Re: [SystemSafety] "Serious risks" in EC 765/2008

From: Peter Bernard Ladkin < >
Date: Mon, 08 Apr 2013 16:09:08 +0200


Asking EC 765/2008 to define "risk" is inappropriate. It is a proto-law, and the word is supposed to be used here in its everyday meaning, whatever that is. Let's go with that.

On 4/8/13 2:24 PM, peter.sheppard_at_xxxxxx
> There is probably as much chance of finding a definition of "serious risk" in the IEC standards as
> there is in defining what a "significant change" is in the European Railway Authority, Common Safety
> Method!

It seems to me that a serious risk is a risk for which the combination of severity with probability is relatively high in comparison with other risks that are not regarded as "serious". An easy case is if the risk is higher than for some example already deemed to have been a "serious risk". There is of course a definition of "risk" in IEC 61508 for example, but oddly enough it doesn't turn up in the Electropedia, the on-line version of IEC 60050. The IEC should really get it in there!

> *<Thierry.Coq_at_xxxxxx > .........
> In EC 765/2008, what is considered a "serious risk"? Is there a reference?

First: see above. Second: no.

> How are the "serious risk" mitigations assessed, especially when "The feasibility of obtaining
> higher levels of safety or the availability of other products presenting a lesser degree of risk
> shall not constitute grounds for considering that a product presents a serious risk."?

It is a law, not an algorithm.

> This standard also mandates that the product should be recalled when the serious risk has
> materialized... and there is wording here to update the risk assessment with field reports.
> So is a "serious risk" in this standard in fact a materialized danger...?

Not necessarily. If someone identifies lead-based paint on a children's toy then it will be withdrawn because of precedent before any kid chews on it - the analysis already exists and there is prior case.

But if there is something for which there does not exist an obvious prior, then maybe one has to wait until something untoward happens. If someone or some people get hurt or killed because a product functioned in such a way as to cause it, the lawyers step in. Lawyer for the prosecution says that this was normal use or reasonably foreseeable misuse and the manufacturer's hazard analysis was clearly insufficient. Lawyer for the defence says that it was an anomaly essentially related to the unforeseeable deleterious behaviour of the operator or victims or weather or someone or other. One of those guys wins, or the judges decide it was a bit of both. So either the product will be recalled, or the manufacturer will stick a sign on the product to stop similar things coming to court again ("Warning: this refrigerator is not an edible substance either in whole or in part. Damage to teeth, mouth and gums may result from an attempt to eat it"). You can't say in advance of such proceedings how they will turn out, so you can't specify what a "serious risk" is in advance of having tested it in court. But once a court has so decided, then the product is off the market because the law says it must be. And if someone doesn't already have a ready-made risk analysis, then the court will do one/have one done, because it has to, in order to determine "serious risk"-hood, because Article 20 says that is how you decide.

The stuff about what does not constitute a serious risk seems to be a way of saying that ALARP as a principle does not necessarily apply here.

To Doug: there are a whole lot of conventions and precedents saying how risk must be evaluated in engineered systems, and medical technology, and aerospace, and so on. The "trade offs" you speak of are largely specified. IEC 61508 has one set of procedures; civil aerospace certification another, medical technology a third; nuclear power a fourth; now there are the automobile people with one. And so on. You can argue about whether any set is efficacious, and we do. But they are often, even mostly, there.

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Apr 08 2013 - 16:09:17 CEST

This archive was generated by hypermail 2.3.0 : Tue Feb 19 2019 - 13:17:05 CET