Information Technology Reference
In-Depth Information
method given as example in IEC 61508 [2]. It is referenced in other norms as
well. For Nichtbundeseigene Eisenbahnen (Nichtbundeseigene Eisenbahnen
are privatly owned / non federal railways.), there is a standard [3] which
contains a risk graph actually used for the derivation of safety requirements.
3
Construction Process
3.1
Motivation
The construction process was developed in [4]. It is based on the life cycle
process as described in DIN EN 50126 [5]. The main idea is that by interpret-
ing the requirements of each life cycle phase in the light of the construction
process, a systematic development process is possible. The life cycle process
was developed over the years by outstanding professionals and is part of a
norm. One can therefore assume that the life cycle process itself is a complete
and very well constructed guidance. The relevant phases of the life cycle pro-
cess for the construction of a risk assessment method are System Definition
and Application Conditions, Risk Analysis and System Requirements.
In the following chapters these three relevant phases are discussed, iden-
tifying major aspects to be dealt with when constructing a risk assessment
method.
3.2
System Definition and Application Conditions
The
application
sector describes the environment in which the risk assessment
method is used. By describing it in detail basic information about actors in
and around the system are given.
The description of the application sector is used as a basis for the
system
model
. The system model describes how the actors interact. By describing
each actor in detail all information needed for the construction of the risk
model and consequently the parameters should be given.
The system model itself gives no information about the
analysis level
.
However, the analysis level has to be described concisely so that the user
knows for which functions the risk assessment can be used. When the user
chooses an analysis level different from the one used for the construction
process the obtained results are probably not correct.
3.3
Risk Analysis
The risk analysis looks at the functions of a system and derives hazards.
To allow for a systematic analysis the
terms hazard and function need to be
defined
. This is especially true for the term hazard as the definitions given
in the different standards are rather imprecise. The definition of the term
hazard should give detailed information e.g. about its relation to an accident
and if a hazard is an event or a condition. This is necessary to allow for an
exact modeling of the assessed hazard and its risk.
