Welcome to the Safety Artisan!

BREXIT Special – Video & Key Points

“It’s beginning to look a lot like BREXIT! La, La-la, la, la…”

BREXIT Special, Key Points:

  • Introduction. With BREXIT looming, British and Australian professionals may be thinking of working in each other’s countries;
  • Legislation. Our laws, regulations and codes of practice are quite similar;
  • Guidance. Try the UK Health and Safety Executive (HSE) or the Safe Work Australia websites – both are excellent;
  • Jurisdictions. This is complex in a federated state like Australia, so Brits need to do their homework;
  • Regulators. This varies by industry/domain – many are very similar, while some are quite different;
  • Cultural Issues: Australia vs. the UK. Brits and Aussies are likely to feel quite comfortable working in each other’s countries; and
  • Cultural Issues: Australia vs. the EU. There are some commonalities across the EU, but also dramatic differences.

See the ‘BREXIT Special’ full transcript here.

Back to the main WHS Page here | Back to the Home Page here.

BREXIT Special – the Full Transcript

Hello, and welcome to The Safety Artisan, where you will find safety training resources and pragmatic, Professional and impartial advice therein. Well, let’s hope so anyway! It is Christmas Eve, the 24th of December 2019 and I have a special show for you today. What we have is a Brexit Christmas special for you, and the reason for that, as I’m sure you are aware, is events in the UK.

See the 45-minute video and key points here.


This is a free full-length show. I think it’s going to be about 30 minutes just to let you know; in those 30 minutes, we’re going to compare the British and Australian approaches to safety. We’re going to talk about the similarities and differences between Australian and British legislation. On the safety guidance that’s available from the various authorities the different jurisdictions in the UK and Australia. Jurisdiction is not really an issue in the UK but certainly is in Australia, so that’s something we really need to go through.

We’ll talk about regulators and the different approaches to regulation. And, finally, some cultural issues. I may mention the dreaded EU. It’s worth talking a little bit about that too because there are still significant links between the EU and the UK on how safety is done which Australians might find helpful.


Now, where’s Michael Bublé when I need him to sing the song? It says it’s looking a lot like Brexit. With the Conservatives winning in the UK they’ve passed the Brexit act. It looks like it’s finally going to happen. Now whether you think that’s a good idea or not I’m not going to debate that, you’ll be pleased to hear – you’re sick of that, I’m sure.

There are going to be some safety professionals and other engineering professionals who were working in the EU. And who maybe won’t be able to do so easily anymore, and there might be some Brits thinking well maybe this is an opportunity. This is a prompt for me to think about moving to Australia and seeing what life is like there. Conversely, there may be Aussies seeking opportunities in the UK because if the flow of professionally qualified Engineers and so forth from the EU countries dries up or slows down then there might be more opportunity for Aussies. Indeed, the UK has been talking about introducing an Australian-style points-based immigration system. And I think we might see a favourable treaty between UK and Australia before too long.

What have I got to contribute here? I spent quite a few years in the UK as a safety engineer and safety consultant and I worked on a lot of international projects. I worked on a lot of UK procurements of American equipment. And I also worked very closely with German, Italian and Spanish colleagues on the Eurofighter Typhoon for thirteen years on and off. And I have quite a bit of experience of working in Germany and some of working with the French. I’ve got I think quite a reasonable view of different approaches to safety and how the UK differs from and is like our European counterparts.

Also, seven years ago I emigrated to Australia. I went through that points-based process, fortunately with a firm to back me up. I made the transition from doing UK-style safety to Australian-style safety.

Let’s get on with it.

Legislation #1

There are very many similarities between Australian and UK approaches to safety. Australia has learned a lot from the UK and continues to be very close to the UK in many ways, particularly in our style of law and legislation. But there are differences and I’m mainly going to talk about the differences.

First of all in the UK we’ve had the Health And Safety At Work (HSAW) Act around since 1974. That’s the executive Act that sets up the Health and Safety Executive the HSE as a regulator, gives it teeth and enables further legislation and regulations. Now if I was still in the UK, the next thing we would talk about would be in any discussion about health and safety at work would be the ‘six-pack’.

Now, these were six EU directives that the UK converted into UK regulations, as indeed all EU member states were required to. Incidentally, the UK was very successful in influencing EU safety policy, so it’s a bit ironic that their turning their back on that.  What will you find in the six-pack?

First of all, the regulations on management of health and safety at work otherwise known as HSG65 and there’s a lot of good advice in there on how to do risk management that is broadly equivalent, for an Aussie audience, to the Risk Management Code Of Practice: similar things in there that it’s trying to achieve. Then we’ve got the Provision and Use of Work Equipment Regulations or PUWER for short. That says if you provide equipment for workers it’s got to be fit for purpose. Then there are regulations on manual handling, on workplace health safety and welfare, on personal protective equipment at work, and on the health and safety of display screen equipment of the kind that I’m using here and now (I’m sat in my EU-standard computer chair with five legs and certain mandatory adjustable settings).

Now Aussies will be sat there looking at this list thinking it looks awfully familiar. We just package them up slightly differently.

There’s also, it should be said, a separate act called the Control Of Major Accident Hazards or COMAH as it’s known. And that was introduced after the Piper Alpha disaster in the North Sea which claimed 167 lives in a single accident. That covers big installations that could cause a mass-casualty accident. So that’s the UK approach.

Legislation #2

Now the Australian approach is much simpler. The Aussies have had time to look at UK legislation, take the essentials from it and boil it down in into its essence quite cleverly. There is a single Work Health and Safety (WHS) Act, which was signed up in 2011 and came into force on the 1st of January 2012. And there are a single set of WHS Regulations that go hand in hand with the Act.

And they cover a wide spectrum of stuff. A lot of the things in the UK that you would see covered in different acts and different regulations are all covered in one place. Not only does it address, as you would expect, the workplace responsibilities of employers and employees etc., but there are also upstream duties on designers and manufacturers and suppliers and importers and so forth. The WHS act pulls all these things together quite elegantly into one.

It’s a very readable act. I have to say it’s one of the few pieces of legislation that I think a non-lawyer can read and make sense of. But you’ve got to read what it says not what you think it says (just a word of caution).  The regulations cover Major Hazard Facilities, rather like the COMAH regulations, so they’re all included as well.

