure 4 — Example of a likelihood scoring scheme
g) Establishment of criteria to determine the actions to be taken on risks of various risk magnitudes
)
3
and the associated risk decision levels in the project structure (as in the example in Figure 6) .
h) Definition of risk acceptance criteria for individual risks.
NOTE The acceptability of likelihood of occurrence and severity of consequence are both program dependent.
For example, when a program is adv
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.