Questa Norma internazionale serve all’applicazione della Norma ISO 31000 e fornisce una guida per la scelta e l’applicazione di tecniche sistematiche per la valutazione del rischio. La valutazione del rischio effettuata in conformità a questa Norma rientra nell’ambito più ampio della gestione dei rischi. In questa Norma si presenta l’applicazione di diverse tecniche, con specifico riferimento ad altre norme internazionali dove il concetto e l’applicazione delle singole tecniche sono descritte in maggior dettaglio. La seconda edizione del 2019 annulla e sostituisce la prima edizione pubblicata nel 2009. Questa edizione costituisce una revisione tecnica. Questa edizione include le seguenti modifiche significative rispetto alla precedente edizione: – maggiori dettagli sul processo di pianificazione, implementazione, verifica e convalida dell’uso delle tecniche; – il numero e il campo di applicazione delle tecniche sono stati aumentati; – i concetti trattati nella ISO 31000 non sono più riportati in questa norma.
La Tabella A (Allegato A) contiene l’elenco delle 41 Tecniche di Valutazione del rischio, non necessariamente legate alla sicurezza (Ed. 2.0 2019):
1. ALARP/SFAIRP
2. Bayes analysis
3. Bayesian networks/ Influence diagrams
4. Bow tie analysis
5. Brainstorming
6. Business impact analysis
7. Causal mapping
8. Cause consequence analysis
9. Check lists classifications, taxonomies
10. Cindynic approach
11. Conditional value at risk CVaR
12. Consequence likelihood matrix
13. Cost-benefit analysis
14. Cross impact analysis
15. Decision tree analysis
16. Delphi technique
17. Event tree analysis (ETA)
18. Fault tree analysis (FTA)
19. Failure modesand effect and(criticality) analysis FME(C)A
20. F/N diagrams
21. Game theory
22. Hazard analysis and critical control points HACCP
23. Hazard and operability studies HAZOP
24, Human reliability analysis
25. Interviews
26. Ishikawa analysis (fishbone diagram)
27. Layers of protection analysis (LOPA)
28. Markov analysis
29. Monte Carlo analysis
30. Multi criteria analysis
31. Nominal group technique
32. Pareto charts
33. Reliability centred maintenance (RCM)
34. Risk indices
35. Risk register
36. S curves
37. Scenario analysis
38. Surveys
39. Structured what if technique SWIFT
40. Toxicological risk assessment
41. Value at risk (VAR)
Selection of techniques The choice of technique and the way it is applied should be tailored and scaled to the context and use, and provide information of the type and form needed by the stakeholders. In general terms, the number and type of technique selected should be scaled to the significance of the decision, and take into account constraints on time and other resources, and opportunity costs. In deciding whether a qualitative or quantitative technique is more appropriate, the main criteria to consider are the form of output of most use to stakeholders and the availability and reliability of data. Quantitative techniques generally require high quality data if they are to provide meaningful results. However, in some cases where data is not sufficient, the rigour needed to apply a quantitative technique can provide an improved understanding of the risk, even though the result of the calculation might be uncertain. There is often a choice of techniques relevant for a given circumstance. Several techniques might need to be considered, and applying more than one technique can sometimes provide useful additional understanding. Different techniques can also be appropriate as more information becomes available. In selecting a technique or techniques the following aspects of context should therefore be considered: – the purpose of the assessment; – the needs of stakeholders; – any regulatory and contractual requirements; – the operating environment and scenario – the importance of the decision (e.g. the consequences if a wrong decision is made). – any defined decision criteria and their form; – the time available before a decision must be made; – information that is available or can be obtained; – the complexity of the situation; – the expertise available 1094 or that can be obtained; The characteristics of the techniques relevant to these requirements are listed in Table A.1. Table A.2 provides a list of techniques, classified according to these characteristics. Note Although Annex A and B introduce the techniques severally, it may be necessary to make complementary use of multiple techniques to assess complex systems. IEC TR 63039: 2016, for example, guides how to use ETA, FTA and Markov techniques in a complementarily way so that the combined use is a as an efficient way to analyse risk of complex system. As the degree of uncertainty, complexity and ambiguity of the context increases then the need to consult a wider group of stakeholders will increase, with implications for the combination of techniques selected. Some of the techniques described in this document can be applied during steps of the ISO 31000 risk management process other than their usage in risk assessment. Application of the techniques in the risk management process of ISO 31000 is illustrated in Figure A.1. Annex B contains an overview of each technique, its use, its inputs and outputs, its strengths and limitations and, where applicable, a reference for where further detail can be found. It categorises techniques according to their primary application in assessing risk, namely: – eliciting views from stakeholders; – identifying risk; – analysing sources and drivers of risk; – analysing controls; – understanding consequences, likelihood and risk; – analysing dependencies and interactions; – selecting between options; – evaluating the significance of risk; – reporting and recording.
Comments are closed