Glossary
Browse the IADC Lexicon alphabetically or by category. Get comprehensive definitions of drilling industry terms.
Botnet
Definition(s)
Botnet
Remote control software, specifically a collection of malicious bots, that run autonomously or automatically on compromised computers. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global StandardsBotnet
A collection of computers compromised by malicious code and controlled across a network. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsBotnet
Collection of software robots, or bots, which run autonomously.- NOTE: A botnet's originator can control the group remotely, possibly for nefarious purposes.
Threat
Definition(s)
Threat
An indication, circumstance, or event with the potential to cause the loss of or damage to an asset. Threat can also be defined as the capability and intent of an adversary to undertake actions that would be detrimental to critical assets.
Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsThreat
A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society. Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence. Adapted from: DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsThreat
A security vulnerability/risk resulting from an informed intent (such as terrorism) to inflict harm or loss. Threats are controlled through protective countermeasures (barriers) to minimise vulnerability and risk exposure. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsThreat
Potential cause of an unwanted incident, which may result in harm to a system or organization. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global StandardsThreat
Threat is defined as any indication, circumstance, or event with the potential to cause loss of, or damage to, an asset. It can also be defined as the intention and capability of a threat to undertake actions that would be detrimental to valued assets. Sources of threats may be categorized as: criminals (e.g. white collar, cyber, organized, opportunists); activists (pressure groups, single-issue zealots); terrorists (international or domestic); disgruntled personnel.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsThreat
Any indication, circumstance, or event with the potential to cause the loss of or damage to an asset. Threat can also be defined as the capability and intent of a threat to undertake actions that would be detrimental to critical assets. Threat encompasses any individual, group, organization, or government that conducts activities or has the intention and capability to conduct activities detrimental to critical assets. A threat could include intelligence services of host nations, or third-party nations, political and terrorist groups, criminals, rogue employees, cyber criminals, and private interests.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsThreat
Potential cause of an unwanted incident, which may result in harm to a system, individual or organization NOTE Adapted from ISO/IEC 27000:2009. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global StandardsThreat
Natural or man-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property. Sample Usage: Analysts suggested that the greatest threat to the building was from specific terrorist attacks. Annotation: Threat as defined refers to an individual, entity, action, or occurrence; however, for the purpose of calculating risk, the threat of an intentional hazard is generally estimated as the likelihood of an attack (that accounts for both the intent and capability of the adversary) being attempted by an adversary; for other hazards, threat is generally estimated as the likelihood that a hazard will manifest. THREAT SHIFTING *: Definition: response of adversaries to perceived countermeasures or obstructions, in which the adversaries change some characteristic of their intent to do harm in order to avoid or overcome the countermeasure or obstacle Sample Usage: Installing barriers around only one of several neighboring government buildings may result in threat shifting, where the adversaries will target one of the remaining unprotected buildings. Annotation:- Threat shifting can occur in one or more of several domains: the time domain (e.g., a delay in attack or illegal entry to conduct additional surveillance, etc.), the target domain (selecting a different, less-protected target), the resource domain (adding resources to the attack in order to reduce uncertainty or overcome countermeasures), or the planning/attack method domain (changing the weapon or path, for example, of the intended attack or illegal entry).
- Threat shifting is commonly cited as a reason for countermeasure failure or ineffectiveness – particularly in the case of target shifting. For example, when police occupy one street corner, the drug dealers simply go a few blocks away. This assumes that threat-shifting is frictionless for the adversary, which frequently is the case.
- However, threat shifting is not always frictionless for the adversary – and therefore can be of some value to the defenders. The adversaries may delay their attack, consume additional resources, undertake complexity, expose themselves to additional counter-surveillance and counter-terrorism scrutiny, and/or shift to a less consequential target.
- Threat shifting can, in some cases, increase risk by steering an adversary to an attack that is more likely to succeed or of greater consequence.
Threat
The intention and capability of an adversary to undertake actions that will be detrimental to people, the environment, assets, and economic stability.
Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional StandardsThreat
Potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardAssurance
Definition(s)
Assurance
Attribute of a system that provides grounds for having confidence that the system operates such that the system security policy is enforced.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardAssurance
The cumulative outcome of processes, including assessments, audits, performance reporting, benchmarking, reviews and learning. The processes provide confidence and confirmation that an OMS (or any part of an OMS) is achieving its purpose and expected performance. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsAccountability
Definition(s)
Accountability
An individual's formal acceptance of their obligation to justify decisions, actions or outcomes. An accountable person (manager or worker) does not necessarily implement the action or decision, but they should organize the implementation and verify that the action has been carried out as required. OMS accountability includes system ownership. This may involve responsibilities related to policies, governance, systems, administration, implementation, performance monitoring and review at the asset, business or corporate level. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsAccountability
Property of a system (including all of its system resources) that ensures that the actions of a system entity may be traced uniquely to that entity, which can be held responsible for its actions [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardWH
Definition(s)
WH
Well Head. Source: Norwegian Oil and Gas Association, Guideline No. 135, Recommended Guidelines for Classification and categorization of well control incidents and well integrity incidents, Rev. 4, 27 June 2017, National or Regional StandardsWH
Wellhead Area Source: ISO 13702:2015, Petroleum and natural gas industries — Control and mitigation of fires and explosions on offshore production installations — Requirements and guidelines, Second Edition, August 2015. Global StandardsRTU
Definition(s)
RTU
Remote transmission (terminal) unit used in telemetry (SCADA) systems to transmit operating information to a master terminal unit (MTU) usually located in a control center. Source: IADC UBO / MPD Glossary, December 2011. Global StandardsRTU
Remote Terminal Unit. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardWell Intervention Operation
Definition(s)
Well Intervention Operation
Well intervention operation is well servicing operations conducted within a completed wellbore.
Source: Norwegian Oil and Gas Association, Guideline No. 135, Recommended Guidelines for Classification and categorization of well control incidents and well integrity incidents, Rev. 4, 27 June 2017, National or Regional StandardsWell Intervention Operation
An operation in which a well is re-entered for a purpose other than to continue drilling or to maintain or repair it. Regulation 2, DCR. Source: Oil & Gas UK, Guidelines on subsea BOP systems, Issue 1, July 2012, Global StandardsClient
Definition(s)
Client
Organization whose management system is being audited for certification purposes. Source: ISO/IEC 17021:2011 (E) – Conformity assessment – Requirements for bodies providing audit and certification of management systems . Global StandardsClient
DNV’s contractual partner. It may be the Manufacturer, Purchaser, Operator (User), the Owner or the Contractor. Source: Verification of Lifting Appliances for the Oil and Gas Industry, DNV-OSS-308, October 2010, Det Norske Veritas AS, Global StandardsClient
Device or application receiving or requesting services or information from a server application [12]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardEnterprise
Definition(s)
Enterprise
Enterprise as mentioned in this section, means the same as in the Working Environment Act, which means that the term is almost synonymous with company. Source: Guidelines Regarding the Framework Regulations, Norway, updated December 2012. Regulatory GuidanceEnterprise
Business entity that produces or transports products or operates and maintains infrastructure services.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardIP
Definition(s)
IP
Institute of Petroleum (Energy Institute). API RP 500, Recommended Practice for Classification of Locations for Electrical Installations at Petroleum Facilities Classified as Class I, Division 1 and Division 2, Third Edition, December 2012, Global StandardsIP
Institute of Petroleum. Source: API SPEC 17F, Specification for Subsea Production Control Systems, Second Edition, December 2006 (Reaffirmed April 2011). Global StandardsIP
Internet Protocol. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardI/O
Definition(s)
I/O
Input/output. Source: API SPEC 17F, Specification for Subsea Production Control Systems, Second Edition, December 2006 (Reaffirmed April 2011). Global Standards Source: NORSOK D-001, Drilling facilities, Rev. 3, December 2012. Global Standards Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardControl Equipment
Definition(s)
Control Equipment
Control Equipment refers to the installed equipment required to operate and control the ballast water treatment equipment. Source: Resolution MEPC.174(58), revised Guidelines for approval of ballast water management systems (G8), 10 October 2008, International Maritime Organization. Regulatory GuidanceControl Equipment
Class that includes distributed control systems, programmable logic controllers, SCADA systems, associated operator interface consoles, and field sensing and control devices used to manage and control the process.- NOTE: The term also includes field bus networks where control logic and algorithms are executed on intelligent electronic devices that coordinate actions with each other, as well as systems used to monitor the process and the systems used to maintain the process.
Control Equipment
Control Equipment - refers to the installed equipment required for proper functioning of the prototype ballast water treatment technology. Source: Resolution MEPC.140(54), Guidelines for approval and oversight of prototype ballast water treatment technology programmes (G10), 24 March 2006, International Maritime Organization. Regulatory GuidanceArea
Definition(s)
Area
Subset of a site’s physical, geographic, or logical group of assets.- NOTE: An area may contain manufacturing lines, process cells, and production units. Areas may be connected to each other by a site local area network and may contain systems related to the operations performed in that area.
Area
'Area' means the sea-bed and ocean floor and subsoil thereof, beyond the limits of national jurisdiction Source: United Nations Convention on the Law of the Sea (UNCLOS), 1982, LegislationBOP
Definition(s)
BOP
Blow Out Preventer. Source: Norwegian Oil and Gas Association, Guideline No. 135, Recommended Guidelines for Classification and categorization of well control incidents and well integrity incidents, Rev. 4, 27 June 2017, National or Regional StandardsBOP
Equipment installed at the wellhead to contain wellbore pressure either in the annular space between the casing and the tubulars or in an open hole during drilling, completion, testing, or workover operations.
Source: API STANDARD 16AR, Standard for Repair and Remanufacture of Drill-through Equipment, First Edition, April 2017. Global StandardsBOP
Equipment installed on the wellhead or wellhead assemblies to contain wellbore fluids either in the annular space between the casing and the tubulars or in an open hole during well drilling, completion, and testing operations.- NOTE: BOPs are not gate valves, workover/intervention control packages, subsea shut-in devices, well control components (per API 16ST), intervention control packages, diverters, rotating heads, rotating circulating devices, capping stacks, snubbing or stripping packages, or nonsealing rams
BOP
Equipment installed at the wellhead or wellhead assemblies to contain wellbore fluids, either in the annular space between the casing and the tubulars or in an open hole during drilling, completion, testing, or workover operations. Source: API Specification 16A, Specification for Drill-through Equipment, Fourth Edition, April 2017. Global StandardsBOP
Blow-out preventer. Source: ISO 16530-1:2017, Petroleum and natural gas industries - Well integrity – Part 1: Life cycle governance, First Edition, March 2017. Global StandardsBOP
Large, specialized valve used to seal, control, and monitor an oil and gas well. Source: API Standard 2RD, Dynamic Risers for Floating Production Systems, Second Edition, September 2013. Global StandardsBOP
An abbreviation for blowout preventer. Source: API RP 59, Recommended Practice for Well Control Operations, Second Edition, May 2006. Global StandardsBOP
"BOP" means blowout preventer, which is a casinghead assembly equipped with special gates or rams or other pack-offs that can be closed around the drill pipe, tubing, casing, or tools, and that completely close the top of the casing to control well pressure. Source: Alaska Oil and Gas Conservation Commission, Definitions, Alaska Admin. Code tit. 20, § 25.990, December 7, 2012. RegulationBOP
Device attached immediately above the casing, which can be closed to shut in the well. Source: ISO 13624-1:2009, Petroleum and natural gas industries – Drilling and production equipment – Part 1:Design and operation of marine drilling riser equipment. Global StandardsBOP
Blowout preventer. Source: API STANDARD 16AR, Standard for Repair and Remanufacture of Drill-through Equipment, First Edition, April 2017. Global Standards Source: API Specification 16A, Specification for Drill-through Equipment, Fourth Edition, April 2017. Global Standards Source:API SPECIFICATION 19TT, Specification for Downhole Well Test Tools and Related Equipment, First Edition, October 2016. Global Standards Source: API Standard 2RD, Dynamic Risers for Floating Production Systems, Second Edition, September 2013. Global Standards Source: API RP 500, Recommended Practice for Classification of Locations for Electrical Installations at Petroleum Facilities Classified as Class I, Division 1 and Division 2, Third Edition, December 2012, Global Standards Source: API RP 17G, Recommended Practice for Completion/Workover Risers, Second Edition, July 2006 (Reaffirmed April 2011). Global Standards Source: API RP 49, Recommended Practice for Drilling and Well Servicing Operations Involving Hydrogen Sulfide, Third Edition, May 2001. Global Standards Source: API RP 59, Recommended Practice for Well Control Operations, Second Edition, May 2006. Global Standards Source: API RP 64, Recommended Practice for Diverter Systems Equipment and Operations, Second Edition, November 2001 (March 1, 2007). Global Standards Source: API SPEC 