It’s worth noting that Australian WHS, unlike the UK, does not differentiate between safety and security. If somebody gets hurt, then it doesn’t matter whether it is an accident or whether it was a malicious act. If it happens to a worker, then WHS covers it. And that puts obligations on employers to look after the security of workers, which is an interesting difference, as the UK law generally does not do that. We’re seeing more prosecutions (I’m told by the lawyers) for harm caused by criminal acts than we are yet seeing for safety accidents.

And that’s the act and regulations. And it’s also worth saying that Australia has a system of Codes Of Practice just as the UK has Approved Codes Of Practice. Now that’s all I’m going to say for now. There are other videos and resources on the website that go into the Act and Regulations and COP. I’m going to do a whole series on all those things, unpacking them one by one.

Legislation #3

Let’s think about exceptions for a moment because the way that the UK and Australia do exceptions in their Health and Safety legislation is slightly different. In the UK, the Health and Safety at Work Act explicitly does not apply to ships and aircraft moving under their own power. That’s quite clear. That kind of division does not occur in Australia.

Also, the UK Health and Safety Act does not apply to special forces, or to combat operations by the armed forces, or to the work up to combat operations. Again, those exclusions do not exist in Australia. And then it’s also worth saying there are many other acts enforced by the UK HSE. It’s not just about HSAW, the six-pack and COMAH. There’s a lot of regs and stuff on mining and offshore, etc., you name it. The UK is a complex economy and there are lots of historical laws. Going back up to 100 years. I think the Explosives Act was in 1898, which is still being enforced.

Now Australia has a different approach. They’ve made a clean sweep; taken a very different approach as we’ll see later. And there are only really three explicit exclusions to the Act. It says that WHS doesn’t apply to merchant ships, which are covered by the Occupational Health and Safety (Maritime Industry) Act. So, merchant ships aren’t covered, and WHS doesn’t apply to offshore petroleum installations either. More on that later.

There is a separate act that deals with radiation protection, and that is enforced by the ARPANSA, the Australian Radiation and Nuclear Safety Protection Agency. So, [HSAW and WHS have] a slightly different approach to what is covered and what is not; but very similar in the essentials.

Legislation #4

One of those essentials is the determination of how much safety is enough. In the UK the HSE talks about ALARP and in Australia the Act talks about SFARP. This quote here is directly from the UK HSE website. Basically, it says that ALARP and SFARP are essentially the same things. And the core concept, what is reasonably practicable, is what’s defined in the WHS Act.

Now it’s worth mentioning that the HSE say, this because it was the HSE who invented the term ALARP. If you look in UK legislation you will see the term SFARP, and you’ll see other terms like ‘all measures necessary’. There are various phrases in UK laws to say how much is enough, and the HSE said it doesn’t matter what it says in the law, the test we will use is ALARP and it covers all these things. It was always intended to be essentially the same as SFARP.

Now there is some controversy in Australia about that, and some people think that ALARP and SFARP are different. The truth is that in Australia, as in the UK, some people did ALARP badly. They did it wrong. If you do ALARP wrong, it’s not the same as SFARP, it’s different. But if you’re doing ALARP properly it is the same. Now, there are some people who will die in a ditch in order to disagree with me over that but I’m quoting you from the HSE, who invented the term to describe SFARP.

It’s also worth noting that WHS uses the term SFARP, but the offshore regulator, which is the National Offshore Petroleum Safety and Environmental Management Agency (NOPSEMA), they use the term ALARP, because they’ve got a separate act from WHS for enforcing safety on offshore platforms. But again, even though they’re using ALARP, it’s the same as SFARP, if you look at the way that NOPSEMA explain ALARP.  They do it properly. And it matches up with SFARP, in fact, that NOPSEMA guidance is very good.


We’ll talk more on regulators, but first a little aside and you’ll see why in a moment. Before we can get to talking about regulators, I need to tell you about where you can get guidance in Australia.

Now in the UK, you’ve got the HSE, who is the regulator and they also provide a lot of guidance. Any safety Engineer in the UK will immediately think of a document called R2P2, which is short for ‘Reducing Risk, Protecting People’. That’s an 80-something page document, in which the HSE explain their rationale for how they will enforce safety law and safety regulations and what they mean by ALARP and so on. There’s also a lot of guidance on their website as well, which is excellent and available under a Creative Commons licence so you can do an awful lot with it.

In Australia, it’s a little bit more complex than that. The WHS act was drafted by Safe Work Australia, which is a statutory agency of the government. It’s not a regulator, but it was the SWA who developed the Model WHS Act, the Model Regulations and the Model Codes Of Practice. (More on that in just a second.) It’s Safe Work Australia that provides a lot of good guidance on their website.

Most Australian regulators will refer you to legislation [i.e. not their own guidance]. We’ve got a bit of an American approach in that respect in Australia, in that you can’t do anything without a lawyer to tell you what you can and can’t do. Well, that’s the way that some government agencies seem to approach it. Sadly, they’ve lost the idea that the regulator is there to bridge the gap and explain safety to ordinary people so they can just get on with it.

Now some regulators in Australia, particularly say the New South Wales state regulator or Victorian state regulator do provide good guidance for use within their jurisdiction. The red flashing lights and the sirens should be going off at this point because we have a jurisdiction issue in Australia, and we’ll come onto that now.


In the UK, it’s reasonably simple. You’ve got the HSE for England and Wales, you’ve got the HSE for Scotland and you’ve got the HSE for Northern Ireland. They are enforcing essentially the same acts and the same regulations, right across the United Kingdom. Now there are differences in law: England and Wales have a legal system; Scotland has a slightly different legal system; then Northern Ireland has peculiarities of its own. But they’re all related. There are historical reasons why the law is different, but, from a safety point of view, all those three regulators do the same thing. And work consistently.

In Australia, it’s a bit different. Australia is a Federated Nation. We have States and Territories as you can see, we’ve got Queensland, New South Wales and Victoria. Within New South Wales we’ve got the ACT, that’s the Australian Capital Territory, and Canberra is the Australian Federal capital.

Most Australians live on that East Coast, down the coast of Queensland NSW and Victoria. Then we’ve got Tasmania, South Australia, the Northern Territory and Western Australia. All those states and territories have and enforce their own Safety Law and Regulations.

