Oil and gas

Risk criteria – how safe is safe enough?

Promising forecast for global offshore wind

Contact us:

John Spouge

John Spouge

Senior Principal Consultant

“Risk criteria”, “risk acceptance criteria”, “acceptability criteria”, “tolerability limits”, “target levels of safety” … Subtle differences between these terms make the subject seem complex but, in my view, they are almost interchangeable. They are all types of risk criteria.

Published: 18 October, 2017

ISO [1] defines risk criteria as “terms of reference against which the significance of a risk is evaluated”. In other words, risk criteria help answer the question, “How safe is safe enough?”.

A general framework for risk criteria
Risks tend to be complex and uncertain, so it is usually impractical to split them simply into “acceptable” and “unacceptable”. There is a spectrum, in which higher risks need more stringent control. Risk criteria therefore typically split the risk spectrum into regions, each calling for different types of response. Unfortunately, different decision-makers use different terminology for each region, as well as different numerical values for the borders between them.

One common approach, following influential work by HSE [2], is to divide risks into three regions. In the highest region, risks are “unacceptable”; in the lowest they are “acceptable”; and in between there is region where risk reduction is desirable. British law requires risks to be reduced to a level that is “as low as reasonably practicable”, so this is known as the ALARP region [3].

20171018_Risk criteria – how safe is safe enough 770x255pxl

In DNV’s recent work for the European Commission [4] we inverted this pyramid so that it had a wide green base and a narrow red top. This acknowledges that acceptable risks are common while unacceptable risks are extremely rare. The impression is different but the principles remain the same.

Risk criteria pin down the boundaries of these regions. Three regions require two criteria (the upper and lower criteria on the figure above).

Types of risk criteria
The framework above is very general, and allows risk criteria to vary widely in form. In fact, for every metric that can be used to describe a risk, there are corresponding risk criteria. For example, we distinguish the following types of risk criteria:

Risk matrix criteria – showing the acceptable regions on a matrix of accident frequency (or probability) and consequence (or severity). The figure below shows a 3×3 matrix, but many variants are used.

20171018_Risk criteria – how safe is safe enough 576x537pxl

Individual risk criteria – defining the acceptable level of risk of death to an individual. The figure below shows commonly used criteria.

20171018_Risk criteria – how safe is safe enough 770x374pxl

Societal risk criteria – defining the acceptable level of risk of death to the whole exposed population. These often apply to frequency-fatality (FN) curves. The figure below shows example criteria, but different values may be needed for each different application.

20171018_Risk criteria – how safe is safe enough 660x771pxl

Cost-benefit criteria – defining the acceptable cost of risk reduction measures in a cost-benefit analysis (CBA). These do not evaluate the significance of risks directly, and hence are not strictly risk criteria at all. Yet they do evaluate the need for risk reduction, and are closely connected to risk criteria.

Qualitative risk criteria – defining the conditions under which a risk is accepted in any qualitative way. These may include following codes and standards; safety management controls; conditions under which risk reduction measures are required, etc.

Setting risk criteria
Different organisations use different types of risk criteria, and set them at different levels. In our recent work for the European Maritime Safety Agency [5] we compared the criteria that are used in different industries.

How should an organisation wishing to set its own criteria decide which ones to use? A simple solution would be to choose from criteria used by others.

It is also possible to develop them from first principles. As part of an effort to harmonise risk criteria for the transport of dangerous goods across Europe [4], we proposed a set of general principles that could be followed.

Ultimately, the values of the numerical criteria represent the organisation’s own judgement as to what risk is acceptable. This can be guided but not determined by technical advice.


[1] International Organization for Standardization (2009), “Risk Management – Vocabulary”, Guide 73:2009.

[2] Health and Safety Executive, “The Tolerability of Risk from Nuclear Power Stations”, 1992.

[3] Health and Safety Executive, “ALARP at a glance“.

[4] DNV (2014), “Harmonised Risk Acceptance Criteria for Transport of Dangerous Goods”, Report for European Commission DG-MOVE.

[5] DNV (2015), “Risk Acceptance Criteria and Risk-Based Damage Stability. Final Report, part 1: Risk Acceptance Criteria”, Report for European Maritime Safety Agency.

Contact us:

John Spouge

John Spouge

Senior Principal Consultant