7K, Drilling and Well Servicing Equipment Upstream Segment, Fifth Edition, June 2010 (August 2010). Global Standards Source: API SPEC 16A, Specification for Drill-through Equipment, Third Edition, June 2004 (Errata/Supplement November 2004). Global Standards Source: API SPEC 17D, Design and Operation of Subsea Production Systems—Subsea Wellhead and Tree Equipment, Upstream Segment, Second Edition May 2011 (Errata September 2011). Global Standards Source: API STD 53, Blowout Prevention Equipment Systems for Drilling Wells, Upstream Segment, Fourth Edition, November 2012. Global Standards Source: API Bulletin 97, Well Construction Interface Document Guidelines, First Edition, December 2013. Global Standards Source:API SPECIFICATION 7K, Drilling and Well Servicing Equipment, Sixth Edition, December 2015. Global Standards Source: International Association of Drilling Contractors, Appendix 2 to Health, Safety and Environment Case Guidelines for Offshore Drilling Contractors, Issue 3.3.2, February 2010. IADC Guidelines Source: ISO 20815:2008, Petroleum, petrochemical and natural gas industries – Production assurance and reliability management. Global Standards Source: ISO 13624-1:2009, Petroleum and natural gas industries – Drilling and production equipment – Part 1:Design and operation of marine drilling riser equipment. Global Standards Source: ISO 13702:2015, Petroleum and natural gas industries — Control and mitigation of fires and explosions on offshore production installations — Requirements and guidelines, Second Edition, August 2015. Global Standards Source: NOGEPA Industrial Guideline No. 44, Standards and Acceptance Guidelines, Enhance QA/QC for Critical Well Components, Netherlands, Version 0, July 2011. Global Standards Source: NOGEPA Industrial Guideline No. 41, Well Construction Process Checklist, Drilling Best Practices, Netherlands, Version 0, December 2011. Global Standards Source: NOGEPA Industrial Guideline No. 43, Surface BOP Review, Best Practices Checklist, Netherlands, Version 0, December 2011. Global Standards Source: NORSOK D-010, Well integrity in drilling and well operations, Rev. 3, August 2004. Global Standards Source: NORSOK D-002, Well intervention equipment, Rev. 2, June 2013. Global Standards Source: NORSOK D-001, Drilling facilities, Rev. 3, December 2012. Global Standards Source: Oil & Gas UK, Guidelines on subsea BOP systems, Issue 1, July 2012, Global Standards Source: OGP Report No. 476, Recommendations for enhancements to well control training, examination and certification, International Association of Oil & Gas Producers, October 2012. Global Standards Source: Rules for Classification – Offshore units, DNVGL-OU-0101, Offshore drilling and support units, DNV GL, July 2015. Global StandardsANSI
Definition(s)
ANSI
American National Standards Institute. Source: API STD 521, Pressure-relieving and Depressuring Systems, Sixth Edition, January 2014. Global Standards API RP 500, Recommended Practice for Classification of Locations for Electrical Installations at Petroleum Facilities Classified as Class I, Division 1 and Division 2, Third Edition, December 2012, Global Standards Source: API RP 14F, Design, Installation, and Maintenance of Electrical Systems for Fixed and Floating Offshore Petroleum Facilities for Unclassified and Class 1, Division 1 and Division 2 Locations, Fifth Edition, July 2008. Global Standards Source: API RP 49, Recommended Practice for Drilling and Well Servicing Operations Involving Hydrogen Sulfide, Third Edition, May 2001. Global Standards Source: API RP 14G, Recommended Practice for Fire Prevention and Control on Fixed Open-type Offshore Production Platforms: Upstream Segment, Fourth Edition, April 2007. Global Standards Source: API RP 67, Recommended Practice for Oilfield Explosives Safety, Upstream Segment, Second Edition, May 2007. Global Standards Source: API RP 98, Personal Protective Equipment Selection for Oil Spill Responders, First Edition, August 2013. Global Standards Source: API SPEC 16RCD, Specification for Drill Through Equipment—Rotating Control Devices, Upstream Segment, First Edition, February 2005. Global Standards Source: API SPEC 17D, Design and Operation of Subsea Production Systems—Subsea Wellhead and Tree Equipment, Upstream Segment, Second Edition May 2011 (Errata September 2011). Global Standards Source: API SPEC 17F, Specification for Subsea Production Control Systems, Second Edition, December 2006 (Reaffirmed April 2011). Global Standards Source: IADC UBO / MPD Glossary, December 2011. Global Standards Source: Nova Scotia Offshore Petroleum Occupational Health & Safety Requirements, Canada-Nova Scotia Offshore Petroleum Board, Canada, December 2000. Regulations Source: OGP Report No. 456, Process Safety – Recommended Practice on Key Performance Indicators, International Association of Oil & Gas Producers, November 2011. Global Standards Source: Oil and Gas Occupational Safety and Health Regulations, SOR/87-612, Canada, current to April 29, 2013. Regulations Source: Petroleum Safety Orders--Drilling and Production, Definitions, California Code of Regulations, 8 CCR § 6505, December 2012. Regulations Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardANSI
"ANSI" means American National Standards Institute. Source: API RP 64, Recommended Practice for Diverter Systems Equipment and Operations, Second Edition, November 2001 (March 1, 2007). Global Standards Source: Canada Oil and Gas Occupational Safety and Health Regulations, SOR/87-612, February 2013. Regulations Source: Oil and Gas, New Mexico Administrative Code Title 19, Chapter 15, January 2013. Regulations Source: State of Wyoming Occupational Safety and Health Rules and Regulations for Oil and Gas Well Drilling, Revised January 8, 2013. RegulationsApplication
Definition(s)
Application
Software program that performs specific functions initiated by a user command or a process event and that can be executed without access to system control, monitoring, or administrative privileges [9]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardApplication
IT solution, including application software, application data and procedures, designed to help an organization’s users perform particular tasks or handle particular types of IT problems by automating a business process or function. [ISO/IEC 27034-1:2011] Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global StandardsApplication
Application for a Permit to Construct a Sour Gas Pipeline Facility, and all required attachments. Source: Oil and Gas Division, Texas Administrative Code, Title 16, Chapter 3, February 2013. RegulationsAsset
Definition(s)
RP 781 Security Plan
Assets may be categorized in many ways such as:- people,
- hazardous materials (used or produced),
- information,
- environment,
- equipment,
- facilities,
- activities/operations, and
- company reputation.
Asset
A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value. Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned. Adapted from: DHS Risk Lexicon. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsAsset
An identifiable resource with intrinsic financial value that is owned or controlled by the company and which provides benefits to its stakeholders. For the OMS, only tangible assets are relevant. A company may operate assets that are wholly owned or partly owned through joint ventures or other arrangements. Typically, an asset is a facility, or group of facilities, and may comprise land or sea acreage, buildings, plant, engineered structures, hardware or software, fixed or mobile equipment, vessels, aircraft: and road vehicles, terminals, pipelines, offices or retail outlets. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsAsset
An asset is any person, environment, facility, material, information, business reputation, or activity that has a positive value to an owner. The asset may have value to a threat, as well as an owner, although the nature and magnitude of those values may differ.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsAsset
Anything that has value to an individual, an organization or a government.- NOTE Adapted from ISO/IEC 27000 to make provision for individuals and the separation of governments from organizations (4.37).