On top of that, you’ve got a Federal approach to safety as well. Now, this will be a bit of a puzzle to Brits, but in Australia, we call the national government in Canberra ‘the Commonwealth’. Brits are used to the Commonwealth being 100+ countries that used to belong to the UK, but now they’re a club. But in Australia, the Commonwealth is the national government, the Federal Government.

Regulators #1

Let’s talk about regulators, starting at the national level. If you look at the bottom right-hand corner, we have got Comcare. They are the national regulator, who enforce WHS for The Commonwealth of Australia, [Which is] all Federal workplaces, Defence, any land that’s owned by The Commonwealth, and anything where you’ve got a national system. You’ve also got some nationalised or semi-nationalised industries that effectively belong to the Commonwealth, or are set up by national regulations, and they operate to the Commonwealth version of WHS

Then you’ve got the Northern Territory, Tasmania, South Australia, Queensland, New South Wales and the Australian Capital Territory. All those states and territories have their own versions of the Model WHS Act, Regulations and COP. They’re not all identical but they’re pretty much the same. There are slight differences in the way that things are enforced, for example in South Australia there’s a couple of Codes Of Practice that Work Safe SA have said they will not enforce.

These differences don’t change the price of fish. All these regulators have their own jurisdiction, and they’re all doing more or less the same thing as Commonwealth WHS. If you start with the Model WHS Act or the Commonwealth version, then you won’t be far off what’s going on in those states and territories. However, you do have to remember that if you’re doing non-Commonwealth work in those states and territories, you’re going to be under the jurisdiction of the local state or territory regulator.

That’s the easy bit!

Unfortunately, not all states have adopted WHS yet. Western Australia (bottom left-hand corner) they are going to implement WHS but it’s not there yet. Currently, in December 2019 they’re heading towards WHS, but they’re still using their old Occupational Health and Safety (OS&H) Legislation from about 1999, I think.

Victoria has decided that they’re not going to implement WHS. Even though everybody agreed they would [change to WHS], they’re going to stick with their Occupational Health and Safety at work Act, which again I think dates from something like 1999. (These acts are amended and kept up to date.)  Victoria has no plans to implement WHS.

You, like me, might be thinking what a ridiculous way this is to organise yourself. We’re a nation of less than twenty-five million people, and we’ve got all this complexity about regulators and how we regulate and yes: it is daft! Model WHS was an attempt to get away from that stupidity. I have to say it’s mostly been successful, and I think we will get there one day, but that’s the situation we’ve got in Australia.

Regulators #2

Now, a quick little sample of regulators in the UK and Australia just to compare. I can’t go through them all, because there are a lot. I wanted to illustrate the similarities and differences; there are many similarities for Brits coming to Australia or Aussies going to the UK. You will find a regulatory system that in most part looks and feels familiar.

In the UK, for example, you’ve got the Civil Aviation Authority, who regulate non-military flying, airports etc; in Australia, you’ve got the Civil Aviation Safety Authority, which does almost the same thing. In the UK you’ve got the Air Accident Investigation Branch, who do what their name implies; in Australia, you’ve got the Australian Transportation Safety Bureau, who also investigates air accidents (they do maritime accidents as well). By the way, the ATSB in Australia is somewhat modelled on the American ATSB, with a very similar approach to the way they do business.

Now when we get onto the maritime side, it’s quite different. In the UK, you’ve got the Maritime and Coastguard Agency or MCGA. They regulate Civil Maritime Traffic and health and safety on merchant ships; they also investigate accidents. In Australia, don’t forget we’ve got the ATSB looking at maritime accidents and publishing statistics. We’ve then got the Australian Maritime Safety Authority, the AMSA, who look at the design aspects of safety of ships. (These are all national / Federal / Commonwealth regulators, by the way.) You’ve then got ‘Sea Care’, who look at the OH&S workplace aspects of working on merchant ships.

Then separately [again] we’ve got the National Offshore Petroleum Safety and Environmental Management Authority NOPSEMA, who look after oil rigs and gas rigs, that sit more than three nautical miles offshore. Because if they’re inside three nautical miles then that’s the jurisdiction of the local state or territory.

Indeed, NOPSEMA is evidence of the Federal government trying to get all the states and territories to come together.  They succeeded with WHS but with the offshore stuff, the states and territories refused to cooperate with the Commonwealth. (This is a common theme in Australia. The different branches of the government seem to delight in fighting each other rather than serving the Australian public.) The Commonwealth decided Australia could not develop an offshore industry on this basis – it wasn’t going to happen. So, they unilaterally set up NOPSEMA. Bang. Suck on that states and territories.


Let’s look a little bit at culture. Let’s face it, Australians, Brits and Americans in many ways are very similar. We have an Anglo-Saxon approach to things, and Australian and British law is very similar. We also have a similar sense of humour, which is very important when trying to do safety

You’ve got the five eyes countries – Australia, New Zealand, the UK, the US and Canada – who have worked closely together for several decades. There’s a lot of commonality between these English-speaking countries that have a common Anglo-Saxon colonial past.

However, the big difference in Australia is that we are much more heavily influenced by the US than the UK is. You’ll find a lot of a US-style ‘certification against specification’ in Australia in different industries. That’s subtly different to the UK and Australian legal approach, which is based on ‘safety by intent’. This idea is that safety is achieved by keeping people safe [managing risk in the real world], where a contract specification means very little. Are people kept safe? That’s the essential idea behind UK and Australian law. It’s a bit that’s a bit different to the sort of American approach of you know specifications and requirements.

There’s nothing wrong with either approach, they’re just different, but mixing them together does cause confusion. In the UK if you work, as I did for most of my working life, in the aviation industry, it is an international enterprise and it uses a US-style safety-by-specification and certification approach because civil aviation is essentially US-led. (From the 1944 Chicago convention onwards.) It’s important to understand the difference, and there’s a lot more of this US certification influence in Australia.


We’ve talked about some different aspects. I can’t go into detail on everything, as I simply don’t know all the details on everything, as I’m not an expert in it all domains. Nobody is. But I hope I’ve given you a useful overview of differences for British engineers wanting to be aware of safety in Australia, and Aussies wanting to go to the UK.

