Information Technology Reference
In-Depth Information
The suitability of a risk assessment method for a certain analysis might
depend on the
kind of the result
as this can limit the possibilities of further
working with the obtained results. Results of the assessment might be e.g.
risk classes or hazard rates.
The qualitative risk model should be developed based on the system
model, taking into account the conditions arising from the definition of hazard
and function. The qualitative risk model has to incorporate all information
which is relevant for a description of risk. A quantitative risk model takes the
relevant information from the qualitative model and connects them to calcu-
late a result. Even though in
theory qualitative and quantitative risk
model
are developed one after another, in reality it seems advisable to develop both
parallel. Often, a qualitative risk model is developed based on an existing
equation for risk by describing all factors of this equation in detail. It has
to be made sure that the equation is suitable and sucient for the given
assessment as otherwise important influences might be forgotten.
It has to be decided which of the
parameters
of the risk model are dy-
namic and need to be assessed in the risk assessment process and which
parameters are constant. Constant parameters are assessed when construct-
ing the method and will not be changed later. Therefore, it is very important
to choose constant parameters with consideration. It might be possible that
by choosing certain values for a constant parameter new conditions for the
application of the risk assessment method arise.
The dynamic parameters need to be described in classes. To allow for a
stringent mathematical derivation of e.g. the final risk class the
parameter
classes
should be constructed using the same factor between all classes. By
sticking to one factor for all parameter and parameter classes the impact of
a parameter class change becomes instantly obvious.
If a constant factor does not seem suitable (e.g. due to largely different
value ranges of the parameters) then different factors for the different pa-
rameters are possible. To obtain equally spaced results as it is customary
for most qualitative risk assessment method today, the derivation process
might be done using some rounding. The result will be that the impact of a
parameter class change will not be as obvious anymore.
3.4
System Requirements
The designed risk assessment method has to be calibrated to assure that
the parameter combinations lead to a correct result. Without a calibration,
information about the potential risk of the analyzed function can be obtained,
but safety requirements can only be derived when the assessed risk is set in
prospective to a benchmark risk. For the calibration of the risk assessment
method, a tolerable risk taken e.g. from statistics or given by a regulatory
body are suitable. For railways, using the risk acceptance criteria proposed
in EU regulation 352/2009 [8] seems to be a good idea.
When the benchmark risk is chosen, a certain parameter combination
has to be correlated to the risk. Usually, this can be done by translating