Asset
Person, structure, facility, information, material, or process that has value. Sample Usage: Some organizations use an asset inventory to plan protective security activities. Extended Definition: includes contracts, facilities, property, records, unobligated or unexpended balances of appropriations, and other funds or resources, personnel, intelligence, technology, or physical infrastructure, or anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned; from an intelligence standpoint, includes any resource – person, group, relationship, instrument, installation, or supply – at the disposal of an intelligence organization for use in an operational or support role. Annotation: In some domains, capabilities and activities may be considered assets as well. In the context of the National Infrastructure Protection Plan, people are not considered assets. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceAsset
Any person, facility, material, information, business reputation, or activity that has value to an operator.
Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional StandardsAsset
Facilities and associated infrastructure, e.g. structures, wells, pipelines, reservoirs, accommodation & support services. Source: OGP Report No. 415, Asset integrity – the key to managing major incident risks, International Association of Oil & Gas Producers, December 2008. Global StandardsAsset
Physical or logical object owned by or under the custodial duties of an organization, having either a perceived or actual value to the organization.- NOTE: In the case of industrial automation and control systems the physical assets that have the largest directly measurable value may be the equipment under control.
RNNP
Definition(s)
RNNP
Risk level Norwegian Petroleum industry. Source: Norwegian Oil and Gas Association, Guideline No. 135, Recommended Guidelines for Classification and categorization of well control incidents and well integrity incidents, Rev. 4, 27 June 2017, National or Regional StandardsRNNP
Risikonivå i norsk petrolumsvirksomhet (Risk level in Norwegian petroleum activity) - see also RNNS. Source: 117 OLF, Norwegian Oil and Gas Association recommended guidelines for Well Integrity, No. 117, Revision No. 4, June 2011. Global StandardsVulnerability
Definition(s)
Vulnerability
Flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's integrity or security policy [11]. Source: DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardVulnerability
A weakness that can be exploited by a threat to gain access to an asset. Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsVulnerability
A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized. Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsVulnerability
An object, condition or circumstance with the potential for an adverse, harmful or damaging outcome. Vulnerability is a general expression for more specific terms such as a hazard, effect, impact or threat related to activities, assets or projects. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsVulnerability
Weakness of an asset or control that can be exploited by one or more threats. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global StandardsVulnerability
[Vulnerability shall be considered in the analysis and] is defined as any weakness that can be exploited by a threat in order to gain access to an asset and to succeed in a malevolent act against that asset. Vulnerability is determined by evaluating the inability to Deter, Detect, Delay, Respond to, and Recover from a threat in a manner sufficient to limit the likelihood of success of the threat, or to reduce the impacts of the event through such measures as interdiction, response, suppression of effects, emergency management, and resilience.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsVulnerability
A weakness that can be exploited by a threat to gain access to an asset, to include building characteristics, equipment properties, personnel behavior, locations of personnel, equipment, or operational and personnel practices.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsVulnerability
Weakness of an asset or control that can be exploited by a threat. [ISO/IEC 27000:2009] Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global StandardsVulnerability
Physical feature or operational attribute that renders an entity, asset, system, network, or geographic area open to exploitation or susceptible to a given hazard Sample Usage: Installation of vehicle barriers may remove a vulnerability related to attacks using vehicle-borne improvised explosive devices. Extended Definition: characteristic of design, location, security posture, operation, or any combination thereof, that renders an entity, asset, system, network, or geographic area susceptible to disruption, destruction, or exploitation. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceVulnerability
Any weakness that can be exploited by an adversary to gain access or cause damage to an asset.- Note: Vulnerabilities include asset characteristics, equipment properties, personnel behaviour, locations of people, equipment, buildings, and operational and personnel practices.
Vulnerability
Intrinsic properties of something resulting in susceptibility to a risk source (3.5.1.2) that can lead to an event with a consequence (3.6.1.3). Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Management
Definition(s)
Risk Management
The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsRisk Management
Coordinated activities to direct and control an organization with regard to risk. Source: API Bulletin 97, Well Construction Interface Document Guidelines, First Edition, December 2013. Global StandardsRisk Management
Process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsRisk Management
Process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Sample Usage: The organization employed risk management to understand and reduce the risk it faced. Annotation: Effective risk management improves the quality of decision making. Risk management principles acknowledge that, while risk often cannot be eliminated, actions can usually be taken to control risk. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceRisk Management
Risk management inter alia includes assessment and evaluation of risk, as well as planning and implementation of risk reducing measures: Source: Guidance Notes on Petroleum and Natural Gas (Safety in Offshore Operations) Rules, 2008, Oil Industry Safety Directorate (India), 2012. Regulatory GuidanceRisk Management
Coordinated activities to direct and control an organization with regard to risk. [SOURCE: ISO Guide 73:2009] Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global StandardsRisk Management
Coordinated activities to direct and control an organization with regard to risk. Other Related Terms and Definitions: ISO Guide 73 – Coordinated activities to direct and control an organization with regard to risk. Source: International Association of Drilling Contractors, Appendix 2 to Health, Safety and Environment Case Guidelines for Offshore Drilling Contractors, Issue 3.3.2, February 2010. IADC GuidelinesRisk Management
Coordinated activities to direct and control an organization with regard to risk (1.1). Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Management
The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Extended Definition: Includes:- conducting a risk assessment;
- implementing strategies to mitigate risks;
- continuous monitoring of risk over time; and
- documenting the overall risk management program.
Risk Management
Process of identifying and applying countermeasures commensurate with the value of the assets protected based on a risk assessment [9]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardPSA
Definition(s)
PSA
Petroleum Safety Authority. Source: Norwegian Oil and Gas Association, Guideline No. 135, Recommended Guidelines for Classification and categorization of well control incidents and well integrity incidents, Rev. 4, 27 June 2017, National or Regional Standards Source: 117 OLF, Norwegian Oil and Gas Association recommended guidelines for Well Integrity, No. 117, Revision No. 4, June 2011. Global StandardsPSA
Petroleum Safety Authority Norway. Source: International Association of Drilling Contractors, Appendix 2 to Health, Safety and Environment Case Guidelines for Offshore Drilling Contractors, Issue 3.3.2, February 2010. IADC Guidelines Source: NORSOK D-002, Well intervention equipment, Rev. 2, June 2013. Global StandardsHC
Definition(s)
HC
Hydrocarbons. Source: Norwegian Oil and Gas Association, Guideline No. 135, Recommended Guidelines for Classification and categorization of well control incidents and well integrity incidents, Rev. 4, 27 June 2017, National or Regional StandardsHC
Hydrocarbon. Source: Resolution MEPC.177(58), amendments to the Technical Code on Control of Emission of Nitrogen Oxides from Marine Diesel Engines, 10 October 2008, International Maritime Organization. Regulatory Guidance Source: International Association of Drilling Contractors, Appendix 2 to Health, Safety and Environment Case Guidelines for Offshore Drilling Contractors, Issue 3.3.2, February 2010. IADC Guidelines Source: ISO 13702:2015, Petroleum and natural gas industries — Control and mitigation of fires and explosions on offshore production installations — Requirements and guidelines, Second Edition, August 2015. Global Standardshc
Soil back flow depth.