Cultural Issues: UK versus the EU

It’s also worth having, while we’re on the subject, just one slide on the EU, because the UK has been part of the EU for a long time. UK legislation has been heavily influenced by the EU and vice versa. As I said earlier, the UK has been quite successful in influencing EU directives, which the UK that turns into regulations as the other EU nations do. That’s the second bullet point. If you go work in the EU, you should find local laws that implement the EU directives in common with the UK.

The big difference between the UK and the other EU states is the ALARP measure of how much safety is enough, and that is unique to the UK. So much so, that other EU nations took the UK to the European Court of Arbitration saying that ALARP was a sort of anti-competitive variation that shouldn’t be allowed. Now, they lost and ALARP stands in the UK, but just illustrates that there are some critical differences and ALARP is probably the most important one.

Back to the first bullet point. In English, we differentiate between safety and security. Now I’ve mentioned the UK HSAW does so but WHS does not do that (deliberately I guess), whether it’s accidental or harm or malicious harm you’ve got to protect your workers. However, in many European countries, the word for safety and security are the same. If you get to Germany, ‘Sicherheit’ means safety and security. In France it’s ‘securité’ and variations thereof in other romance languages, safety and security are the same words in many European languages.

Now having said that, a lot of these EU economies where you might be thinking of working, are modern economies with lots of internationally regulated stuff going on. The aviation industry, for example, but there are lots of advanced industries that are regulated in a similar way, right around the world. You’ll still find familiar concepts in different EU countries.

Now culturally, I’ve spent a lot of time working with Germans, who tend to come unstuck with the Anglo-Saxon approach to safety, because they have the mentality that they make things to work, not to fail. For German engineers especially, the Anglo-Saxon fixation with looking at how things could go wrong seems very strange. They often just don’t get it unless they’ve been in an industry like aviation, where that approach has been inculcated into them. Germans often don’t understand Australian WHS, because it’s just not their mentality. (They don’t build things to fail, they build them to work, so maybe ‘Safety-II’ will take off in Germany because of that.)

In France, I have to say the French are extremely competent engineers and they’re very good at safety. However, they do it their way they do it the French way, which is different to UK/Australia. Don’t expect the French to do it our way. They’re going to do it their way, and you need to learn, to understand what they do, how they do it and why they do it that way. France is in many ways a very nationalized country and it’s a national enterprise. Most engineers go through one system, and there is one top college for engineering in France.

There’s one and only one way of doing it in France, which may come as a bit of a shock to Aussies given our somewhat ‘here and there’ approach to regulation in Australia. The French are competent but don’t expect them to comply with the Aussie or UK way of doing things.

Now, I’ve said ‘variations across Southern Europe’, and I’m trying to be tactful here because a lot of the southern European approach to Safety is very variable. Sometimes I’ve been very impressed watching how, say, the Spanish do business, but in other countries like Italy the approach to safety can be a bit of a shocker. If you’re buying stuff from Italy, the contract may say they’ll do ‘x y z’ and they’ll produce safety reports. Just because they’ve said so, doesn’t mean a that it’s going to happen or that the stuff they produce is going to be worth the paper it’s written on, quite frankly. Some countries are very good in certain areas, but not so much in others.

Copyright Statement

Well, thanks for listening!  This presentation contains a little bit of information from the UK HSE and some from Safe Work Australia and I’ve produced that under the [appropriate] Creative Commons licenses. If you go to The Safety Artisan website you will see the details of the licenses.

The content of this video presentation is copyright The Safety Artisan, 2019. For more information, do please feel free to visit my Patreon Page, where all the safety training videos are available – a lot of free. Some you must pay a small fee to see and that’s it. www.Patreon.com/SafetyArtisan that’s the safety artisan page and then there are more resources at The Safety Artisan website.

It just remains for me to say stay safe and I’ll see you next month. Goodbye!

See the 45-minute video and key points here.

Back to the main WHS Page here | Back to the Home Page here.

Dear Friends and Colleagues

Dear Friends and Colleagues,

I am starting my own business, making online safety training videos, and I need your advice.

As many of you know, I’ve been a safety engineer for many years. That’s how many of us met. I enjoy the work and helping clients to achieve good solutions, but working for the public and private sectors has it’s frustrations.  Money, politics and sometimes oversized egos often manage to get in the way! I suspect that I am not alone in this experience.

So, I’ve decided to provide training on system safety and related topics online. Using the internet allows me to reach anyone, anywhere efficiently. Interested individuals can connect to quality training at their convenience while keeping the price affordable.  No corporations, no contracts, no middle management. Users can access training anonymously if they wish, so nobody needs to be embarrassed about what they don’t – yet – know.

I have started to post some resources on my website, and I would appreciate your honest feedback on what you find there.  

Friends and Colleagues: What do you wish you had learnt a bit earlier in your career? What would have helped you, your employer, your clients? What would help your less experienced colleagues?

Professional | Pragmatic | Impartial

Back to: Main Page

Snapshot: Are you a Student or an Engineer?

Perhaps you are a student, frustrated at the lack of system safety training resources available online. Maybe you are an engineer, looking to get into safety or you need to know how to conduct a safety task allocated to you.

If any of these issues sound familiar, then read on…

Back to: Main Page

Snapshot: Looking to Hire?

You might be looking to hire and want to know what to put in a job description, or what to look for in the CVs/resumes that you receive. Perhaps you are a recruitment agent wondering how to best to match applicants to vacancies. You might be a fellow trainer, looking for useful information, or reading up on the subject.

If any of these issues sound familiar, then read on…

Back to: Main Page

Professional | Pragmatic | Impartial

Snapshot: Are you a Manager?

Maybe you are a manager who needs to understand what your safety staff do. Or perhaps you think that you might need to bring in a specialist: What are your options? What do you need? What’s really the best way to achieve it?

If any of these issues sound familiar, then read on…

Back to: Main Page

Professional | Pragmatic | Impartial

Snapshot – Five Principles of Safe Design

Snapshot: Five Principles of Safe Design

Five principles of safe design

  • Principle 1: Persons with control—those who make decisions affecting the design of products, facilities or processes are able to promote health and safety at the source.
  • Principle 2: Product lifecycle—safe design applies to every stage in the lifecycle from conception through to disposal. It involves eliminating hazards or minimising risks as early in the lifecycle as possible.
  • Principle 3: Systematic risk management—apply hazard identification, risk assessment and risk control processes to achieve safe design.
  • Principle 4: Safe design knowledge and capability—should be either demonstrated or acquired by those who control design.
  • Principle 5: Information transfer—effective communication and documentation of design and risk control information amongst everyone involved in the phases of the lifecycle is essential for the safe design approach.

