Dealing with uncertainty

Dealing with uncertainty

Achieving conformance usually is a complex process and you may need some means to measure not only what is accepted or rejected but also what is missing or still unknown. In NOR STA you can use assessment scales that allow you to evaluate uncertainty. In particular you can use Dempster-Shafer scale.

We will explain it on an example of a conformance requirement presented in Section 2:

Conformance requirement for system backups

Let’s assume there are four backups that are to be reviewed. The result of a review for two backups is positive, but the third backup was missing (negative result) and the last backup location was not available for the review and the review has not been carried out (no result of the review – uncertainty). We can present this graphically using a color scale.

uncertainty in conformance assessment

 Four reviews were planned, two of them were successful (green color represents positive results), no information is available for one backup (yellow color represents uncertainty) and one review produced negative result as one backup did not been carried out (red color). We use percentage in the evaluation to represent coverage of the requirement satisfaction.

The presented scheme of distinguishing conformance, nonconformity and uncertainty gives precise information about the level of conformance and allows to monitor small changes and progress of the improvement activities. The three-color scheme allows you to communicate the results of assessment in an easy and intuitive way.

This model is based on Dempster-Shafer theory published by Arthur P. Dempster and Glenn Shafer in the 70s. The theory specifies aggregation rules which can be used to calculate the total evaluation result for the conformance goals when we have assessment for the requirements. This allows to report on the current conformance level and its changes.

Conformance evaluation history

Uncertainty is generally present in all conformance projects. We start with a low conformance level and in the course of the project we gain higher and higher level of conformance. Using uncertainty in the evaluation helps us track the progress.

Free NOR-STA DEMO project
for a selected standard

ISO 27001
self-assessment

Contact us to arrange
online NOR-STA presentation