Source: ABS Guidance Notes on Geotechnical Performance of Spudcan Foundations, January 2017. Global StandardsIACS
Definition(s)
IACS
International Association of Classification Societies. Source: IMO resolution A.1021(26), Guidelines for ships operating in polar waters, 18 January 2010, International Maritime Organization. Regulatory Guidance Source: ISO 19901-7:2013, Petroleum and natural gas industries – Specific requirements for offshore structures – Part 7: Stationkeeping systems for floating offshore structures and mobile offshore units. Global Standards Source: ISO 19905-1:202, Petroleum and natural gas industries – Site-specific assessment of mobile offshore units – Part 1: Jack-ups. Global StandardsIACS
International Association of Classification Societies. Unified rules, interpretations, guidelines and recommendations may be found on www.iacs.org.uk. Source: Rules for Classification – Offshore units, DNVGL-OU-0101, Offshore drilling and support units, DNV GL, July 2015. Global StandardsIACS
Industrial Automation and Control Systems. Source: DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardIntegrity
Definition(s)
Integrity
Minimum structural capability required to enable the piping system to fulfil its function. Source: ISO 14692-1:2017, Petroleum and natural gas industries — Glass-reinforced plastics (GRP) piping — Part 1: Vocabulary, symbols, applications and materials, Second Edition, August 2017. Global StandardsIntegrity
The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner. Extended Definition: A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination. Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542, SANS; From SAFE-BioPharma Certificate Policy 2.5. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIntegrity
The consistent design, construction and maintenance of assets and activities to achieve safe and reliable operations and products. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsIntegrity
Property of accuracy and completeness. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global StandardsIntegrity
Integrity, for a well, means that the potential producing or injection zone in the well bore:- is under control, in accordance with an accepted well operations management plan; and
- is able to contain reservoir fluids; and
- is subject only to risks that have been reduced to a level that is as low as reasonably practicable.
Integrity
Quality of a system reflecting the logical correctness and reliability of the operating system, the logical completeness of the hardware and software implementing the protection mechanisms, and the consistency of the data structures and occurrence of the stored data [9].- NOTE: In a formal security mode, integrity is often interpreted more narrowly to mean protection against unauthorized modification or destruction of information.
Audit
Definition(s)
Audit
An evaluation of a security assessment or security plan performed by an owner or operator, the owner or operator's designee, or an approved third-party that is intended to identify deficiencies, non-conformities, and inadequacies that would render the assessment or plan insufficient.
Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsAudit
Documented investigation conducted by the purchaser to verify that applicable requirements are being implemented. Source: API SPEC 17L1, Specification for Flexible Pipe Ancillary Equipment, First Edition, March 2013. Global StandardsAudit
Audit means a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. Source: IMO Resolution A.1083(28), Amendments to International Convention on Load Lines, 1966, 10 December 2013, Regulations Source: IMO Resolution A.1085(28), Amendments to the Convention on the International Regulations for Preventing Collisions at Sea, 1972, , 10 December 2013, Regulations Source: IMO Resolution A.1084(28), Amendments to International Convention on Tonnage Measurement of Ships, 1969, 10 December 2013, RegulationsAudit
A formal, scheduled evaluation of an activity or asset with pre-determined objectives, criteria and protocols to test compliance against OMS expectations, implementation and/or performance. Audits vary in extent of independence and impartiality. This depends on whether the assessment is performed locally within an activity or asset based on "self-assessment"; by auditors appointed internally from other parts of the organisation; or by third parry auditors who are external to the company (imposed, invited). Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsAudit
Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.- Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
- Note 2 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
Audit
A documented activity aimed at verifying by examination and evaluation that the applicable elements of the quality programme continue to be effectively implemented. Source: Rules and Regulations for the Classification of Mobile Offshore Units, Part 4, Steel Unit Structures, June 2013, Lloyd’s Register, Global StandardsAudit
Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.- NOTE: 1 Internal audits, sometimes called first party audits, are conducted by the organization itself, or on its behalf, for management review and other internal purposes (e.g. to confirm the effectiveness of the management system or to obtain information for the improvement of the management system). Internal audits can form the basis for an organization’s self-declaration of conformity. In many cases, particularly in small organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest.
- NOTE: 2 External audits include second and third party audits. Second party audits are conducted by parties having an interest in the organization, such as customer, or by other persons on their behalf. Third party audits are conducted by independent auditing organizations, such as regulator or those providing certification.
- NOTE: 3 When two or more management systems of different disciplines (e.g. quality, environmental, occupational, health and safety) are audited together, this is termed a combined audit.
- NOTE: 4 When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.
- NOTE: 5 Adapted from ISO 9000:2005, definition 3.9.1.
Audit
A systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. Note: CSA Standard CAN/CSA-ISO 9000:05. Source: Environmental Protection Plan Guidelines, The Canada-Newfoundland and Labrador Offshore Petroleum Board, Canada-Nova Scotia Offshore Petroleum Board, and National Energy Board, Canada, March 31, 2011. Regulatory Guidance Source: Safety Plan Guidelines, The Canada-Newfoundland and Labrador Offshore Petroleum Board, Canada-Nova Scotia Offshore Petroleum Board, and National Energy Board, Canada, March 31, 2011. Regulatory GuidanceAudit
Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures (See “security audit”) [9].- NOTE: There are three forms of audit.
- (1) External audits are conducted by parties who are not employees or contractors of the organization.
- (2) Internal audit are conducted by a separate organizational unit dedicated to internal auditing. (3) Controls self assessments are conducted by peer members of the process automation function.
