The process of determining the likelihood of a threat successfully exploiting vulnerability and the resulting degree of consequences (C) on an asset. A risk assessment provides the basis for rank ordering of risks and thus establishing priorities for the application of countermeasure.
Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards
Risk (R) assessment is the process of determining the likelihood of a threat (T) successfully exploiting vulnerability (V) and the resulting degree of consequences (C) on an asset. A risk assessment provides the basis for rank ordering of risks and thus establishing priorities for the application of countermeasures.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards
The identification and analysis, either qualitative or quantitative, of the likelihood and outcome of specific hazard exposure events or scenarios with judgements of probability and consequences.
Source: API Standards 2217A, Guidelines for Safe Work in Inert Confined Spaces in the Petroleum and Petrochemical Industries, Fourth Edition, July 2009. Global Standards
The identification and analysis, either qualitative or quantitative, of the likelihood and outcome of specific events or scenarios with judgements of probability and consequences.
API RP 2201, Safe Hot Tapping Practices in the Petroleum & Petrochemical Industries, Fifth Edition, July 2003 (Reaffirmed October 2010), Global Standards
API RP 2009, Safe Welding, Cutting, and Hot Work Practices in the Petroleum and Petrochemical Industries, Seventh Edition, February 2002 (Reaffirmed, March 2012), Global Standards
Component of a JSA, where a determination of the expected level (severity) of illness, injury, and/or property damage that an identified hazard can cause is coupled with the frequency (probability) of that level of hazard occurring.
- NOTE: 1 This is then plotted on a matrix to determine the level of risk associated with that job.
- NOTE: 2 If the level of risk is not acceptable, control measures are introduced to reduce the risk to an acceptable level.
Source: API RP 98, Personal Protective Equipment Selection for Oil Spill Responders, First Edition, August 2013. Global Standards
Product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
Sample Usage: The analysts produced a risk assessment outlining risks to the aviation industry.
Extended Definition: appraisal of the risks facing an entity, asset, system, network, geographic area or other grouping
Annotation: A risk assessment can be the resulting product created through analysis of the component parts of risk.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidanc
A process that provides a consistent and comparable evaluation of the relative level of different risks introduced by company activities.
Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global Standards
Overall process of risk identification, risk analysis and risk evaluation.
[SOURCE: ISO Guide 73:2009, 3.4.1]
Source: ISO 16530-1:2017, Petroleum and natural gas industries — Well integrity – Part 1: Life cycle governance, First Edition, March 2017. Global Standards
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Risk assessment includes both qualitative and quantitative risk assessment.
Source: Guidance Notes on Petroleum and Natural Gas (Safety in Offshore Operations) Rules, 2008, Oil Industry Safety Directorate (India), 2012. Regulatory Guidance
The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.
Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4.
Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Risk assessment is the process of estimating the likelihood of an occurrence of specific consequences (undesirable events) of a given severity.
Source: NOPSEMA Guidance note: Risk Assessment, N-04300-GN0165, Australia, Revision 4, December 2012. Regulatory Guidance
Source: NOPSEMA Guidance Note: Control Measures and Performance Standards, N-04300 GN0271, Australia, Revision 3, December 2011. Regulatory Guidance
Overall process of risk analysis and risk evaluation.
Source: ISO 17776:2000, Petroleum and natural gas industries – Offshore production installations – Guidelines on tools and techniques for hazard identification and risk assessment. Global Standards
Source: ISO/IEC Guide 51:1999, Safety aspects – Guidelines for their inclusion in standards, Global Standards
Overall process of risk analysis and risk evaluation.
Other Related Terms and Definitions:
ISO Guide 73 – Overall process of risk analysis and risk evaluation.
ISO-17776 – Overall process of risk analysis and risk evaluation.
Source: International Association of Drilling Contractors, Appendix 2 to Health, Safety and Environment Case Guidelines for Offshore Drilling Contractors, Issue 3.3.2, February 2010. IADC Guidelines
Source: Nova Scotia Offshore Petroleum Occupational Health & Safety Requirements, Canada-Nova Scotia Offshore Petroleum Board, Canada, December 2000. Regulations
Overall process of risk identification (3.5.1), risk analysis (3.6.1) and risk evaluation (3.7.1).
Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global Standards
A risk assessment is a careful examination of what causes harm and an evaluation of precautions that can be taken to prevent harm.
Source: Commercial Diving Projects Offshore, Diving at Work Regulations 1997, Approved Code of Practice (UK HSE L103), First Edition, 1998. Regulatory Guidance
Process that systematically identifies potential vulnerabilities to valuable system resources and threats to those resources, quantifies loss exposures and consequences based on probability of occurrence, and (optionally) recommends how to allocate resources to countermeasures to minimize total exposure.
- NOTE: Types of resources include physical, logical and human.
- NOTE: Risk assessments are often combined with vulnerability assessments to identify vulnerabilities and quantify the associated risk. They are carried out initially and periodically to reflect changes in the organization’s risk tolerance, vulnerabilities, procedures, personnel and technological changes.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard