Join us for the PhD thesis defence of Svana Helen Björnsdóttir on "Risk Analysis Applied to Integrate Safety and Security into Systems Design," supervised by Dr Páll Jensson, Professor Emeritus at Reykjavík University.

Student: 

• Svana Helen Björnsdóttir 

Supervisor: 

• Páll Jensson, Ph.D., Professor Emeritus, Reykjavík University

Committee:

• Ioannis M. Dokas, PhD., Assistant Professor, Democritus University of Thrace, Greece
• Nancy G. Leveson, PhD., Professor, Massachusetts Institute of Technology, USA
• Robert Jan de Boer, PhD, Professor, SDO University of Applied Sciences, The Netherlands
• Þorgeir Pálsson, PhD., Professor Emeritus, Reykjavik University, Iceland

Examiners:

• Floris Goerlandt, Ph.D., Associate Professor, Dalhousie University, Canada
• Gunnar Stefánsson, Ph.D., Professor, University of Iceland, Iceland

Research Council Representative:

• Professor Jónas Þór Snæbjörnsson, Reykjavík University

Abstract:

The overall aim of this PhD thesis is to contribute to the further development of the research area of risk analysis and risk management. It aims to bridge the gap between scientific research in this area and its practical application in industry and business, e.g., through the development of ISO standards. Industrial standards, notably ISO standards, are the tools organizations use to manage their risk, by following their guidance and complying with their requirements. Organizations confirm their compliance with these standards through certification, which means that they heavily depend on the quality of the ISO standards to enable them to effectively manage risk.

In this thesis, the scientific foundation of ISO standards is analyzed, focusing on the guidance provided for key elements of risk management. The research also explores how well ISO standards are aligned with state-of-the-art risk management literature. The research reveals that the ISO standards lack uniformity in risk terminology and guidance on risk management, particularly for risk analysis. As a result, it is expected that risk management, and specifically the analysis of risk, is not executed satisfactorily. Therefore, it is hypothesized that certain flaws in risk management will be evident in practice. This is verified through six real-life case study examples.

Part of this thesis work involved developing a two-step benchmarking model to assess the efficacy of ISO risk management systems with the aim of finding hidden risk issues and improvement opportunities. Furthermore, it is investigated whether risk analysis can be improved by using new and improved analysis techniques to identify hazards and threats. The thesis explores the application of recent analysis techniques that are based on systems theory to reinforce risk management systems based on ISO standards. Systems-Theoretic Accident Model and Processes (STAMP), and the derived Systems-Theoretic Process Analysis (STPA) and Systems-Theoretic Early Concept Analysis (STECA) are applied in real case studies and in an early phase of a major national infrastructure project to meet the safe-by-design engineering concept. The main contribution of this Ph.D. thesis is the identification of what is missing in ISO standards regarding risk management and the development of a two-step benchmarking model to assess the efficacy of ISO risk management systems. The research demonstrates how it is possible to improve risk identification and risk analysis with STAMP, STPA, and STECA techniques. To facilitate such analysis, a special STAMP/STPA software was developed as a part of this thesis work.