Risk management is the identification, evaluation, and prioritization of risks, followed by the minimization, monitoring, and control of the impact or probability of those risks occurring.
Safety engineering is an engineering discipline which assures that engineered systems provide acceptable levels of safety. It is strongly related to industrial engineering/systems engineering, and the subset system safety engineering. Safety engineering assures that a life-critical system behaves as needed, even when components fail.
Risk assessment determines possible mishaps, their likelihood and consequences, and the tolerances for such events. The results of this process may be expressed in a quantitative or qualitative fashion. Risk assessment is an inherent part of a broader risk management strategy to help reduce any potential risk-related consequences.
A vulnerability assessment is the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. Such assessments may be conducted on behalf of a range of different organizations, from small businesses up to large regional infrastructures. Vulnerability from the perspective of disaster management means assessing the threats from potential hazards to the population and to infrastructure. It may be conducted in the political, social, economic or environmental fields.
Process Safety Managementof Highly Hazardous Chemicals is a regulation promulgated by the U.S. Occupational Safety and Health Administration (OSHA). It defines and regulates a process safety management (PSM) program for plants using, storing, manufacturing, handling or carrying out on-site movement of hazardous materials above defined amount thresholds. Companies affected by the regulation usually build a compliant process safety management system and integrate it in their safety management system. Non-U.S. companies frequently choose on a voluntary basis to use the OSHA scheme in their business.
A hazard analysis is one of many methods that may be used to assess risk. At its core, the process entails describing a system object that intends to conduct some activity. During the performance of that activity, an adverse event may be encountered that could cause or contribute to an occurrence. Finally, that occurrence will result in some outcome that may be measured in terms of the degree of loss or harm. This outcome may be measured on a continuous scale, such as an amount of monetary loss, or the outcomes may be categorized into various levels of severity.
ARP4761, Guidelines for Conducting the Safety Assessment Process on Civil Aircraft, Systems, and Equipment is an Aerospace Recommended Practice from SAE International. In conjunction with ARP4754, ARP4761 is used to demonstrate compliance with 14 CFR 25.1309 in the U.S. Federal Aviation Administration (FAA) airworthiness regulations for transport category aircraft, and also harmonized international airworthiness regulations such as European Aviation Safety Agency (EASA) CS–25.1309.
Information security standards are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and enumerated, and countermeasures prioritized. The purpose of threat modeling is to provide defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like "Where am I most vulnerable to attack?", "What are the most relevant threats?", and "What do I need to do to safeguard against these threats?".
In functional safety a safety instrumented system (SIS) is an engineered set of hardware and software controls which provides a protection layer that shuts down a chemical, nuclear, electrical, or mechanical system, or part of it, if a hazardous condition is detected.
A hazard and operability study (HAZOP) is a structured and systematic examination of a complex system, usually a process facility, in order to identify hazards to personnel, equipment or the environment, as well as operability problems that could affect operations efficiency. It is the foremost hazard identification tool in the domain of process safety. The intention of performing a HAZOP is to review the design to pick up design and engineering issues that may otherwise not have been found. The technique is based on breaking the overall complex design of the process into a number of simpler sections called nodes which are then individually reviewed. It is carried out by a suitably experienced multi-disciplinary team during a series of meetings. The HAZOP technique is qualitative and aims to stimulate the imagination of participants to identify potential hazards and operability problems. Structure and direction are given to the review process by applying standardized guideword prompts to the review of each node. A relevant IEC standard calls for team members to display 'intuition and good judgement' and for the meetings to be held in "an atmosphere of critical thinking in a frank and open atmosphere [sic]."
