Please enable JavaScript.
Coggle requires JavaScript to display documents.
4.5 Tools for Thinking about safety Important - Coggle Diagram
4.5
Tools for Thinking about safety
Important
Approaches to Safety
Reactive
Respond when an incident or accident occurs (hopefully with the intent of avoiding a recurrence).
This is the oldest approach, but it is still important that accidents, incidents and excessively frequent occurrences are investigated.
Proactive
Put in place the technology, processes and/or operating procedures that seek to prevent accidents
This was a key advance on the reactive approach. It continues to be important, especially given that in many cases both the potential causes of accidents, and the measures needed to prevent accidents, are already known.
Predictive
Through analysis, identify specific combinations of factors and circumstances that lead to accidents, and aim to eliminate these.
This is the newest approach, and provides insight into both non-obvious and emergent safety issues, and enables suitably targeted and creative responses to these.
Organizational safety is highly influenced by:
Human factors
Safety management
Technology
The net result should be the right people, doing the right things, in the right place, using the right tools, in the right way, at the right time.
Socio-technical approach
Socio-technical systems theory recognises that the design and performance of an organisation can only be understood in terms of the interaction between the social and technical aspects of the organisation.
safety management must seek to identify, optimise and deploy the organisation’s socio-technical system in order to be effective.
in other terms, the socio-technical hexagon could be a powerful tool to improve the safety management system
William Gale Lecture
Socio-technical systems bridge the gap between the social aspects and technical aspects of organizational safety
The socio-technical hexagon vertices
Goals, vision and values
Technology
People
Buildings and infrastructure
Culture
Processes and procedures
The organisation does not exist in isolation from its external environment. Therefore, surrounding the sociotechnical hexagon are the organisation's external interfaces. Particularly relevant to safety are the following
features.
external stakeholders
the regulatory frameworks
economic circumstances
Analysing the socio-technical system
A systematic Ten steps approach to analyze the interactions between the Six elements of the socio-technical hexagon
Identify interactions between the socio-technical system and the broader environment.
Identify and map relationships between factors.
Identify and superimpose key system factors on the hexagon.
Fill in any gaps apparent in the hexagon.
Analyse and classify data.
Add any additional factors that emerge during analysis.
Gather data from internal and external documents, and people
Place on a timeline (if appropriate).
Test the analysis and interpretation on stakeholders, then correct and refine.
Use the finished system to generate inferences.
The 5M Model
Cusick et al., 2017, ch.2
Human
The capabilities and attitudes of human participants in an activity.
Machine
The engineering aspects of the activity.
Medium
The environment in which an activity occurs.
Management
The leadership of the activity.
Mission
The purpose of an activity.
The SHEL Model
Hardware
e.g. physical side of engineering such as human to machine interface
Environment
e.g. social, economic and natural environment
Software
e.g. rules, procedures and software
Liveware
e.g represent people participating in the activity
Swiss Cheese Model
James Reason
When thinking about accident causation, the Swiss cheese model (SCM), developed by James Reason, is a simple but extremely powerful model.
the Swiss cheese model helps us to think about how accidents happen, and how they could be prevented
The connections between hazards and losses
for hazards to turn into an accident, it must go through the lined up holes (failures) in the layers of defense (the swiss cheese layers)
Types of holes (failures)
Active failures
those with an immediate adverse effect on safety. Often these are unsafe acts, i.e.
errors
or
violations
by one or more people involved in the system.
Errors
are unintentional, and there are a few different types:
Mistakes in the design/selection of an intended action
Rule-based
1 more item...
Knowledge-based
1 more item...
Skill-based errors in how actions are executed:
Slips
Lapses
Violations
are the deliberate flouting of rules or procedures
Only rarely are violations a deliberate attempt to cause harm.
Individuals who are accustomed to doing a job in a certain way may not see the point and/or value of new safety rules imposed on them.
Individuals can underestimate the potential safety consequences of a violation.
The system might be designed such that it is impossible to do the assigned job in the specified time period and so individuals feel they have no choice but to violate safety rules.
Types
Situational
rules or procedures are difficult or impossible to implement in a particular situation
Exceptional
an individual makes the violation as part of an attempt to solve a problem in a novel way.
Routine
because flouting rules or procedures has become the norm
Latent failures
less than adequate features of the system, which remain present for an extended period (sometimes many years)
Examples
poor strategic decisions within the organisation
poor engineering and/or operational design
procedures that are unworkable or outdated
inadequate supervision
undetected manufacturing or maintenance errors.
Use in conjunction with the ICAO SMS levels figure 1 in:
https://www.researchgate.net/publication/351023337_Predictive_Safety_Management_System_Development
Reason's generic categories of defences
give alarms and warnings
restore the system to a safe-state after an upset
provide guidance on safe operation
interpose safety barriers (e.g. procedural, software or hardware barriers) between hazards and losses
create understanding and awareness of hazards
contain and eliminate hazards that escape barriers
provide escape and rescue from the situation.
Defence in depth
consists of multiple layers of defence, independent of each other, so that penetration of one layer of defence will be blocked at the next layer. Defence in depth requires:
Redundancy: failure of one layer of defence cannot cause an accident, and there are many layers of defence. You will learn more about designing in redundancy in the next lesson.
Diversity: there should be a wide variety of types of defence.
The Domino Model
a series of dominoes, each of which represents a step in accident causation. Similarly to a domino run, knocking over one of the dominoes causes all of the other dominoes to fall sequentially, resulting in an accident
domino models are, by nature, one dimensional, and can’t portray multi-factorial events.