Audit
In this regulation, “audit” means systematic assessment of the adequacy of the management system to achieve the purpose referred to in paragraph (1)(a) carried out by persons who are sufficiently independent of the system (but who may be employed by the duty holder) to ensure that such assessment is objective. Source: The Offshore Installations (Safety Case) Regulations 2005, UK S.I. 2005/3117, 2005. RegulationsSystem
Definition(s)
System
Assembled section of piping consisting of a representative range of pipes, fittings, connections, attachments, supports, penetrations and associated coatings, e.g. for thermal insulation or fire protection, as can be found in service. Source: ISO 14692-1:2017, Petroleum and natural gas industries — Glass-reinforced plastics (GRP) piping — Part 1: Vocabulary, symbols, applications and materials, Second Edition, August 2017. Global StandardsSystem
Combination of interacting elements organized to achieve one or more stated purposes. A system can consist of products (tools used to achieve a specific task), equipment, services and/or people. Source: IMO MSC.1/Circ.1512, Guideline on Software Quality Assurance and Human-Centred Design for e-navigation, 8 June 2015, International Maritime Organization. Regulatory GuidanceSystem
A set of interacting or interdependent elements forming an integrated process to manage an activity. The OMS is termed a "framework". It provides a structure to organize all a company's operating systems and other sub-systems, such as procedures. The OMS Framework applies to all levels of an organisation, but each level may add additional systems and sub-systems to manage risks specific to its activities, creating a "local" or "asset" OMS. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsSystem
Any combination of facilities, equipment, personnel, procedures, and communications integrated for a specific purpose.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsSystem
Combination of interacting elements organized to achieve one or more stated purposes (ISO 15288).- EXAMPLE: Air transportation system.
System
Integrated composite of people, products, and processes that provide a capability to satisfy a stated need or objective. Source: API RP 98, Personal Protective Equipment Selection for Oil Spill Responders, First Edition, August 2013. Global StandardsSystem
Any combination of facilities, equipment, personnel, procedures, and communications integrated for a specific purpose. Sample Usage: The collection of roads, tunnels, and bridges provided the country with the foundation for a useful transit system. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceSystem
System refers to the fixed hydrocarbon gas detection system. Source: IMO MSC.1/Circ.1370, Guidelines for the design, construction and testing of fixed hydrocarbon gas detection systems, 22 June 2010, International Maritime Organization. Regulatory GuidanceSystem
Interacting, interrelated, or interdependent elements forming a complex whole.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardSystem
“System” means occupational health and safety management system required pursuant to these Requirements, unless the context otherwise requires. Source: Nova Scotia Offshore Petroleum Occupational Health & Safety Requirements, Canada-Nova Scotia Offshore Petroleum Board, Canada, December 2000. RegulationsRisk
Definition(s)
Risk
The product of the likelihood and the consequence of a threat being realized. Source: DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global StandardsRisk
Combination of the consequences of an event and the associated likelihood of its occurrence.
Source: ISO 16530-1:2017, Petroleum and natural gas industries — Well integrity – Part 1: Life cycle governance, First Edition, March 2017. Global StandardsRisk
Combination of the probability of occurrence of harm and the severity of that harm- Note 1 to entry: A more general definition of risk is given in ISO Guide 73:2009 and is “effect of uncertainty” where:
- an effect is a deviation from the expected, and
- uncertainty is a state of having limited knowledge where it is impossible to exactly describe the existing state and future outcomes.
Risk
The potential for damage to or loss of an asset. Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsRisk
The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences. Adapted from: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, SAFEBioPharma Certificate Policy 2.5. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsRisk
Combination of the probability of occurrence of harm and the severity of that harm. [SOURCE: ISO/IEC Guide 51:2014] Source: ISO 13702:2015, Petroleum and natural gas industries — Control and mitigation of fires and explosions on offshore production installations — Requirements and guidelines, Second Edition, August 2015. Global StandardsRisk
A measure of potential injury, environmental damage, or economic loss in terms of both the incident likelihood and the severity of the loss or injury.- NOTE: API 752 [10] provides additional discussion of risk.
Risk
Effect of uncertainty on objectives. [SOURCE: ISO Guide 73:2009]- Note 1 to entry: An effect is a deviation from the expected — positive or negative.
- Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
- Note 3 to entry: Risk is often characterized by reference to potential events and consequences, or a combination of these.
- Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
- Note 5 to entry: In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.
- Note 6 to entry: Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset.
Risk
The combination of likelihood (frequency) and severity (consequence) of potential adverse impacts, from actions or events, on the environment or people. (IPIECA, 2010) Source: Identifying and assessing water sources: Guidance document for the onshore oil and gas industry, International Petroleum Industry Environmental Conservation Association (IPIECA), 2014. Global StandardsRisk
Situation or circumstance that has both a likelihood of occurring and a potentially negative consequence. Source: API SPEC Q1, Specification for Quality Management System Requirements for Manufacturing Organizations for the Petroleum and Natural Gas Industry, Ninth Edition, June 2013 (Errata 2, March 2014). Global Standards Source: API Spec Q2, Specification for Quality Management System Requirements for Service, Supply Organizations for the Petroleum and Natural Gas Industries, Upstream Segment, First Edition, December 2011. Global StandardsRisk
The product of the chance that a specific adverse event will occur and the severity of the consequences of the event. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsRisk
The potential for damage to or loss of an asset. Risk, in the context of security, is the potential for a negative outcome to be realized from an intentional act. For chemical and petroleum facilities, examples of the catastrophic outcomes that are typically of interest include an intentional release of hazardous materials to the atmosphere, the theft of hazardous materials that could later be used as improvised weapons, the contamination of hazardous materials that may later harm the public, or the economic costs of the damage or disruption of a process. For the API SRA methodology, risk can be expressed as:- existing risk-the estimate of risk with existing countermeasures (R1)-and
- proposed risk-the estimate of risk with the addition of proposed countermeasures (R2).
Risk
Probability and consequences of exposure to a hazard, hazardous environment, or situation that could result in harm to personnel, the environment, or general public. Source: API RP 98, Personal Protective Equipment Selection for Oil Spill Responders, First Edition, August 2013. Global StandardsRisk
Effect of uncertainty on objectives. <ISO 31000>- NOTE 1 An effect is a deviation from the expected-positive and/or negative.
- NOTE 2 Objectives can have different aspects (such as health, safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, and process).
- NOTE 3 Risk is often characterized by reference to potential events and consequences, or a combination.
