FPEeXTRA Issue 84


Francisco Joglar, PhD, PE & Victor Ontiveros, PhD

View full PDF here

In 2022, the SFPE Risk Task Group completed the development of the 2nd Edition of the SFPE Engineering Guide to Fire Risk Assessment. Starting in November 2022, the 2nd Edition was available in print and digital format and is part of Springer's SFPE Series of publications. This article outlines some of the new material in the 2nd Edition.

A second edition is needed because research and practical experience related to fire risk assessment advanced substantially over the subsequent decade. SFPE has been monitoring this progress, and the SFPE Task Group has revised the Guide. The Guide builds on the topics in the 1st Edition by providing a broader discussion of identifying fire hazards and fire scenarios and a detailed quantitative and qualitative risk estimation methodology. It also includes a comprehensive and practical process for uncertainty and sensitivity analysis. Finally, it consists of a more extensive discussion of additional items in the risk management process, such as risk communication, residual risk management, and risk monitoring. 

About Risk And Fire Risk Assessment

The Guide defines risk, fire risk, and fire risk assessment. Specifically, it defines risk as the potential for the realization of unwanted adverse conditions, considering scenarios and their associated likelihoods and consequences. It can be defined as a quantitative or qualitative measure of fire incident loss potential for fire protection engineering applications in event likelihood and aggregate consequences. 

Fire risk assessment is the process of estimating and evaluating risks associated with fires affecting buildings, facilities, or processes. The method includes evaluating relevant fire scenarios with associated frequencies and consequences using one or more acceptance criteria. In practice, fire risk assessment is used for:

  • Selecting an appropriate design considering the fire risk and cost associated with various alternatives
  • Managing the fire risk in a building, facility, or process
  • Informing resolutions of a regulatory process, such as evaluating the risk associated with code compliance, determining acceptable configurations in risk-informed/performance-based applications, etc.

In general terms, the risk parameter is measured in 'outcomes per unit of activity,' where the 'outcome' is the potential number of unwanted events (e.g., number of fatalities), and the unit of activity is often a measure of time (e.g., a year).

OVERVIEW of THE Fire Risk Assessment Process in the 2nd Edition of the Guide

The general overview of a fire risk assessment process is captured in the revised Guide, as shown in Figure 1. For clarity purposes, not all the possible interactions between activities are represented. It is expected that a fire risk assessment may have multiple interactions and iterations between tasks that analysts will have to manage as the project progresses and is applied throughout the life of the facility or process for which it is developed. The flowchart covers four distinct phases of a fire risk assessment:

  • Phase 1 – Planning: The first four activities are associated with the planning phase of a fire risk assessment. These activities are intended to define the scope and objectives clearly, collect the information necessary to perform the analysis, identify the risk assessment methods to be used and define the acceptance or tolerance criteria governing the process.
  • Phase 2 – Execution: Following the planning phase, the risk assessment proceeds with the technical work, including a hazards analysis, the definition, characterization of the scenarios, and the risk evaluation. This part of the execution phase is referred to in this Guide as "risk assessment," i.e., the systematic use of information to identify sources and estimate the risk. This phase is identified with a gray box in the flowchart. This process is iterative, as the analysis is expected to identify scenarios in which analytical refinements or design improvements/physical modifications are necessary to reduce risk. Such conditions will unavoidably require a reevaluation of the risk after incorporating the analytical refinements or physical changes.
  • Phase 3 – Risk Communication: Once the risk evaluation process is completed, the next phase in the process is risk communication.
  • Phase 4 – In Service: Residual risk management and monitoring is the fourth and final phase. In this phase, the assumptions and conditions governing the risk are identified and monitored throughout the facility's operational life to identify configurations associated with risk increases that may not be mitigated.