– Safe Work Australia website (see Copyright Statement).

More Posts on ‘Safe Design’ are Coming Soon!

Back to: Safe Design Page | Main Page

Professional | Pragmatic | Impartial

System Safety Principles (Short)

Here is the short (15 mins) video on System Safety Principles, which is a sample of the full (45 mins) video on the subject.

System Safety Principles (15 mins)

See both the videos on Patreon, here.

Back to: System Safety Page | Main Page

Professional | Pragmatic | Impartial

System Safety Principles

The Full Transcript


Welcome to the Safety Artisan where you will find professional, pragmatic and impartial guidance and educational products on all things safety, be they System Safety, design safety, functional safety. Call it whatever you want. Today we’re going to be talking about System Safety principles. We will be going through some System Safety principles from the American Federal Aviation Authority System Safety Handbook.

This is a transcript of the full, 45-minute video, which you can see on Patreon, here.


So, our topics for today. There’s a fundamental statement to start with, we’ll talk about planning and Management Authority how we achieve safety in the precedence that we prefer to use. Safety requirements and analysis assumptions and criteria emphasis and results, Management Authority responsibilities, software and how to get an effective System Safety program. There’s quite a lot here, we’re going to charge on and see what we get.

System Safety is a Basic Requirement

The first thing we need to consider is that System Safety is a basic requirement of the total system. The FAA deal with airplanes, so, I thought I’d show you a picture of an airplane that’s had a bad day. Now the engines and the wings and the tail I think have been removed after the crash but as you can see it’s got to be bashed in the front when it crashed. The point we’re making here is that safety is to do with the total system. An unsafe airplane, an airplane that’s crashed no longer flies. It’s no longer really an airplane, it’s just shattered remains. Safety is a fundamental thing that we need from the whole system. We need the whole aeroplane to work. We could, for example, talk about the safety of the wings or the safety of the engines but that wouldn’t make much sense in isolation would it if the engines aren’t on the airplane or the wings aren’t on the airplane then what’s the point of them. So, we need System Safety. It’s a basic requirement of the whole thing, and the whole thing working.


OK, the next principle is planning. What do we need from planning? Well, we need the safety engineering effort to be comprehensive. In other words, we needed to cover everything it needs to cover, and it needs to be integrated, it all needs to be joined up. if the safety effort isn’t both of those things are then it’s either going to fall short or it’s going to be disconnected in some way and that doesn’t mean effected said we’re going to have this thing.

Now we need ongoing effort over a period to achieve safety for any kind of significant system. that probably means that we’re going to do a whole bunch of different tasks and those tasks that we’ve got to be done in sequence. They’ve got to relate to each other. If you can imagine a planning chart, a Gantt chart, a waterfall chart that kind of thing with tasks linked together. Typical planning stuff. Nothing unusual there. The plan must also, influence facilities equipment procedures and personnel.

When it says influence, I guess it’s better to say making choices, or decisions. Which facilities? which personnel? which procedures? and why are they appropriate? What we’re trying to achieve. That’s what that’s really all about, the fourth bullet point. Here we’ve got applicable to all program phases. We need a plan that gets us started that gets the work done and brings things to a satisfactory conclusion. Whether that be all parts of the program right through to integration getting our airplane or our other system into service then we need it to cover all the other stuff as well.

It’s very easy to think about sexy, design stuff particularly with things like airplanes. But we need to cover all the other things as well. What about transporting our system or spares. What about logistics support. What about spares and repair. What about storage in package handling? How do we ensure that stuff arrives where it’s supposed to in a fit state to be used and that kind of thing. Finally, not every program is all about the development of new things. There are probably going to be some non-developmental items or designs along the way. We’re going to reuse some stuff from elsewhere and we’ve got to make sure that it fits in and contributes to safety, so there are no disconnections or incompatibilities. We need to think about those NDIs as well. Whether we are in control of its development we need to think about that stuff. These seven bullet points talk about the comprehensiveness of the Plan.

Management Authority

Okay, Management Authority. In the FAA handbook, which is getting a bit old in the tooth by now it must be said it’s about 19 years old, we have the concept we’ve got the FAA is the regulator we’ve got the Management Authority whoever is putting together, in this case, an airplane project and then we’ve got the idea that the Management Authority has staff and also, contractors. The Management Authority is contracting out certain things they might be contracting out all the development or just bits of it or whatever it might be.

So, the M.A. has got to manage in this concept the overall system safety effort. They’ve got to pull it all together and the managerial and technical procedures to be used must be approved by the Management Authority. It’s the Management Authority that resolves any conflicts between safety and other design issues and resolves conflicts between different contractors. The Management Authority really has the power here and if need be, they must knock heads together in order to make sure that the whole thing works. That’s a key concept here. We’ll come back to that later as you’ll see.

Precedence of Controls

Moving on now, when we talk about controlling risk, we have several options for what kind of controls we can use. The FAA principles say we should start with designing for minimum hazards. So, we should try and make our system, whatever it may be, as inherently safe, as intrinsically safe as we can by designing out dangerous features.

Almost certainly we cannot completely design out risk in any significant system. Maybe we need to use specific safety devices. There’s a very simple illustration on the right. What you see with those little white boxes in the center with the wiring coming out the top and bottom. They are circuit breakers and they are what’s called residual current device circuit breakers. If a circuit breaker detects a spike of voltage or current on the line it will trip and isolate whatever it is feeding electricity to. So, if you’ve had a short circuit or you have an accident that would probably cause a voltage spike, the RCD circuit breaker trips and protect people from electrocution or protects equipment from being overvolted. In which case it might fail or catch fire or something.

There is a good example of some safety devices that you could fit into an electrical system. Having designed for minimum hazard and added safety devices we could warn people that there out that of impending problems and we could fit alarms of warning lights and or they might be warning signs that we might have a sign on the side of this box with these circuit breakers in saying watch out there’s electricity.

