Glossary
Browse the IADC Lexicon alphabetically or by category. Get comprehensive definitions of drilling industry terms.
Form of Compliance Confirmation
Definition(s)
Form of compliance confirmation
A certain procedure for certification by documents of compliance of products or other objects, processes of design (including survey works), production, construction, installation, adjustment, operation, storage, transportation, sale and reclamation, performance of works or rendering of services with the requirements of technical regulations, provisions of standards or terms of contracts. (as amended by the Federal Law dated 01.05.2007 No. 65-FZ) Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsDeclaration of Compliance
Definition(s)
Declaration of compliance
A form of confirmation of the products' compliance with the requirements of technical regulations. Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsControl (supervision) over compliance with the requirements of technical regulations
Definition(s)
Control (supervision) over compliance with the requirements of technical regulations
Verification of compliance by the legal entity or individual entrepreneur with the requirements of technical regulations for products, or processes of design (including survey works), production, construction, installation, adjustment, operation, storage, transportation, sale and reclamation, and taking measures according to the results of verification. (as amended by the Federal Law dated 01.05.2007 No. 65-FZ) Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsCompliance Mark
Definition(s)
Compliance mark
A note used to inform purchasers that a certificate object complies with the requirements of a voluntary certification system or national standard. Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsCompliance Evaluation
Definition(s)
Compliance evaluation
Direct or indirect determination of an object's compliance with the requirements. Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsCompliance Declaration
Definition(s)
Compliance declaration
A document certifying that the products released for circulation comply with the requirements of technical regulations. Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsCompliance Confirmation
Definition(s)
Compliance confirmation
Certification by documents of compliance of the products or other objects, processes of design (including survey works), production, construction, installation, adjustment, operation, storage, transportation, sale and reclamation, performance of works or rendering of services with the requirements of technical regulations, provisions of standards, sets of rules or terms of contracts. (as amended by the Federal Law dated 01.05.2007 No. 65-FZ) Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsCompliance Certificate
Definition(s)
Compliance certificate
A document certifying object's compliance with the requirements of technical regulations, provisions of standards, sets of rules or terms of contracts. (as amended by the Federal Law dated 01.05.2007 No. 65-FZ) Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsCertification System
Definition(s)
Certification system
The set of rules of performance of works in the sphere of certification, its participants and rules of functioning of the certification system as a whole. Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsCertification Body
Definition(s)
Certification body
An organization independent of the manufacturer that has demonstrated adequate competence, authority, and credibility to perform independent and objective audits of another organization in order to provide verification of the adequate qualification/competency of the audited organization’s personnel and evidence that the audited organization’s products satisfy applicable requirements.
Source: API STANDARD 18LCM, Product Life Cycle Management System Requirements for the Petroleum and Natural Gas Industries, First Edition, April 2017. Global StandardsCertification body
A legal entity or an individual entrepreneur accredited in accordance with the established procedure to perform work in the sphere of certification. Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsCertification body
Third-party conformity assessment body operating certification schemes for persons.- Note: 1 to entry: A certification body can be non-governmental or governmental, with or without regulatory authority.
Certification
Definition(s)
Certification
A form of confirmation by the certification body of objects' compliance with the requirements of technical regulations, provisions of standards, sets of rules or terms of contracts. (as amended by the Federal Law dated 01.05.2007 No. 65-FZ) Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsCertification
third-party attestation related to persons [SOURCE: ISO/IEC 17000:2004, 5.5, modified]. Source: ISO/IEC TS 17027:2014, Conformity assessment – Vocabulary related to competence of persons used for certification of persons, Global StandardsCertification
A statement of professional opinion based upon knowledge and belief. Source: Oil and Gas Division, Texas Administrative Code, Title 16, Chapter 3, February 2013. RegulationsCertification
A service confirming compliance with applicable requirements on the date that the survey was completed Source: Rules for Classification – Offshore units, DNVGL-OU-0101, Offshore drilling and support units, DNV GL, July 2015. Global StandardsApplicant
Definition(s)
Applicant
“Applicant” or “person” means a natural person, corporation, association, partnership, receiver, trustee, executor, administrator, guardian, fiduciary, or other representative of any kind, and includes any government or a political subdivision or agency thereof. The masculine gender, in referring to a person, includes the feminine and the neuter genders. Source: Division of Mineral Resources Management - Oil and Gas, Ohio Administrative Code, Chapter 1501:9, January 2012. RegulationsApplicant
