EN 16601-80:2014

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Vodenje vesoljskih projektov - 80. del: Obvladovanje tveganjaRaumfahrt-Projektmanagement - Teil 80: RisikomanagementManagement des projets spatiaux - Partie 80: Management des risquesSpace project management - Part 80: Risk management49.140Vesoljski sistemi in operacijeSpace systems and operations03.100.40Raziskave in razvojResearch and developmentICS:Ta slovenski standard je istoveten z:EN 16601-80:2014SIST EN 16601-80:2014en,fr,de01-november-2014SIST EN 16601-80:2014SLOVENSKI
STANDARDSIST EN ISO 17666:20041DGRPHãþD

EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 16601-80
August 2014 ICS 49.140 Supersedes EN ISO 17666:2003
English version
Space project management - Part 80: Risk management
Systèmes spatiaux - Partie 80: Management des risques
Raumfahrtsysteme - Teil 80: Risikomanagement This European Standard was approved by CEN on 14 December 2013.
CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels © 2014 CEN/CENELEC All rights of exploitation in any form and by any means reserved worldwide for CEN national Members and for CENELEC Members. Ref. No. EN 16601-80:2014 E SIST EN 16601-80:2014

2 Table of contents Foreword . 4 Introduction . 5 1 Scope . 6 2 Normative references . 7 3 Terms, definitions and abbreviated terms . 8 3.1 Terms from other standards . 8 3.2 Terms specific to the present standard . 8 3.3 Abbreviated terms. 9 4 Principles of risk management . 10 4.1 Risk management concept . 10 4.2 Risk management process . 10 4.3 Risk management implementation in a project . 10 4.4 Risk management documentation . 11 5 The risk management process . 12 5.1 Overview of the risk management process . 12 5.2 Risk management steps and tasks . 14 6 Risk management implementation . 21 6.1 General considerations . 21 6.2 Responsibilities . 21 6.3 Project life cycle considerations . 22 6.4 Risk visibility and decision making . 22 6.5 Documentation of risk management . 22 7 Risk management requirements . 24 7.1 General . 24 7.2 Risk management process requirements . 24 7.3 Risk management implementation requirements . 27 Annex A (normative) Risk management policy document - DRD . 29 SIST EN 16601-80:2014

A.1 DRD identification . 29 A.2 Expected response . 29 Annex B (normative) Risk management plan - DRD . 32 B.1 DRD identification . 32 B.2 Expected response . 32 Annex C (normative) Risk assessment report - DRD . 35 C.1 DRD identification . 35 C.2 Expected response . 35 Annex D (informative) Risk register example and ranked risk log example . 37 Annex E (informative) Contribution of ECSS Standards to the risk management process . 40 E.1 General . 40 E.2 ECSS-M ST-Standards . 40 E.3 ECSS-Q Standards . 40 E.4 ECSS-E Standards . 41 Bibliography . 42
Figures Figure 5-1: The steps and cycles in the risk management process . 13 Figure 5-2: The tasks associated with the steps of the risk management process within the risk management cycle . 13 Figure 5-3: Example of a severity–of–consequence scoring scheme . 14 Figure 5-4: Example of a likelihood scoring scheme . 15 Figure 5-5: Example of risk index and magnitude scheme . 16 Figure 5-6: Example of risk magnitude designations and proposed actions for individual risks . 16 Figure 5-7: Example of a risk trend . 20
4 Foreword This document (EN 16601-80:2014) has been prepared by Technical Committee CEN/CLC/TC 5 “Space”, the secretariat of which is held by DIN. This standard (EN16601-80:2014) originates from ECSS-M-ST-80C. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by February 2015, and conflicting national standards shall be withdrawn at the latest by February 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights. This document supersedes EN ISO 17666:2003. This document has been developed to cover specifically space systems and has therefore precedence over any EN covering the same scope but with a wider domain of applicability (e.g. : aerospace). According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. SIST EN 16601-80:2014