- NOTE 4 Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
Risk
'Risk' means the combination of the probability of an event and the consequences of that event. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRisk
Risks as mentioned in the second subsection, may include accumulation of flammable gases, risk of increased explosion pressure and potential reduced access for firefighting. Source: Guidelines Regarding the Facilities Regulations, Norway, updated December 2012. Regulatory GuidanceRisk
Risk means a combination of probability and consequence. In the area of health, safety and working environment, this means a combination of probability of harm and the degree of severity of the harm in the form of fatalities, personal injuries or other health hazards, reduction in health condition or loss of financial assets. Source: Guidelines Regarding the Framework Regulations, Norway, updated December 2012. Regulatory GuidanceRisk
Risk means the likelihood of a specific, undesired, event occurring within a specific period or in specified circumstances. Note A risk may be understood as a frequency (the number of specified events occurring within a period) or a probability (the likelihood of a specific event following another event). Source: Offshore Petroleum and Greenhouse Gas Storage (Resource Management and Administration) Regulations 2011 (Select Legislative Instrument 2011 No. 54 as amended), Australia, prepared on 1 January 2012. RegulationsRisk
The probability of exposure to a hazard which could result in harm to personnel, property, the environment or general public. API RP 2009, Safe Welding, Cutting, and Hot Work Practices in the Petroleum and Petrochemical Industries, Seventh Edition, February 2002 (Reaffirmed, March 2012), Global Standards API RP 2201, Safe Hot Tapping Practices in the Petroleum & Petrochemical Industries, Fifth Edition, July 2003 (Reaffirmed October 2010), Global StandardsRisk
A measure of probability and severity of a hazard. Source: Incident Reporting and Investigation Guidelines, The Canada-Nova Scotia Offshore Petroleum Board and Canada-Newfoundland and Labrador Offshore Petroleum Board, Canada, November 30, 2012. Regulatory Guidance Source: Nova Scotia Offshore Petroleum Occupational Health & Safety Requirements, Canada-Nova Scotia Offshore Petroleum Board, Canada, December 2000. RegulationsRisk
Effect of uncertainty on objectives- NOTE: Adapted from ISO Guide 73:2009, definition 1.1.
Risk
The probability that a particular undesirable event will result in a specific consequence, measured in terms of a combination of the consequences of an event and the likelihood of the event occurring (AS/NZS 4360). E.g. The likelihood that exposure to harmful noise levels and/or ototoxins will result in hearing loss. Source: NOPSEMA Guidance Note: Noise Management—Principles of Assessment and Control, N-09000-GN0401, Australia, Revision 3, December 2011. Regulatory GuidanceRisk
The qualitative or quantitative likelihood of an accidental or unplanned event occurring considered in conjunction with the potential consequences of such a failure. In quantitative terms, risk is the quantified probability of a defined failure mode times its quantified consequence. Source: Offshore Standard DNV-OS-C101, Design of Offshore Steel Structures, General (LRFD Method, Det Norske Veritas, April 2011. Global Standards Source: Verification of Lifting Appliances for the Oil and Gas Industry, DNV-OSS-308, October 2010, Det Norske Veritas AS, Global StandardsRisk
In this context, “risk” means both risk to individuals in question, and any risk their impaired function may pose to the safety of other personnel, the installation or to the environment. Source: Safety Plan Guidelines, The Canada-Newfoundland and Labrador Offshore Petroleum Board, Canada-Nova Scotia Offshore Petroleum Board, and National Energy Board, Canada, March 31, 2011. Regulatory Guidance Source: Rules for Classification and Construction, IV Industrial Services, 6 Offshore Technology, 9 Guideline for Personnel Transfers by Means of Lifting Appliances, Edition 2011, Germanischer Lloyd SE, Global StandardsRisk
Potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences Sample Usage: The team calculated the risk of a terrorist attack after analyzing intelligence reports, vulnerability assessments, and consequence models. Extended Definition: potential for an adverse outcome assessed as a function of threats, vulnerabilities, and consequences associated with an incident, event, or occurrence Annotation:- Risk is defined as the potential for an unwanted outcome. This potential is often measured and used to compare different future situations.
- Risk may manifest at the strategic, operational, and tactical levels.
- For terrorist attacks or criminal activities, the likelihood of an incident, event, or occurrence can be estimated by considering threats and vulnerabilities.
Risk
Combination of the probability of occurrence of a consequence and the severity of that consequence. Other Related Terms and Definitions: ISO Guide 73 – Combination of the probability of an event and its consequences. ISO-17776 – Combination of probability of an event and the consequences of the event. IADC HSE Case Guidelines Issue 02 – Means the likelihood that a specified undesired event will occur due to the realization of a hazard by, or during, activities, or by the products and services created by activities. The combination of the frequency, or probability, and the consequence of a specified hazardous event. Source: International Association of Drilling Contractors, Appendix 2 to Health, Safety and Environment Case Guidelines for Offshore Drilling Contractors, Issue 3.3.2, February 2010. IADC GuidelinesRisk
Probability of harm to be caused to people's life or health, natural persons' or legal entities' property, state or municipal property, the environment, the life or health of animals and plants taking account of the gravity of this harm. Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsRisk
The measure of potential damage to or loss of an asset based on the probability of an undesired occurrence. Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional StandardsRisk
The probability and consequences of exposure to a hazard, hazardous environment or situation which could result in harm. Source: API Standards 2217A, Guidelines for Safe Work in Inert Confined Spaces in the Petroleum and Petrochemical Industries, Fourth Edition, July 2009. Global StandardsRisk
Effect of uncertainty on objectives.- NOTE 1 An effect is a deviation from the expected —positive and/or negative.
- NOTE 2 Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).
- NOTE 3 Risk is often characterized by reference to potential events (3.5.1.3) and consequences (3.6.1.3), or a combination of these.
- NOTE 4 Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (3.6.1.1) of occurrence.
