4.5 Tools for Thinking about safety Important

4.5
Tools for Thinking about safety
Important

Approaches to Safety

Reactive

Proactive

Predictive

Organizational safety is highly influenced by:

Human factors

Safety management

Technology

Respond when an incident or accident occurs (hopefully with the intent of avoiding a recurrence).

Put in place the technology, processes and/or operating procedures that seek to prevent accidents

This is the oldest approach, but it is still important that accidents, incidents and excessively frequent occurrences are investigated.

This was a key advance on the reactive approach. It continues to be important, especially given that in many cases both the potential causes of accidents, and the measures needed to prevent accidents, are already known.

Through analysis, identify specific combinations of factors and circumstances that lead to accidents, and aim to eliminate these.

This is the newest approach, and provides insight into both non-obvious and emergent safety issues, and enables suitably targeted and creative responses to these.

The net result should be the right people, doing the right things, in the right place, using the right tools, in the right way, at the right time.

Socio-technical approach

Socio-technical systems theory recognises that the design and performance of an organisation can only be understood in terms of the interaction between the social and technical aspects of the organisation.

safety management must seek to identify, optimise and deploy the organisation’s socio-technical system in order to be effective.
in other terms, the socio-technical hexagon could be a powerful tool to improve the safety management system

William Gale Lecture

Socio-technical systems bridge the gap between the social aspects and technical aspects of organizational safety

The socio-technical hexagon vertices

Goals, vision and values

Technology

People

Buildings and infrastructure

Culture

Processes and procedures

The organisation does not exist in isolation from its external environment. Therefore, surrounding the sociotechnical hexagon are the organisation's external interfaces. Particularly relevant to safety are the following
features.

external stakeholders

the regulatory frameworks

economic circumstances

Analysing the socio-technical system

A systematic Ten steps approach to analyze the interactions between the Six elements of the socio-technical hexagon

Identify interactions between the socio-technical system and the broader environment.

Identify and map relationships between factors.

Identify and superimpose key system factors on the hexagon.

Fill in any gaps apparent in the hexagon.

Analyse and classify data.

Add any additional factors that emerge during analysis.

Gather data from internal and external documents, and people

Place on a timeline (if appropriate).

Test the analysis and interpretation on stakeholders, then correct and refine.

Use the finished system to generate inferences.

The 5M Model
Cusick et al., 2017, ch.2

Human

Machine

Medium

Management

Mission

The capabilities and attitudes of human participants in an activity.

The engineering aspects of the activity.

The environment in which an activity occurs.

The purpose of an activity.

The leadership of the activity.

The SHEL Model

Hardware

Environment

Software

Liveware

e.g. rules, procedures and software

e.g. physical side of engineering such as human to machine interface

e.g. social, economic and natural environment

e.g represent people participating in the activity

Swiss Cheese Model
James Reason

When thinking about accident causation, the Swiss cheese model (SCM), developed by James Reason, is a simple but extremely powerful model.

the Swiss cheese model helps us to think about how accidents happen, and how they could be prevented

The connections between hazards and losses

for hazards to turn into an accident, it must go through the lined up holes (failures) in the layers of defense (the swiss cheese layers)

Use in conjunction with the ICAO SMS levels figure 1 in: https://www.researchgate.net/publication/351023337_Predictive_Safety_Management_System_Development

Types of holes (failures)

Active failures

Latent failures

those with an immediate adverse effect on safety. Often these are unsafe acts, i.e. errors or violations by one or more people involved in the system.

less than adequate features of the system, which remain present for an extended period (sometimes many years)

Examples

poor strategic decisions within the organisation

poor engineering and/or operational design

procedures that are unworkable or outdated

inadequate supervision

undetected manufacturing or maintenance errors.

Errors

Violations

are unintentional, and there are a few different types:

Mistakes in the design/selection of an intended action

Skill-based errors in how actions are executed:

are the deliberate flouting of rules or procedures

Only rarely are violations a deliberate attempt to cause harm.

Slips

Lapses

Rule-based

Knowledge-based

mistakes involve failure to apply the right rule (similar to a violation, but unintentional)

mistakes occur when an individual or team has to come up with their own solution to a problem, because there are no rules or procedures to fit the situation at hand and the solution chosen is unsuitable

Individuals who are accustomed to doing a job in a certain way may not see the point and/or value of new safety rules imposed on them.

Individuals can underestimate the potential safety consequences of a violation.

The system might be designed such that it is impossible to do the assigned job in the specified time period and so individuals feel they have no choice but to violate safety rules.

Types

Situational

Exceptional

Routine

because flouting rules or procedures has become the norm

rules or procedures are difficult or impossible to implement in a particular situation

an individual makes the violation as part of an attempt to solve a problem in a novel way.

Reason's generic categories of defences

give alarms and warnings

restore the system to a safe-state after an upset

provide guidance on safe operation

interpose safety barriers (e.g. procedural, software or hardware barriers) between hazards and losses

create understanding and awareness of hazards

contain and eliminate hazards that escape barriers

provide escape and rescue from the situation.

Defence in depth

consists of multiple layers of defence, independent of each other, so that penetration of one layer of defence will be blocked at the next layer. Defence in depth requires:

Redundancy: failure of one layer of defence cannot cause an accident, and there are many layers of defence. You will learn more about designing in redundancy in the next lesson.

Diversity: there should be a wide variety of types of defence.

The Domino Model

a series of dominoes, each of which represents a step in accident causation. Similarly to a domino run, knocking over one of the dominoes causes all of the other dominoes to fall sequentially, resulting in an accident

domino models are, by nature, one dimensional, and can’t portray multi-factorial events.