Introduction Risks are a threat to project success because they have negative effects on the project cost, schedule and technical performance, but appropriate practices of controlling risks can also present new opportunities with positive impact. The objective of project risk management is to identify, assess, reduce, accept, and control space project risks in a systematic, proactive, comprehensive and cost effective manner, taking into account the project’s technical and programmatic constraints. Risk is considered tradable against the conventional known project resources within the management, programmatic (e.g. cost, schedule) and technical (e.g. mass, power, dependability, safety) domains. The overall risk management in a project is an iterative process throughout the project life cycle, with iterations being determined by the project progress through the different project phases, and by changes to a given project baseline influencing project resources.
Risk management is implemented at each level of the customer-supplier network. Known project practices for dealing with project risks, such as system and engineering analyses, analyses of safety, critical items, dependability, critical path, and cost, are an integral part of project risk management. Ranking of risks according to their criticality for project success, allowing management attention to be directed to the essential issues, is a major objective of risk management. The project actors agree on the extent of the risk management to be implemented in a given project depending on the project definition and characterization. SIST EN 16601-80:2014

6 1 Scope This Standard defines the principles and requirements for integrated risk management on a space project; it explains what is needed to implement a project–integrated risk management policy by any project actor, at any level (i.e. customer, first level supplier, or lower level suppliers). This Standard contains a summary of the general risk management process, which is subdivided into four (4) basic steps and nine (9) tasks.
The risk management process requires information exchange among all project domains, and provides visibility over risks, with a ranking according to their criticality for the project; these risks are monitored and controlled according to the rules defined for the domains to which they belong. The fields of application of this Standard are all the activities of all the space project phases. A definition of project phasing is given in ECSS-M-ST-10. This standard may be tailored for the specific characteristics and constraints of a space project in conformance with ECSS-S-ST-00.
2 Normative references The following normative documents contain provisions which, through reference in this text, constitute provisions of this ECSS Standard. For dated references, subsequent amendments to, or revisions of any of these publications do not apply. However, parties to agreements based on this ECSS Standard are encouraged to investigate the possibility of applying the most recent editions of the normative documents indicated below. For undated references the latest edition of the publication referred to applies.
EN reference Reference in text Title EN 16601-00-01 ECSS-ST-00-01 ECSS system - Glossary of terms EN 16601-10 ECSS-M-ST-10 Space project management – Project planning and implementation SIST EN 16601-80:2014

8 3 Terms, definitions and abbreviated terms 3.1 Terms from other standards For the purpose of this Standard, the terms and definitions from ECSS-ST-00-01 apply, in particular for the following terms: risk residual risk risk management risk management policy 3.2 Terms specific to the present standard 3.2.1 acceptance of (risk) decision to cope with consequences, should a risk scenario materialize NOTE 1 A risk can be accepted when its magnitude is less than a given threshold, defined in the risk management policy. NOTE 2 In the context of risk management, acceptance can mean that even though a risk is not eliminated, its existence and magnitude are acknowledged and tolerated. 3.2.2 (risk) communication all information and data necessary for risk management addressed to a decision–maker and to relevant actors within the project hierarchy 3.2.3 (risk) index score used to measure the magnitude of the risk; it is a combination of the likelihood of occurrence and the severity of consequence, where scores are used to measure likelihood and severity 3.2.4 individual (risk) risk identified, assessed, and mitigated as a distinct risk items in a project SIST EN 16601-80:2014

3.2.5 (risk) management process consists of all the project activities related to the identification, assessment, reduction, acceptance, and feedback of risks 3.2.6 overall (risk) risk resulting from the assessment of the combination of individual risks and their impact on each other, in the context of the whole project NOTE
Overall risk can be expressed as a combination of qualitative and quantitative assessment. 3.2.7 (risk) reduction implementation of measures that leads to reduction of the likelihood or severity of risk NOTE
Preventive measures aim at eliminating the cause of a problem situation, and mitigation measures aim at preventing the propagation of the cause to the consequence or reducing the severity of the consequence or the likelihood of the occurrence. 3.2.8 resolved (risk) risk that has been rendered acceptable 3.2.9 (risk) scenario sequence or combination of events leading from the initial cause to the unwanted consequence NOTE
The cause can be a single event or something activating a dormant problem. 3.2.10 (risk) trend evolution of risks throughout the life cycle of a project 3.2.11 unresolved (risk) risk for which risk reduction attempts are not feasible, cannot be verified, or have proved unsuccessful: a risk remaining unacceptable 3.3 Abbreviated terms For the purpose of this standard, the abbreviated terms of ECSS-S-ST-00-01 and the following apply: Abbreviation Meaning IEC International Electrotechnical Commission SIST EN 16601-80:2014