The system safety concept calls for a risk management strategy based on identification, analysis of hazards and application of remedial controls using a systems-based approach. This is different from traditional safety strategies which rely on control of conditions and causes of an accident based either on the epidemiological analysis or as a result of investigation of individual past accidents. The concept of system safety is useful in demonstrating adequacy of technologies when difficulties are faced with probabilistic risk analysis. The underlying principle is one of synergy: a whole is more than sum of its parts. Systems-based approach to safety requires the application of scientific, technical and managerial skills to hazard identification, hazard analysis, and elimination, control, or management of hazards throughout the life-cycle of a system, program, project or an activity or a product. "Hazop" is one of several techniques available for identification of hazards.
A job safety analysis (JSA) is a procedure that helps integrate accepted safety and health principles and practices into a particular task or job operation. The goal of a JSA is to identify potential hazards of a specific role and recommend procedures to control or prevent these hazards.
An occupational exposure limit is an upper limit on the acceptable concentration of a hazardous substance in workplace air for a particular material or class of materials. It is typically set by competent national authorities and enforced by legislation to protect occupational safety and health. It is an important tool in risk assessment and in the management of activities involving handling of dangerous substances. There are many dangerous substances for which there are no formal occupational exposure limits. In these cases, hazard banding or control banding strategies can be used to ensure safe handling.
A process hazard analysis (PHA) (or process hazard evaluation) is an exercise for the identification of hazards of a process facility and the qualitative or semi-quantitative assessment of the associated risk. A PHA provides information intended to assist managers and employees in making decisions for improving safety and reducing the consequences of unwanted or unplanned releases of hazardous materials. A PHA is directed toward analyzing potential causes and consequences of fires, explosions, releases of toxic or flammable chemicals and major spills of hazardous chemicals, and it focuses on equipment, instrumentation, utilities, human actions, and external factors that might impact the process. It is one of the elements of OSHA's program for Process Safety Management.
An industrial fire is a type of industrial disaster involving a conflagration which occurs in an industrial setting. Industrial fires often, but not always, occur together with explosions. They are most likely to occur in facilities where there is a lot of flammable material present. Such material can include petroleum, petroleum products such as petrochemicals, or natural gas. Processing flammable materials such as hydrocarbons in units at high temperature and/or high pressure makes the hazards more severe. Facilities with such combustible material include oil refineries, tank farms, natural gas processing plants, and chemical plants, particularly petrochemical plants. Such facilities often have their own fire departments for firefighting. Sometimes dust or powder are vulnerable to combustion and their ignition can cause dust explosions. Severe industrial fires have involved multiple injuries, loss of life, costly financial loss, and/or damage to the surrounding community or environment.
Control system security, or automation and control system (ACS) cybersecurity, is the prevention of interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water, transportation, manufacturing, and communications. They rely on computers, networks, operating systems, applications, and programmable controllers, each of which could contain security vulnerabilities. The 2010 discovery of the Stuxnet worm demonstrated the vulnerability of these systems to cyber incidents. The United States and other governments have passed cyber-security regulations requiring enhanced protection for control systems operating critical infrastructure.
ISO/IEC 31010 is a standard concerning risk management codified by The International Organization for Standardization and The International Electrotechnical Commission (IEC). The full name of the standard is ISO.IEC 31010:2019 – Risk management – Risk assessment techniques.
A bow-tie diagram is a graphic tool used to describe a possible damage process in terms of the mechanisms that may initiate an event in which energy is released, creating possible outcomes, which themselves produce adverse consequences such as injury and damage. The diagram is centred on the event with credible initiating mechanisms on the left and resulting outcomes and associated consequences on the right. Needed control measures, or barriers, can be identified for each possible path from mechanisms to the final consequences. The shape of the diagram resembles a bow tie, after which it is named.
Layers of protection analysis (LOPA) is a technique for evaluating the hazards, risks and layers of protection associated with a system, such as a chemical process plant. In terms of complexity and rigour LOPA lies between qualitative techniques such as hazard and operability studies (HAZOP) and quantitative techniques such as fault trees and event trees. LOPA is used to identify scenarios that present the greatest risk and assists in considering how that risk could be reduced.