Figure 1: General Overview of the Fire Risk Assessment Process

Risk assessment Method Selection

A new section in the 2nd Edition describes how to select a risk assessment method. The risk assessment method(s) selection relates to the level of detail to which each scenario is described and quantified concerning the level of potential risk. The analysis (i.e., the activities within the assessment where risk is evaluated) can range from qualitative to quantitative, including semi-quantitative approaches. This is governed primarily by the level of perceived risk, which may change as the overall assessment progresses, and by regulatory bodies. In practice, the type of risk-based evaluation and level of detail should depend on the complexity of the risk and the decision-maker's needs. [1] When selecting the type of analysis, it is necessary to consider several factors, including the information available, the complexity of the facility or process under analysis, the potential deviations from code requirements and best practices, and the level of detail necessary to ma a substantiated decision about the tolerability of fire risk(s).

Qualitative analysis refers to the evaluation of risk without explicit numerical quantification. In a qualitative assessment, fire risk is evaluated based on the merits of specific designs versus the postulated potential fire events. Qualitative risk methods may be appropriate for evaluating well-understood conditions associated with simple systems or configurations with established risk levels. 

A semi-quantitative analysis refers to the evaluation of risk with simplified quantitative elements supporting assessment. This approach may be appropriate for evaluating configurations with minor deviations from code requirements or best practices and risk trade-off implications. 

Finally, a quantitative analysis is a complete explicit quantification of frequencies and consequences to produce numerical risk levels. The need for a quantitative assessment often arises when evaluating novel, challenging, or complex configurations with significant risk trade-offs. Additional factors influencing the need for a quantitative analysis include identifying significant uncertainties that need to be rigorously modeled and strong stakeholders' views and perceptions of potential risks. Alternatively, the relevant regulations may mandate a quantitative approach.


Figure 2 depicts an iterative approach in the revised Guide in which the level of detail increases as the level of quantification increases. Notice that the level of effort increases as more quantification is required to support the conclusions. Also, a risk assessment may be developed with a combination of qualitative and quantitative approaches (i.e., semi-quantitative approach) while maintaining the rigor and analysis necessary to reach conclusions. 


Figure 2: Iterative Selection of Fire Risk Assessment (FRA) Approach

Acceptance or Tolerance criteria

The revised Guide discusses establishing acceptance/tolerance criteria. For example, fire risk assessment involves the need to establish a target risk (i.e., a criterion for tolerance or acceptability). The target risk should provide a socially acceptable level of outcome considering stakeholders' perspectives. When considering stakeholders' views, different types of risk are perceived differently, and society prefers varying levels of outcome depending on the risk characteristics. For example, potentially catastrophic risks are perceived differently than less severe ones. An occupancy where hundreds of people are at risk due to a single fire is perceived differently than an occupancy where only one person is at risk due to a single fire. 

The RISK Matrix

A common approach for representing a risk assessment is using a risk matrix. A risk matrix is also often used to summarize stakeholders' viewpoints on risk levels (e.g., the combination of high consequence-low probability events). In addition, it is an effective visual tool for communicating risk and serves as a basis for decision-making in fire risk assessment. The revised Guide provides guidance on this topic.

The risk matrix has likelihood (typically frequency or sometimes probability) on one axis and consequences on the other axis. Both the frequency and consequences are classified into categories.

Frequencies and consequences governing the risk are threshold levels for decision-making purposes and are independent of the fire protection system and features governing the risk of individual scenarios. The risk of each of the scenarios included in the risk assessment is determined considering the fire protection system and applicable features. Such systems and features provide the level of safety as expressed by its corresponding risk compared to the risk levels in the matrix for tolerability and acceptability decisions. 

This is an element of fire risk assessment where the 2nd Edition of the Guide was expanded significantly. The revised Guide provides a number of specific examples of qualitative and quantitative risk matrices and acceptability criteria that can be used in practical applications. This includes the definition of frequency and consequence levels in qualitative and quantitative terms that allow for a comprehensive process for characterizing the different fire scenarios identified throughout the building or facility within the scope of the analysis.   

Fire Risk Estimation

Risk estimation describes how the frequency and consequences for each fire scenario are developed and then combined to characterize the risk that will be used for decision-making. The revised Guide covers this in both qualitative and quantitative terms that follow a systematic process that can be reviewed and reproduced to support risk-based decision-making for engineering solutions. The revised Guide also includes qualitative and quantitative examples developed with realistic numerical values and practical approaches. 