10 4 Principles of risk management 4.1 Risk management concept Risk management is a systematic and iterative process for optimizing resources in accordance with the project’s risk management policy. It is integrated through defined roles and responsibilities into the day–to–day activities in all project domains and at all project levels. Risk management assists managers and engineers by including risk aspects in management and engineering practices and judgements throughout the project life cycle, including the preparation of project requirements documents. It is performed in an integrated, holistic way, maximizing the overall benefits in areas such as: • design, manufacturing, testing, operation, maintenance, and disposal, together with their interfaces; • control over risk consequences; • management, cost, and schedule. 4.2 Risk management process The entire spectrum of risks is assessed. Trade-offs are made among different, and often competing, goals. Undesired events are assessed for their severity and likelihood of occurrence. The assessments of the alternatives for mitigating the risks are iterated, and the resulting measurements of performance and risk trend are used to optimize the tradable resources. Within the risk management process, available risk information is produced and structured, facilitating risk communication and management decision making. The results of risk assessment and reduction and the residual risks are communicated to the project team for information and follow-up. 4.3 Risk management implementation in a project Risk management requires corporate commitment in each actor’s organization and the establishment of clear lines of responsibility and accountability from the top corporate level downwards. Project management has the overall responsibility for the implementation of risk management, ensuring an integrated, coherent approach for all project domains. SIST EN 16601-80:2014

Independent validation of data ensures the objectiveness of risk assessment, performed as part of the risk management process. Risk management is a continuous, iterative process. It constitutes an integral part of normal project activity and is embedded within the existing management processes. It utilizes the existing elements of the project management processes to the maximum possible extent. 4.4 Risk management documentation The risk management process is documented to ensure that the risk management policies (see Annex A) are well established, understood, implemented and maintained, and that they are traceable to the origin and rationale of all risk–related decisions made during the life of the project. The risk management documentation includes the risk management policy, which: • defines the organization's attitude towards risk management, together with the project specific categorization of risk management, and • provides a high-level outline for the implementation of the risk management process. In addition to the risk management policy document, two key documents are established: • risk management plan describing the implementation of the risk management process (see Annex B), and • risk assessment report for communicating the identified and assessed risks as well as the subsequent follow-up actions and their results (see Annex C). SIST EN 16601-80:2014

12 5 The risk management process 5.1 Overview of the risk management process The iterative four–step risk management process of a project is illustrated in Figure 5-1. The tasks to be performed within each of these steps are shown in Figure 5-2. Step 1 comprises the establishment of the risk management policy (Task 1) and risk management plan (Task 2) in coordination with other project disciplines, such as system engineering, product assurance, production, and operations, to ensure coherent approach to risk management across the programme/project. The risk management process includes full coordination between the disciplines of the programme/project. NOTE
E.g. System Engineering coordination, all engineering disciplines.
Product Assurance coordination, Quality Assurance, Safety and Dependability disciplines. Management is responsible for overall coordination of all disciplines, including administration of business agreements and project control. These tasks (1 and 2) are performed at the beginning of a project. The implementation of the risk management process consists of a number of “risk management cycles” over the project duration comprising the Steps 2 to 4, subdivided into the seven Tasks 3 to 9. The period designated in the illustration with “Risk management process” comprises all the project phases of the project concerned. The frequency and project events at which cycles are required in a project (only three are shown in Figure 5-1 for illustration purposes) depend on the needs and complexity of the project, and need to be defined during Step 1. Unforeseen cycles are required when changes to, for example, the schedule, technologies, techniques, and performance of the project baseline occur. Risks at any stage of the project are controlled as part of the project management activities. SIST EN 16601-80:2014