person who has submitted an application to be admitted into a certification process. [SOURCE: ISO/IEC 17024:2012, 3.13]. Source: ISO/IEC TS 17027:2014, Conformity assessment – Vocabulary related to competence of persons used for certification of persons, Global StandardsApplicant
A natural person or legal entity which in order to prove compliance adopts the compliance declaration or applies for or receives a compliance certificate. (as amended by the Federal Law dated 01.05.2007 No. 65-FZ) Source: Federal Law on Technical Regulation, No. 184-FZ, Russian Federation, December 2002 (amended September 2010). RegulationsApplicant
APPLICANT shall mean the person who institutes a proceeding before the Commission which it has standing to institute under these rules. Source: Oil and Gas Conservation Commission, Practice and Procedure, Code of Colorado Regulations, 2 CCR 404-1, February 2013. RegulationsApplicant
A person who has filed an application for a permit to construct a sour gas pipeline facility, or a representative of that person. Source: Oil and Gas Division, Texas Administrative Code, Title 16, Chapter 3, February 2013. RegulationsVulnerability
Definition(s)
Vulnerability
Flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's integrity or security policy [11]. Source: DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardVulnerability
A weakness that can be exploited by a threat to gain access to an asset. Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global StandardsVulnerability
A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized. Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsVulnerability
An object, condition or circumstance with the potential for an adverse, harmful or damaging outcome. Vulnerability is a general expression for more specific terms such as a hazard, effect, impact or threat related to activities, assets or projects. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global StandardsVulnerability
Weakness of an asset or control that can be exploited by one or more threats. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global StandardsVulnerability
[Vulnerability shall be considered in the analysis and] is defined as any weakness that can be exploited by a threat in order to gain access to an asset and to succeed in a malevolent act against that asset. Vulnerability is determined by evaluating the inability to Deter, Detect, Delay, Respond to, and Recover from a threat in a manner sufficient to limit the likelihood of success of the threat, or to reduce the impacts of the event through such measures as interdiction, response, suppression of effects, emergency management, and resilience.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsVulnerability
A weakness that can be exploited by a threat to gain access to an asset, to include building characteristics, equipment properties, personnel behavior, locations of personnel, equipment, or operational and personnel practices.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsVulnerability
Weakness of an asset or control that can be exploited by a threat. [ISO/IEC 27000:2009] Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global StandardsVulnerability
Physical feature or operational attribute that renders an entity, asset, system, network, or geographic area open to exploitation or susceptible to a given hazard Sample Usage: Installation of vehicle barriers may remove a vulnerability related to attacks using vehicle-borne improvised explosive devices. Extended Definition: characteristic of design, location, security posture, operation, or any combination thereof, that renders an entity, asset, system, network, or geographic area susceptible to disruption, destruction, or exploitation. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceVulnerability
Any weakness that can be exploited by an adversary to gain access or cause damage to an asset.- Note: Vulnerabilities include asset characteristics, equipment properties, personnel behaviour, locations of people, equipment, buildings, and operational and personnel practices.
Vulnerability
Intrinsic properties of something resulting in susceptibility to a risk source (3.5.1.2) that can lead to an event with a consequence (3.6.1.3). Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Tolerance
Definition(s)
Risk tolerance
Organization’s readiness to bear the risk after risk treatment in order to achieve its objectives Note 1 to entry: Risk tolerance can be influenced by legal or regulatory requirements. Note 2 to entry: Qualitative or quantitative criteria can be used to help the organization decide if a risk is tolerable [SOURCE: ISO Guide 73:2009, 3.7.1.3, modified – Note 2 to entry has been added.] Source: ISO 17776:2016, Petroleum and natural gas industries — Offshore production installations — Major accident hazard management during the design of new installations, Second Edition, December 2016. Global StandardsRisk tolerance
Degree to which an entity, asset, system, network, or geographic area is willing to accept risk.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsRisk tolerance
Definition: degree to which an entity, asset, system, network, or geographic area is willing to accept risk. Sample Usage: After a disaster, a community’s risk tolerance may decrease. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceRisk tolerance
Organization's or stakeholder's (3.2.1.1) readiness to bear the risk (1.1) after risk treatment (3.8.1) in order to achieve its objectives. NOTE Risk tolerance can be influenced by legal or regulatory requirements. Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Source
Definition(s)
Risk source
Element which alone or in combination has the intrinsic potential to give rise to risk (1.1). NOTE A risk source can be tangible or intangible. Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Sharing
Definition(s)
Risk sharing
