Risk Assessment. Marvin Rausand
Safety of machinery – general principles for design: risk assessment and risk reduction, International standard ISO 12100. Geneva: International Organization for Standardization.
7 ISO 17776 (2016). Petroleum and Natural Gas Industries—Offshore Production Installations – Major Accident Hazard Management During the Design of New Installations. Tech. Rep. Geneva: International Organization for Standardization.
8 Mannan, S. (ed.) (2012). Lee's Loss Prevention in the Process Industries: Hazard Identification, Assessment and Control, 4e. Waltham, MA: Butterworth‐Heinemann / Elsevier.
9 NORSOK Z‐013 (2010). Risk and emergency preparedness analysis, Norsok standard. Oslo, Norway: Standard Norge.
10 NSW (2003). Hazard Identification, Risk Assessment, and Risk Control No. 3. Technical report. Sydney, Australia: New South Wales, Department of Urban and Transport Planning.
11 U.S. DOE (2004). Chemical Process Hazard Analysis. Tech. Rep. DOE‐HDBK‐1100‐2004. Washington, DC: U.S. Department of Energy.
Note
1 1 In the UK, the Seveso II directive is implemented as the control of major accident hazard (COMAH).
Chapter 4 Study Object and Limitations
4.1 Introduction
The risk assessment process for a study object was outlined in Chapter 3 without clarifying how the term “study object” should be understood. This chapter explains how we interpret the term “study object,” and defines and discusses a number of additional terms that are used to describe, delimit, and classify the study object.
All the study objects in this book are systems that meet the requirements of the Newtonian–Cartesian world view, which is described briefly at the end of the chapter. Some general aspects related to modeling and analysis of the study object are introduced and discussed briefly. The chapter supplements several steps of the risk assessment process in Chapter 3.
4.2 Study Object
We start by defining the notions of systems and sociotechnical systems and by introducing several system properties that may be used to describe and delimit the study object.
4.2.1 System
The term “system” is derived from the Greek word systema, which means an organized relationship among functioning elements. We define a system as follows:
Definition 4.1 (System)
A set of interrelated elements that are organized to carry out a specified function or a set of functions in a specific environment.
Systems are always designed and built to fulfill a predetermined purpose. Mathematically, a system
where
A technical system is a system made of mechanical, electrical, electronic, and/or programmable electronic hardware components, and – more and more often – software. Technical systems are designed, built, and operated by people.
4.2.2 Sociotechnical System
The term “sociotechnical system” was coined by the Tavistock Institute in London at the end of the 1950s, based on the general system theory developed by Ludwig von Bertalanffy in 1949 (e.g. see von Bertalanffy 1968). We consider a sociotechnical system a special type of systems and simply use the definition:
Definition 4.2 (Sociotechnical system)
A system that consists of technical, human, and organizational elements.
A sociotechnical system may be regarded as two interrelated subsystems: (i) a technical system comprising hardware and software and (ii) a social system with humans and organization. Sociotechnical systems are usually governed by organizational policies and rules.
Remark 4.1 (Sociotechnical systems treated as technical systems)
Many of the study objects that are subject to risk assessment are in reality sociotechnical systems, but are far too often treated as pure technical systems without any attempt to model the human and in particular the organizational elements of the systems.
4.2.3 Deterministic Versus Non‐Deterministic System
A deterministic system may be defined as follows:
Definition 4.3 (Deterministic system)
A system where a given sequence of inputs will always produce the same sequence of outputs.
A typical example of a deterministic system is a pure software system. Each time you enter a specific sequence of commands, you get the same response or output from the software system. Technical systems are generally nondeterministic, because the system components may deteriorate and fail. Social systems are also nondeterministic because the system's behavior is partly dependent on human operators who may commit errors. Sociotechnical systems are hence nondeterministic.
4.2.4 System Breakdown Structure
The system breakdown structure was introduced briefly in Chapter 3 as part of step 2.1 of the risk assessment process. The system elements (i.e. subsystems, subsubsystems, and so on, down to the component level) may be organized as a system breakdown structure as shown in Figure 4.1 , where the system is split into three levels. The levels of the hierarchy are called indenture levels, where the first level is called indenture level 1, the next, indenture level 2, and so on. IEV defines indenture level as the “level of subdivision within a system hierarchy” (IEV 192‐01‐05). The number of levels required depends on the size of the system and the objectives of the risk assessment. The various subsystems may have different numbers of levels.
Figure 4.1 shows a breakdown structure where the physical