Finally we can use procedures, we can have written procedures that tell people how to do stuff safely and if the warnings and cautions that say ‘watch out for this’ or don’t do that or in and do this in a particular way and maybe the procedure might say in the case of the illustration you need to isolate the electricity before you open this box. All sorts of options but we want to start with the most effective options which are designing our hazards. In fact, you will still see a version of this precedence of controls in, for example, Australian work health and safety today it’s not called precedence of controls. It’s called a hierarchy of controls, but it says much the same thing.

Safety Requirements

Let’s talk about safety requirements and there are two points here that the FAA is making very wisely. First, those safety requirements have got to be consistent with other program requirements a safety program in isolation. It’s probably not going to be much use. It’s got to fit in and be consistent with what the overall program is doing to be effective. For example, if the safety program is making assumptions about how stuff is going to be used or maintained or the environment it’s going to work in, but those assumptions are incorrect. They’re not aligned with reality. Then you probably have a problem.

Secondly and this sounds a bit more controversial, performance cost and other requirements may have priority over safety requirements.

I’ll let that sink in.

So, it sounds odd: Other requirements may have priority for safety but, it’s quite logical when you think about it because there’s no such thing as perfect safety. Nothing is safe. Breathing in and out has risks for human beings. We just need to get on with it. It may be that if we give safety priority over everything we will end up with a system that has low performance, such that it’s not worth using, or it may cost so much that nobody could afford to buy or use it or sustain it. We’ve got to balance safety requirements with others and safety may not always win, it may not always be the pretty dominant requirement.

System Analyses

OK So, how do we understand what safety we need and whether we’ve achieved it or not. The answer is system analysis and system analyses, as it says, are basic tools for developing design specifications. Now, they do a lot more than that as we’ll see. But the focus with the FAA approach to System Safety is very much requirements-centric. The idea is that while you do a lot of work to get specifications and the requirements right, and then you make sure that what you design matches the specifications and then you verify and validate that it’s met the requirements at the end. And that is very much the American ethos for how you do safety.

Now, not all legal systems take this approach. For example, the UK and the Australian legal system are taking the view that its safety by intent. So, we measure safety or the achievement of safety based on saying that risks have been reduced to an acceptable level (but even that, of course, is a requirement). The two approaches are not incompatible. We must understand what we’re doing and remember these legal requirements, in whatever jurisdiction you’re in, are themselves requirements and need to be fed into the specifications. That’s the key thing. Is that something I often see missing in safety programs in all in all sorts of countries, where whoever is developing the requirements specifications, at whatever level, has forgotten about a bunch of requirements that just have to be met.

Of course, we have to remember that the measure of safety, it’s not the scope of the analysis – the analysis is just a means to an end. It’s a means to satisfy a requirement. That’s what it’s about. Having made sure we’ve considered all the requirements that we need for safety, we need to satisfy them. System analysis helps us to do that by looking at the system as a whole.

Purpose of Analyses

The purpose of these analyses is what do we do with them. I said they weren’t just for requirements. We can use analysis to identify hazards. It says corrective actions, it may be that we’ve identified hazards associated with the design or possible designs that we’re going to correct that design to reduce the hazard.

Or it may be that we’re going to add controls we might use analysis a trade-off to understand and review safety considerations and see how much safety we can get. How much safety is reasonable to have? Back to the requirements, we might use analysis to determine or evaluate safety design requirements, not just safety design requirements. We might also, need to evaluate operational, requirements for testing logistics, etc., Testing might be: how are we going to demonstrate safety? Again, the FAA is an American organization and the American approach to verification and validation tends to emphasize testing, sometimes to the exclusion of all else. Now, this isn’t necessarily the best way to do things but that’s the mentality. Just to be aware that’s one of the underlying philosophies or these principles because it’s from the American FAA.

Finally, we might use analyses to validate requirements that they’ve been met So, we might not be able to do testing. It might be too expensive or too dangerous to test something to destruction. Maybe what we need is a whole bunch of tests, different test points, and analysis is the way to do that particularly in the world of aircraft development. These days the way things tend to be done is that you have a model of your system and you use the model, in general, to validate that your system is correct and then you use certain test points to validate the model because it’s just too expensive, too time-consuming to physically test everything.

And then a final point that sounds rather odd: analysis our hazard analysis is not safety analysis. And I think what the FAA means by this is that we need to focus on real-world hazards. I’ve seen people get hung up trying to analyze a program or trying to start their analysis by analyzing safety controls and thinking about well what happened if my control goes wrong.

Well, we need to start at the other end. We need to start with the real-world hazard. That’s what’s really going to hurt people. we can work out how effective controls need to be from analyzing the hazard, not the other way around. That’s quite a common mistake I see in say programs, which is not focusing on physical hazards because then you can end up going around in circles in a rather theoretical or philosophical approach as opposed to getting the job done. That rather harks back to the previous point. The whole point of the exercise is to satisfy requirements by having a safe system not to do the analysis. There are some purposes of an analysis.

Assumptions and Criteria

As always in science and engineering. We’re going to need to make some assumptions because we can’t possibly prove absolutely everything. Now assumptions are good because they enable us to proceed. They enable us to work pragmatically but we’ve got to make sure that they are sensible. We’ve got a verify, validate them as far as we can and if we discover that an assumption turns out to be incorrect then we’re going to do something about it. Change in a program is inevitable. sometimes as we go through a large development program, we discover that the assumptions that we started with are not correct and we need to review and make changes.

That’s important. Again, people are sometimes nervous about doing that. They just want to well, dare I say, some people just want to stick their head in the sand and ignore these things but that’s not good safety management either. We’re going to have to set some risk criteria. Think we’re going to have to decide how much risk we can accept what our risk appetite is. Because as I’ve said before you can’t have zero risks, and to pretend that you can is foolish and ultimately self-defeating because then you end up with that’s an unrealistic assumption and you end up with a safety program that’s built on fantasy rather than reality.

That’s no good. Making assumptions and setting criteria are an inherent part of risk management. We need to understand that a risk is something that hasn’t yet happened. If it’s already happened, it’s an issue. So, a risk is something that could happen in the future. We’re talking about making estimates. We must set assumptions and we must set criteria. OK, I think I’ve said enough about that.