The risk estimation process generally produces a table or list of fire scenarios with the corresponding frequency and consequence assessments and their corresponding risk estimates. The fire scenario's frequency and consequence are evaluated in levels corresponding to a risk matrix. This requires identifying and characterizing the factors affecting fire scenario likelihood and the corresponding consequences using a structured, systematic approach that can be reviewed, reproduced, and maintained.

Risk Evaluation

Risk evaluation and acceptability refers to comparing the assessed risk for an individual or a group of scenarios with an acceptance criterion typically defined in the risk matrix and agreed upon by stakeholders. The revised Guide provides additional discussion on this topic and describes how risk could be evaluated against a reference value of individual and societal risk derived for a code-compliant building, facility, or process. In this case, the resulting risk should not exceed the reference value, which is implicitly considered acceptable based on code compliance or using the ALARP principle. The comparison is represented as a decision point in the process of determining if the risk associated with a given scenario(s) is "acceptable" or "tolerable." The risk evaluation process can lead to the following:

  • The assessed risk is low enough that further analysis and refinements are not warranted.
  • The assessed risk is understood to be a conservative estimate suggesting that further analysis, such as incorporating available fire protection alternatives or removing conservatisms, should be considered before a final decision.
  • The assessed risk reflects a detailed analysis of most conservatisms refined to the extent practical. In this case, risk values exceeding the acceptability thresholds may indicate that modifications or improvements in the fire protection strategy are necessary to improve safety.

In practice, the above outcomes are the basis for the iterative nature of the risk evaluation process. Typically, the initial stages often consist of using easily obtained inputs and may ignore risk-influencing factors that may reduce risk to simplify obtaining preliminary results. This early stage suggests which scenarios have low risk with a relatively small analytical effort, reducing the number of scenarios necessary for further analysis. 

Sensitivity and Uncertainty Analysis

Applying a fire risk assessment requires simplifying assumptions, using limited data, elicitation of engineering judgment, and using analytical or empirical models. In addition, sometimes conservative assumptions and input variables are used to ensure a margin of safety in the results (e.g., an AHJ may prefer or request an analysis based on reasonable worst-case conservatism rather than assessing realistic risk results). These elements unavoidably introduce uncertainties into the analysis. The revised Guide provides comprehensive steps that focus on sensitivity and uncertainty analysis that is necessary to assess the impact of these analytical decisions on the study results so that conclusions and recommendations are made considering their effects. 

A sensitivity and uncertainty analysis may provide valuable input into how a specific design or procedure could influence fire safety for new designs. For existing designs, a sensitivity and uncertainty analysis can help determine which systems need to be monitored to ensure the risk assessment results are maintained to preserve the estimated levels of risk. It can also assist in risk-informing procedure changes and modifications associated with the facility operation.

Although this step is often performed in the analysis's final stages, identifying and characterizing sources of uncertainty should be part of the risk assessment development process. 

Documentation & Risk Communication

Once the evaluation process is completed, the risk assessment should be adequately documented and communicated to the stakeholders so it can be maintained and monitored throughout the facility's life cycle. The revised version of the Guide provides the engineer with guidance on documenting and communicating risk. It outlines the important elements of the analysis that should be documented and communicated appropriately to the corresponding stakeholders.

This documentation is the basis for communicating risk in contributing scenarios, associated fire hazards, and the fire protection features protecting against those hazards. It also establishes the monitoring program, key assumptions, and fire protection features identified in the assessment.

Residual Risk management and Monitoring

Following the implementation of the selected design option, the residual risk needs to be managed, and the risk assessment should be routinely monitored to ensure its applicability. A new section of the Guide discusses why this is important. For example, residual risk management relates to what to do with the risk level resulting from the analysis, accept it as it is, transfer it or reduce it further. At the same time, risk monitoring refers to identifying risk-contributing elements to ensure that the risk estimates are maintained over time as conditions in the building or facility change.


Francisco Joglar, PhD, PE & Victor Ontiveros, PhD are with Jensen Hughes