- NOTE 5 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
Risk
A combination of the chance that a specified undesired event will occur and the severity of the consequences of that event (ISO 15544). Source: NOGEPA Industrial Guideline No. 7, Rescue at Sea, Netherlands, Version 0, January 2008. Global StandardsRisk
Combination of the probability of an event and the consequences of the event. Source: ISO 20815:2008, Petroleum, petrochemical and natural gas industries – Production assurance and reliability management. Global Standards Source: ISO 17776:2000, Petroleum and natural gas industries – Offshore production installations – Guidelines on tools and techniques for hazard identification and risk assessment. Global StandardsRisk
Expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular consequence [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardRisk
Risk is a term in general usage to express the combination of the likelihood that a specific hazardous event will occur and the consequences of that event. Using this definition, the level of risk may be judged by estimating the likelihood of the hazardous event that can occur and the consequence that may be expected to follow from it. Source: API STD 689, Collection and Exchange of Reliability and Maintenance Data for Equipment, First Edition, July 2007. Global StandardsRisk
Combination of the chance that a specified hazardous event will occur and the severity of the consequences of the event. Source: ISO 15544:2000, Petroleum and natural gas industries – Offshore production installations – Requirements and guidelines for emergency. Global StandardsRisk
Combination of the probability of occurrence of harm and the severity of that harm. Source: ISO/IEC Guide 51:1999, Safety aspects – Guidelines for their inclusion in standards, Global StandardsRisk
A risk is the possibility that someone will be harmed by an identified hazard. The extent of the risk includes the numbers of people who might be affected by the risk. Source: Commercial Diving Projects Offshore, Diving at Work Regulations 1997, Approved Code of Practice (UK HSE L103), First Edition, 1998. RegulatoryRisk
The product of the chance that a specified undesired event will occur and the severity of the consequences of the event. Source: OGP Report No. 6.36/210, Guidelines for the Development and Application of Health, Safety and Environmental Management Systems, International Association of Oil & Gas Producers, July 1994. Global StandardsRisk
The likelihood of an undesired event with specified consequences occurring within a specific period or in specified circumstances. It is numerically expressed as a frequency or as a probability. Source: Approved Code of Practice for Managing Hazards to Prevent Major Industrial Accidents, Health and Safety in Employment Act 1992, Department of Labour, New Zealand, July 1994. Regulatory GuidanceRisico (Dutch)
„risico”: de combinatie van de waarschijnlijkheid van een gebeurtenis en de gevolgen van de gebeurtenis;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRisque (French)
«risque», la combinaison de la probabilité d’un événement et des conséquences de cet événement;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRisiko (Danish)
»risiko«: kombinationen af sandsynligheden for en hændelse og konsekvenserne af denne hændelse. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRiesgo (Spanish)
«riesgo»: la combinación de la probabilidad de un suceso y de sus consecuencias;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRisc (Romanian)
„risc” înseamnă combinația dintre probabilitatea unui eveniment și consecințele evenimentului respectiv;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRisiko (German)
„Risiko“ die Kombination aus der Wahrscheinlichkeit eines Ereignisses und seinen Folgen. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. Legislationκίνδυνος (Greek)
«κίνδυνος» σημαίνει τον συνδυασμό της πιθανότητας ενός συμβάντος και των επιπτώσεων του εν λόγω συμβάντος. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRischio (Italian)
«rischio»: la combinazione della probabilità di un evento e delle conseguenze di tale evento. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRyzyko (Polish)
„ryzyko” oznacza połączenie prawdopodobieństwa wystąpienia danego zdarzenia ze skutkami tego zdarzenia. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRisco (Portuguese)
«Risco», a combinação da probabilidade de um evento e das consequências desse evento. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRisk (Swedish)
risk: en kombination av sannolikheten för en händelse och konsekvenserna av händelsen.. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRiskillä (Finnish)
’riskillä’ tarkoitetaan tapahtuman todennäköisyyden ja kyseisen tapahtuman seurausten yhdistelmää;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationTveganje (Slovenian)
„tveganje“ pomeni kombinacijo verjetnosti dogodka in njegovih posledic;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRiziko (Slovak)
„riziko“ je kombinácia pravdepodobnosti udalosti a následkov tejto udalosti;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRizika (Lithuanian)
rizika – įvykio tikėtinumo ir to įvykio padarinių derinys;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationKockázat (Hungarian)
„kockázat”: valamely esemény valószínűségének és következményeinek a kombinációja;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRiskju (Maltese)
'‧riskju‧ tfisser il-kombinazzjoni tal-probabbiltà li jseħħ avveniment u tal-konsegwenzi ta' dak l-avveniment;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRisks (Latvian)
“risks” ir kāda notikuma varbūtības un minētā notikuma seku apvienojums;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRisk (Estonian)
„risk”– vahejuhtumi toimumise tõenäosuse ja selle tagajärgede kombinatsioon;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. LegislationRizikem (Czech)
„rizikem“ kombinace pravděpodobnosti události a jejích následků;. Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. Legislationриск (Bulgarian)
„риск“ означава комбинацията от вероятността за настъпване на дадено събитие и последиците от него;.
Source: DIRECTIVE 2013/30/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 June 2013 on safety of offshore oil and gas operations and amending Directive 2004/35/EC. Legislation
Reliability
Definition(s)
Reliability
Ability of a component or system to perform its required function without failure during a specified time interval routine personnel transfer everyday routine personnel transfer, without specific supporting documentation (i.e. DNV GL approved personnel transfer procedure) Source: Offshore Gangways, DNVGL-ST-0358, DNV GL, September 2017. Global StandardsReliability
Ability of an item to perform a required function under given conditions for a given time interval. Source: ISO 16530-1:2017, Petroleum and natural gas industries — Well integrity – Part 1: Life cycle governance, First Edition, March 2017. Global Standards Source: Rules for Classification and Construction, IV Industrial Services, 6 Offshore Technology, 9 Guideline for Personnel Transfers by Means of Lifting Appliances, Edition 2011, Germanischer Lloyd SE, Global StandardsReliability
The ability of a component or a system to perform its required function under given conditions for a given time interval. Source: Rules for Classification – Offshore units, DNVGL-OU-0101, Offshore drilling and support units, DNV GL, July 2015. Global StandardsReliability
Indicator of the extent to which examination scores are consistent across different examination times and locations, different examination forms and different examiners [SOURCE: ISO/IEC 17024:2012, 3.18]. Source: ISO/IEC TS 17027:2014, Conformity assessment – Vocabulary related to competence of persons used for certification of persons, Global StandardsReliability
Property of consistent intended behaviour and results. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global StandardsReliability 3.1.8
R(t) 〈measure〉 probability for an item to perform a required function under given conditions over a given time interval z S m = − Note 1 to entry: This is a time-dependent parameter. Note 2 to entry: This parameter is related on a continuous functioning from 0 to t. Note 3 to entry: For non-repairable items, Reliability and Availability are identical Note 4 to entry: In IEC 60500–191[14], the reliability is defined both as ability and as measure. Source: ISO/TR 12489:2013(E) Reliability modelling and calculation of safety systems. Global StandardsReliability
Ability of a structure or a structural component to fulfill the specified requirements. Source: ISO 19900:2013, Petroleum and natural gas industries – General requirements for offshore structures. Global StandardsReliability
The ability of a component or a system to perform its required function without failure during a specified time interval. Source: Offshore Standard DNV-OS-C101, Design of Offshore Steel Structures, General (LRFD Method, Det Norske Veritas, April 2011. Global StandardsReliability
Proportion of occasions a barrier or equipment item will function as designed (%). Source: OGP Report No. 415, Asset integrity – the key to managing major incident risks, International Association of Oil & Gas Producers, December 2008. Global StandardsReliability
Ability of an item to perform a required function under given conditions for a given time interval.- NOTE: 1 The term “reliability” is also used as a measure of reliability performance and may also be expressed as a probability.
Reliability
Ability of a system to perform a required function under stated conditions for a specified period of time.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardReliability
Ability of an item to perform a required function under given conditions for a given time interval.- NOTE: 1 The term “reliability” is also used as a measure of reliability performance and can also be defined as a probability.
- NOTE: 2 For more detailed definitions and interpretations, see Annex C.