Project phases 0 to F per ECSS-M-ST-10
Step 1 Define risk management implementation requirements
Step 2 Identify and assess the risks
Step 4 Monitor, communicate and accept risks
Risk management process
Step 3 Decide and act
Step 2 Identify and assess the risks
Step 4 Monitor, communicate and accept risks
Step 3 Decide and act
Step 2 Identify and assess the risks
Step 4 Monitor, communicate and accept risks
Step 3 Decide and act
Figure 5-1: The steps and cycles in the risk management process
Task 5: Decide if the risks may be accepted
Step 4 Monitor, communicate and accept risks
Step 3 Decide and act Step 2 Identify and assess the risks
Step 1 Define risk management implementation requirements
Task 1: Define the risk management policy
Task 2: Prepare the risk management plan
Task 3: Identify risk scenarios
Task 4: Assess the risks
Task 6: Reduce the risks
Task 7: Recommend acceptance
Task 8: Monitor and communicate the risks
Task 9: Submit risks for acceptance. (Return
to Task 6 for risks not accepted)
R I S K
M A N A G E M E N T
C Y C L E
Figure 5-2: The tasks associated with the steps of the risk management process within the risk management cycle SIST EN 16601-80:2014

14 5.2 Risk management steps and tasks 5.2.1 Step 1: Define risk management implementation requirements 5.2.1.1 Purpose To initiate the risk management process by defining the project risk management policy and preparing the project risk management plan. 5.2.1.2 Task 1: Define the risk management policy The following activities are included in this task: a. Identification of the set of resources with impact on risks. b. Identification of the project goals and resource constraints. c. Description of the project strategy for dealing with risks, such as the definition of margins and the apportionment of risk between customer and supplier. d. Definition of scheme for ranking the risk goals according to the requirements of the project. e. Establishment of scoring schemes for the severity of consequences and likelihood of occurrence for the relevant tradable resources as shown in the examples given in Figure 5-3 and Figure 5-4.
NOTE
In the examples, five categories are used for illustration only; more or fewer categories or designations are also possible. f. Establishment of a risk index scheme to denote the magnitudes of the risks of the various risk scenarios as shown, for example in Figure 5-5. NOTE 1 Establishment of scoring and risk index schemas is performed with the full coordination between the different project disciplines to ensure complete and consistent interpretation.
NOTE 2 In the example, risk magnitude categorization (“Red”, “Yellow”, “Green”) is used for illustration only. Different designations are also possible Score Severity Severity of consequence: impact on (for example) cost 5 Catastrophic Leads to termination of the project 4 Critical Project cost increase > tbd % 3 Major Project cost increase > tbd % 2 Significant Project cost increase < tbd % 1 Negligible Minimal or no impact Figure 5-3: Example of a severity–of–consequence scoring scheme
Score Likelihood Likelihood of occurrence E Maximum Certain to occur, will occur one or more times per project D High Will occur frequently, about 1 in 10 projects C Medium Will occur sometimes, about 1 in 100 projects B Low Will seldom occur, about 1 in 1000 projects A Minimum Will almost never occur, 1 of 10 000 or more projects Figure 5-4: Example of a likelihood scoring scheme g. Establishment of criteria to determine the actions to be taken on risks of various risk magnitudes and the associated risk decision levels in the project structure (as in the example in Figure 5-6). NOTE
In the example, risk magnitude designation, acceptability, and proposed actions are used for illustration only. Project-specific policy definitions can be different. h. Definition of risk acceptance criteria for individual risks. NOTE
The acceptability of likelihood of occurrence and severity of consequence are both programme dependent. For example, when a programme is advancing new research, technology development or management, a high probability of a consequence that quickly increase the cost can be acceptable. i. Establishment of a method for the ranking and comparison of risks. j. Establishment of a method to measure the overall risk. k. Establishment of acceptance criteria for the overall risk. l. Definition of the strategy for monitoring the risks and the formats to be used for communicating risk data to the decision–makers and all relevant actors in the project hierarchy. m. Description of the review, decision, and implementation flow within the project concerning all risk management matters.
16 Likelihood
Risk Index:
Combination of Severity and Likelihood E Low Medium High Very High Very High
D Low Low Medium High Very High
C Very Low Low Low Medium High
B Very Low Very Low Low Low Medium
A Very Low Very Low Very Low Very Low Low
1 2 3 4 5 Severity
“Red”
“Yellow”
“Green”
Figure 5-5: Example of risk index and magnitude scheme
Risk index Risk magnitude Proposed actions E4, E5, D5 Very High risk Unacceptable risk: implement new team process or change baseline – seek project management attention at appropriate high management level as defined in the risk management plan. E3, D4, C5 High risk Unacceptable risk: see above. E2, D3, C4, B5 Medium risk Unacceptable risk: aggressively manage, consider alternative team process or baseline – seek attention at appropriate management level as defined in the risk management plan. E1, D1, D2, C2, C3, B3, B4, A5 Low risk Acceptable risk: control, monitor – seek responsible work package management attention. C1, B1, A1, B2, A2, A3, A4 Very Low risk Acceptable risk: see above. Figure 5-6: Example of risk magnitude designations and proposed actions for individual risks 5.2.1.3 Task 2: Prepare the risk management plan The risk management plan typically contains the following data: a. Description of the project risk management organization including its role and responsibility. b. Summary of the risk management policy. c. The risk management–related documentation and follow–up concept. d. The scope of risk management over the project duration. SIST EN 16601-80:2014