Safety Management

Moving on to safety management. So, we’ve got the Management Authority. But of course, safety management needs to be done at every level where we can influence the design. So, it’s not just the Management Authority’s responsibility to manage safety. Everybody who is managing safety must define safety functions, the authority that various people must make decisions and interrelationships between bodies and individuals and then safety management must be about exercising appropriate control. Whether it is control of the safety process is what we’re talking about here rather than management of hazard (controls). We need to when we’re exercising safety management. We need to do all those things

Effort and Emphasis

Not all risks are equal, not all safety controls hazard controls are equal. So, the degree of safety effort and the achievements that are required are dependent upon management emphasis. Now it says here by the FAA and tractors So, the FAA acts as a regulator. The emphasis that drives safety and where the emphasis on where we apply safety and the precedence and how much effort we put in, that’s going to be partly directed by the regulator. If you’re working in a regulated industry or it may be directed by the law and then the Management Authority or their contractors after then take and interpret those directives and apply them practically and then, of course, we’re going back to safety management. We define functions, authority, relationships and we exercise control in order to achieve the safety emphasis that is required to achieve the results that is required. That’s going to direct the effort.

We were probably going to spend a lot more effort managing higher risks than lower ones. We know our risks. Now that sounds so obvious doesn’t it?  But the reality is it’s very easy for programs to lose sight of what the big risks are and major on the miners if you will. It’s too easy to get carried away with little things and you end up spending all your time on a program dealing with trivia while ignoring the fact that the horse has already bolted (escaped)!

Clarity of Objectives

I guess that comes back to the clarity of objectives, doesn’t it? There’s an old saying, one of my favorites (I apologize) “if you don’t know to which port you are sailing then no wind it’s favorable”. You’ve got to know what your safety objectives are what your safety targets are (if you’re going to set quantitative targets, but you don’t have to). Whatever your safety objectives and requirements are the Management Authority needs to clearly state and communicate them to everybody who is required to take action to manage safety. So, again, this sounds obvious, but people get it wrong so often, or they just don’t do it. Then at the back end of a program, they’re surprised that they haven’t got what they need.

This can become a big problem if you’re at the back end of a program and the Management Authority is trying to demonstrate to the regulator, or whoever it might be, customers perhaps, that they met safety requirements and met safety objectives. They may find either they got kit that can’t meet the requirements because they didn’t specify the requirement up front, or, more often, they can’t demonstrate that the kit meets the requirements, which is quite galling because you’ve got kit, which you suspect it’s perfectly okay but you can’t prove it. So, then you end up having to spend more money and waste time at the back end of the program trying to fix those things. A lot of programs end up being late and over budget for things like that. The earlier and the clearer you set your objectives the better. That supports things like making trade-offs and making decisions.

It’s all about decision making.

Management Authority Responsibilities

And that brings us neatly on to Management Authority responsibilities. The assumption is that we have an SSP, a System Safety Program. So, we have a planned program that’s going to achieve safety. The MA must plan it, organize it and make it happen. The MA has got to establish what the safety requirements are for a system, for the design, and they’ve got to state those safety requirements in a contract. (The assumption is that we’re going to contract with somebody for the whole system may be, or parts of the system.) We need a statement of work, to say OK what activities do we need to meet these requirements?

Now I guess what varies here is the amount of detail in the statement of Work. The Management Authority might take a hands-off approach and go okay, I’m going to specify some things in a statement of work like we want reviews at particular points in the program, or we want safety reporting, or whatever it might be. Or they might take a really prescriptive approach and say we’re going to specify in a lot of detail what we want in the SoW. To do that effectively the management and authority you really got to understand the minimum the thing that they need, and how that minimum might be reasonably achieved, because the danger is if you over specified that state with without work and you’ve got something wrong then you might end up stopping the contractors doing something sensible. Or the contractors might just blindly follow what you’ve told them to do rather than thinking about safety, which is what you really want!

Moving on. The MA must also review things and ensure (I think we would say in English) ENSURE an adequate and complete System Safety Program Plan. We’ve got a System Safety Program. We need a plan for it, and whether it be the MA that produces an overall plan or whether they produce a plan for themselves and then specify that the other stakeholders do their own, whichever it might be.

So, this System Safety Program, System Safety Program Plan, the Statement of Work and the requirements: those four things really are linked together and need to be thought of together. You need to take a holistic approach because if you’ve got the requirements are out of step with the program, if the plan doesn’t adequately describe the program that you need, if the statement of work is at odds with the plan or the intended program. All these things are going to cause major problems. Those four things, the System Safety Program, safety requirements, Statement Of Work and the System Safety Program Plan really need to be worked consistently and coherently any to fit together.

Let’s move on from the first five bullet points. A rather odd one, it seems, to supply historical data. Now that looks really odd doesn’t it? out of place with the others. It’s quite logical. The Management Authority, the people who say I want a system and I’m going to set everything up to make sure I get the system that I need. They’re not doing this in isolation. This might be a new system, but it’s probably replacing an old system and a Management Authority should have some expectations, from prior use of other systems or related systems. They should have some expectation of what is reasonable to expect from this kind of system. In other words, setting the safety requirements.

What kind of accidents and incidents we’ve seen in the past? and therefore what kind of hazards and risks we’re going to need to control? So, that historical data is very important and it might literally be lots and lots of low-level data or it might be something a bit higher level where we’ve learned some lessons from the past and those lessons have helped to form our safety requirements for this future system. Historical data is very important.

And again, it’s very easy to get wrong. With historical data usually what we find in the real world is we have underreporting. We have confused reporting and we’ve got a lot of data. We’re not always sure what it means whether there are any overlaps that kind of thing. Gathering historical data and analyzing it can be quite difficult, but it can also, be tremendously useful. It’s worth doing.

So, next Bullet point they may need to review contractor System Safety effort. What we’re doing the data that they’re producing the MA needs to ensure specifications are updated with analysis and test results. Again, we talked about change being inevitable. Somebody has got to make that change happen and make sure the effects of change ripple through the system consistently and that somebody is the MA.  Somebody has got to have the authority to manage these things. One body. Management by committee doesn’t always work very well. Somebody some organization or some individual who clearly has authority to lead.