Form of risk treatment (3.8.1) involving the agreed distribution of risk (1.1) with other parties. NOTE 1 Legal or regulatory requirements can limit, prohibit or mandate risk sharing. NOTE 2 Risk sharing can be carried out through insurance or other forms of contract. NOTE 3 The extent to which risk is distributed can depend on the reliability and clarity of the sharing arrangements. NOTE 4 Risk transfer is a form of risk sharing. Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Reporting
Definition(s)
Risk reporting
Form of communication intended to inform particular internal or external stakeholders (3.2.1.1) by providing information regarding the current state of risk (1.1) and its management. Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Profile
Definition(s)
Risk Profile
Description and/or depiction of risks to an entity, asset, system, network, or geographic area. Sample Usage: A risk profile for a plant may address risks such as structural failure, mechanical malfunction, and insider threat. Annotation: A risk profile can be derived from a risk assessment; it is often used as a presentation tool to show how risks vary across comparable entities. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceRisk profile
Description of any set of risks (1.1). NOTE The set of risks can contain those that relate to the whole organization, part of the organization, or as otherwise defined. Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Perception
Definition(s)
Risk perception
Subjective judgment about the characteristics and/or severity of risk. Sample Usage: Fear of terrorist attacks may create a skewed risk perception. Annotation: Risk perception may be driven by sense, emotion, or personal experience. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceRisk perception
Stakeholder's (3.2.1.1) view on a risk (1.1). NOTE Risk perception reflects the stakeholder's needs, issues, knowledge, belief and values. Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Owner
Definition(s)
Risk Owner
Person or entity with the accountability and authority to manage a risk (1.1). Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Owner
Person or entity with the accountability and authority to manage a risk [SOURCE: ISO Guide 73:2009] Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global StandardsRisk Matrix
Definition(s)
Risk Matrix
Tool for ranking and displaying components of risk in an array. Risk matrices are user defined.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global StandardsRisk Matrix
Tool for ranking and displaying components of risk in an array. Sample Usage: The security staff devised a risk matrix with the likelihoods of various threats to the subway system in the rows and corresponding consequences in the columns. Annotation: A risk matrix is typically displayed in a graphical format to show the relationship between risk components. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceRisk Matrix
Tool for ranking and displaying risks (1.1) by defining ranges for consequence (3.6.1.3) and likelihood (3.6.1.1). Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Management Process
Definition(s)
Risk Management Process
Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring (3.8.2.1) and reviewing risk (1.1). Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Management Process
Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk. [SOURCE: ISO Guide 73:2009]- Note 1 to entry: ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.
Risk Management Policy
Definition(s)
Risk management policy
Statement of the overall intentions and direction of an organization related to risk management (2.1). Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Management Plan
Definition(s)
Risk Management Plan
Document that identifies risks and specifies the actions that have been chosen to manage those risks. Sample Usage: Businesses often have a risk management plan to address the potential risks that they might encounter. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceRisk Management Plan
Scheme within the risk management framework (2.1.1) specifying the approach, the management components and resources to be applied to the management of risk (1.1). NOTE 1 Management components typically include procedures, practices, assignment of responsibilities, sequence and timing of activities. NOTE 2 The risk management plan can be applied to a particular product, process and project, and part or whole of the organization. Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Management Framework
Definition(s)
Risk management framework
Set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring (3.8.2.1), reviewing and continually improving risk management (2.1) throughout the organization. NOTE 1 The foundations include the policy, objectives, mandate and commitment to manage risk (1.1). NOTE 2 The organizational arrangements include plans, relationships, accountabilities, resources, processes and activities. NOTE 3 The risk management framework is embedded within the organization's overall strategic and operational policies and practices. Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Management Audit
Definition(s)
Risk management audit
Systematic, independent and documented process for obtaining evidence and evaluating it objectively in order to determine the extent to which the risk management framework (2.1.1), or any selected part of it, is adequate and effective. Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global StandardsRisk Identification
Definition(s)
Risk Identification
Process of finding, recognizing, and describing potential risks. Sample Usage: During the initial risk identification for the facility's risk assessment, seismic events were chosen as scenarios to consider because of their potentially high consequences. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceRisk Identification
Process of finding, recognizing and describing risks. [SOURCE: ISO Guide 73:2009]- Note 1 to entry: Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
- Note 2 to entry: Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders’.