5.2.2 Step 2: Identify and assess the risks 5.2.2.1 Purpose To identify each of the risk scenarios, to determine then, based on the outputs from Step 1, the magnitude of the individual risks and, finally, to rank them. Data from all project domains are used (managerial, programmatic, technical). NOTE
List of examples of possible risk items: • Technical: Technology maturity; definition status of requirements, internal/external interfaces, payloads, operations; availability of margins, support team, project team; etc. • Cost: Overall project cost definition status; cost margins; insurance costs; availability of funding, independent cost assessment, industrial offers; human resources aspects; etc. • Schedule: Procurement planning; availability of planning of phases and activities interfacing with third parties; etc. • Others: Internal organisational aspects; public image; political constraints; risk sharing between actors; etc. 5.2.2.2 Task 3: Identify risk scenarios The following activities are included in this task: a. Identification of the risk scenarios, including causes and consequences, according to the risk management policy. b. Identification of the means of early warning (detection) for the occurrence of an undesirable event, to prevent propagation of consequences. c. Identification of the project objectives at risk. 5.2.2.3 Task 4: Assess the risks The following activities are included in this task: a. Determination of the severity of consequences of each risk scenario. b. Determination of the likelihood of each risk scenario. c. Determination of the risk index for each risk scenario. d. Utilisation of available information sources and application of suitable methods to support the assessment process. e. Determination of the magnitude of risk of each risk scenario. f. Determination of the overall project risk through an evaluation of identified individual risks, their magnitudes and interactions, and resultant impact on the project. SIST EN 16601-80:2014

18 5.2.3 Step 3: Decide and act 5.2.3.1 Purpose To analyse the acceptability of risks and risk reduction options according to the risk management policy, and to determine the appropriate risk reduction strategy. 5.2.3.2 Task 5: Decide if the risks may be accepted The following activities are included in this task: a. Application of the risk acceptance criteria to the risks. b. Identification of acceptable risks, the risks that will be subjected to risk reduction, and determination of the management decision level. c. For accepted risks proceed directly to Step 4; for unacceptable risks proceed to Task 6. 5.2.3.3 Task 6: Reduce the risks The following activities are included in this task: a. Determination of preventative and mitigation measures/options for each unacceptable risk. b. Determination of risk reduction success, failure, and verification criteria. c. Determination of the risk reduction potential of each measure in conjunction with the optimi
...