Finally, we need to establish and operate System Safety groups. These groups or committees, whatever you want to call them, we need to bring different stakeholders together different expertise and different competent people with different competencies together in order to support the Management Authority. The final decision rests with the Management Authority but the MA needs to pull together enough expertise to enable them to make sensible decisions. There’s a balance between this unity of leadership unity of purpose and diversity of representation that brings everything we need into the decision-making process.


Okay: software! Now, this is a slight aside, when the FAA came up with these principles, software was maybe a little bit rarer back then. Now, these days software is everywhere. But back in 2000, particularly on high integrity systems, like airplane software, it was rarer. It was there and had been for some time, but it wasn’t always doing safety-related stuff. So, it’s still seen as a bit of a special case and to be honest, even these days lots of people are frightened of software because it’s intangible, and I suspect I’m going to end up doing quite a few sessions talking about software safety and explaining it.

We note that the FAA is still taking their very much requirements-focused approach So, analysing software for hazards is seen in this approach as all about taking requirements from the top left hand side of the V model, which we see illustrated here, and flowing those requirements down to lower and lower levels until we get to implementation: the development of the software. Then as we build those we conduct unit testing, integration testing, system testing, and user testing or operational testing whatever you want to call it.

We progressively build-up testing to show that we have verified that their requirements, at every level in the V model, have been met. This is a philosophy for looking at software and it is correct, but it’s not the only way of looking at software. This is a very American approach. It emphasizes requirements. It emphasizes testing. We will see when we get to a specialist subjects on software, software is not always very amenable to being tested and just because you’ve got a requirement, just because software meets all its requirements – that’s great – maybe we can demonstrate that, but can we demonstrate that it doesn’t do anything it’s not supposed to do?  Often in safety that’s half the battle or even more than half.  So, I’m not necessarily a fan of this statement here and to be honest it is a bit out of date.

System Safety Program

So, we move on and this is our final slide. We’ve talked about the System Safety Program before and we’ve got some good principles here. What do we need or an effective System Safety Program? And that word effective is key because anybody can make up a program that may or may not be effective. What do we need to make it work? Well, we need a plan a planned approach to getting tasks done, getting them accomplished. Again, I have seen lots of people start tasks and not finish them, or not finish them successfully. We need qualified people. Once again, I’ve seen lots of programs with people who don’t really know what they’re doing and they’re very busy. They’re running around like headless chickens. Maybe they’ve got a lot of people, but if they don’t know what they’re doing then sure they may if directed sensibly, they may still get a result but it’s probably not going to be very elegant. So, we need people who are competent at what they are doing.

We need somebody or something that wields the authority to get stuff done, implement tasks, and that authority has got to flow through all levels of management (because we might have multiple levels).  We’ve got the Management Authority in this model, who is reporting to the FAA and trying to demonstrate to that regulator that they’ve done what they were supposed to. Maybe you’ve got internal levels of management, but in the end the Management Authority has got to manage contractors, perhaps at multiple levels. On complex systems, you may have many levels of contracts contributing these parts and components and sub-assemblies et cetera et cetera into an overall complex system.

Finally, we’ve got to have appropriate staffing and funding. We’ve got to have enough people with the right skills to get the job done and that all costs money. Very often safety-qualified people are hard to find and therefore they tend to be expensive. That’s when people like myself get brought in and safety consultants, because a Management Authority or the contractors they were working for them discover that they don’t have enough staff with the right experience and competence in order to get the job done. People like me get brought in and we can be quite expensive!

Nothing wrong with doing that of course. But usually, to get effective results, I find that the Management Authority needs to have enough competent people at least to understand, to be able to realize we’re not making progress here, we need to bring in more highly qualified people. You need enough knowledge about safety in order just to realize that you’re not cutting it and you need to bring in some higher-powered help.

That’s one of the reasons for The Safety Artisan to exist, really, is to help people have enough background to realize what they’re supposed to be doing versus maybe what’s going on. Once you have that knowledge then hopefully you can build up enough knowledge to assess the situation and to decide whether what you’re doing is adequate or whether you need further help. That minimum level of knowledge is what you need to succeed. Once you’ve got that then maybe you buy more expertise and employ people in-house or maybe you bring people in temporarily, but that understanding requires a certain base-level knowledge about safety.  And that’s what the Safety Artisan is all about, ladies and gentlemen. That’s a nice point on which to end.

Copyright Statement

Just to say that all the “quotations in italics” are from the U.S. Federal Aviation Authority System Safety handbook. As you can see, they’re published in the year 2000. It is getting a bit long in the tooth in some ways, but the basic principles are good ones. To be honest, I can’t find them as clearly articulated anywhere else, even today, certainly not in a form publicly available for you and me to share. So, thanks and appreciation for the FAA for doing that. I do hope one day soon they’re going to update that system safety handbook because it is a very useful beast. There are still people out there using it and maybe not understanding where it falls short these days.

Now, U.S. government standards tend to be copyright free. The text itself is copyright free, but this video presentation and the value add that I’m providing is copyright of the Safety Artisan, 2019, to understand how current

I’m recording this on the 26th of October 2019.  Maybe you found this video on the Safety Artisan Page at www.Patreon.com, or maybe you found it elsewhere, but you will find all my System Safety videos on Patreon.com/SafetyArtisan.

That’s the end of the presentation on System Safety Principles. Thanks for your attention. it just remains for me to say thanks for tuning in as always. I will see you soon. Cheers now.

See the video on Patreon, here.

Back to: System Safety Page | Main Page

Professional | Pragmatic | Impartial

Snapshot – Safe Design

Snapshot Video: What is Safe Design?

Safe design is about integrating hazard identification and risk assessment methods early in the design process, to eliminate or minimise risks of injury throughout the life of a product. This applies to buildings, structures, equipment and vehicles.

Safe Work Australia website (see Copyright Statement).

In Australia:

  • Of 639 work-related fatalities from 2006­­ to 2011, one-third (188) were caused by unsafe design or design-related factors contributed to the fatality.
  • Of all fatalities where safe design was identified as an issue, one fifth (21%) was caused by inadequate protective guarding for workers.

More Posts on ‘Safe Design’ are Coming Soon!

Back to: WHS Page | Main Page

Professional | Pragmatic | Impartial