Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(iace): open-source safety KB sources + bp_iace_safety_kb (Thema 2)

Browse Source 
Versioned, license-tagged source docs for the multi-layer GT knowledge base,
ingested into the new core RAG collection bp_iace_safety_kb (whitelisted in
the RAG search handler):
- prism_risk_methodology.md — OPSS PRISM v2 (OGL v3): full severity(4)×
  probability(8) → risk-level matrix (Serious/High/Medium/Low), RAPEX-aligned.
- cobot_biomech_limits.md — CC BY 4.0 papers (Behrens 2022 / Park 2019):
  force (N) & pressure (N/cm²) pain thresholds by body region (the data behind
  ISO/TS 15066, cited from the open papers — standard tables NOT reproduced).
- hse_example_risk_assessments.md — HSE (OGL v3): qualitative hazard→control.
- osha_robot_safety.md — OSHA OTM (public domain): 250 mm/s teach anchor,
  robot hazard taxonomy, safeguarding hierarchy.

No DIN/EN/ISO/IEC/DGUV content reproduced; each doc states its license + attribution.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-11 19:46:57 +02:00
parent b4981ea9ab
commit b0ceae4350
5 changed files with 333 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ai-compliance-sdk/internal/iace/datasources/prism_risk_methodology.md
+107
View File
@@ -0,0 +1,107 @@
# PRISM — Product Safety Risk Assessment Methodology (severity × probability matrix)
Canonical, citable source document for the IACE severity/probability risk-matrix
anchors. PRISM gives a complete, openly-licensed severity-of-harm × probability
risk-rating method that maps directly onto the IACE S (severity) and W
(frequency/probability) tiers and the four-level risk output.
## Source
- **Source:** UK Office for Product Safety & Standards (OPSS), Dept. for Business & Trade
- **Doc:** Product Safety Risk Assessment Methodology (PRISM), *A Guide for GB Market Surveillance Authorities*, Version 2.0, October 2024 (52 pp.)
- **License:** Open Government Licence v3.0 (OGL v3) — reuse permitted with attribution
- **Attribution:** `Source: OPSS, PRISM v2.0 (Oct 2024), © Crown copyright, licensed under the Open Government Licence v3.0`
- **Retrieved:** 2026-06
- **URL (guidance):** https://www.gov.uk/guidance/product-safety-risk-assessment-methodology-prism
- **URL (PDF):** https://assets.publishing.service.gov.uk/media/66fd385ae84ae1fd8592ec93/prism-guidance-v02.pdf
**Safety Gate / RAPEX alignment:** PRISM is the GB revision of the EU Safety Gate
(RAPEX) risk-assessment guidance (Commission Implementing Decision (EU) 2019/417).
It retains the same severity×probability structure and the same four resulting
risk levels (Serious / High / Medium / Low), so the matrix below is broadly
interoperable with the EU Safety Gate methodology.
## Risk-assessment model
Risk = f(severity of harm, probability of harm). The assessor builds one or more
**harm scenarios** (35 steps: hazard exists → exposure occurs → exposure causes
harm), then determines (v) severity and (vi) probability and reads off the risk
level. The four output risk levels are **Serious, High, Medium, Low**.
### Severity-of-harm levels (PRISM Table 2)
Four levels, by reversibility and treatment required. (Descriptions distilled; the
standard's full clinical example lists are not reproduced.)
| Level | Description (severity of harm) |
|---|---|
| 1 | Minor: after basic first aid does not substantially hamper functioning or cause excessive pain; consequences usually fully reversible. |
| 2 | Moderate: A&E visit may be needed, hospitalisation generally not; functioning affected for a limited period (≤ ~6 months), recovery more or less complete. |
| 3 | Serious: normally requires hospitalisation; affects functioning for > 6 months or causes permanent loss of function. |
| 4 | Critical/fatal: is or could be fatal (incl. brain death); reproductive harm; severe loss of limbs/function (> ~10% disability). |
Each level also carries a "potential for multiple casualties?" (Yes/No) flag.
### Probability-of-harm bands (PRISM Table 3, row axis)
Probability that the harm scenario materialises over the product lifetime, in
eight bands. Per-step probabilities are multiplied to give the overall figure.
| Band | Probability over product lifetime |
|---|---|
| 1 | > 50 % |
| 2 | > 1 in 10 |
| 3 | > 1 in 100 |
| 4 | > 1 in 1,000 |
| 5 | > 1 in 10,000 |
| 6 | > 1 in 100,000 |
| 7 | > 1 in 1,000,000 |
| 8 | < 1 in 1,000,000 |
### Risk matrix — single item (PRISM Table 3)
Severity (column) × probability (row) → risk level.
| Probability ↓ \ Severity → | Level 1 | Level 2 | Level 3 | Level 4 |
|---|---|---|---|---|
| > 50 % | High | Serious | Serious | Serious |
| > 1 in 10 | Medium | Serious | Serious | Serious |
| > 1 in 100 | Medium | Serious | Serious | Serious |
| > 1 in 1,000 | Low | High | Serious | Serious |
| > 1 in 10,000 | Low | Medium | High | Serious |
| > 1 in 100,000| Low | Low | Medium | High |
| > 1 in 1,000,000 | Low | Low | Low | Medium |
| < 1 in 1,000,000 | Low | Low | Low | Low |
### Population escalation — all items in use (PRISM Table 4)
Single-item risk can escalate by the number of items in the field (population risk).
| Items in use ↓ \ single-item risk → | Low | Medium | High | Serious |
|---|---|---|---|---|
| > 1m | High | Serious | Serious | Serious |
| > 500k | Medium | High | Serious | Serious |
| > 100k | Medium | High | High | Serious |
| ≤ 100k | Low | Medium | High | Serious |
(For ≤ 100k the mapping is constant: Low→Low, Medium→Medium, High→High, Serious→Serious.)
After rating, the assessor records an **uncertainty level** (low/medium/high) and
may run a sensitivity analysis by varying severity, probability or item count.
## How these are used in IACE
1. **Tier definition (S × W):** the four severity levels map to the IACE **S**
(severity) tiers and the eight probability bands map to the IACE **W**
(frequency/probability) tiers, giving a defensible, openly-licensed scale.
2. **Risk lookup:** Table 3 anchors the severity×probability → risk-level lookup
in `risk_estimation.go`; the four outputs (Serious/High/Medium/Low) align the
IACE risk categories with the EU Safety Gate scale.
3. **Population escalation:** Table 4 provides the pattern for scaling
single-instance risk by exposure/population where IACE has fleet/installed-base
counts.
4. **Uncertainty:** PRISM's low/medium/high uncertainty + sensitivity-analysis
step backs the IACE confidence flag on each estimate.
No DIN/EN/ISO/IEC risk-graph, decision tree or SIL/PL table is reproduced; the
matrix above is the OGL-v3 PRISM/Safety-Gate matrix only.