Category: Blog

Categories
Blog Work Health and Safety

Due Diligence and Safety

Photo by Sora Shimazaki from Pexels
Photo by Sora Shimazaki from Pexels

In this article, I’m looking at Due Diligence and Safety in the USA, UK, and Australia. Why? Because Due Diligence is the root of so much that we should be doing in Safety.

Let’s start with the definitions of due diligence in the way that it applies to safety (because due diligence is a concept that has many different applications in business.)

Due Diligence in the United States of America

Definition of Due Diligence

1law the care that a reasonable person exercises to avoid harm to other persons or their property …
Doing your due diligence: “… in this sense, it is synonymous with another legal term, ordinary care.”

Merriam-Webster Dictionary

That’s the definition from a popular US dictionary.

Workplace Safety in the USA

In the USA, the Federal Occupational Safety and Health Agency, (OSHA), governs health and safety in the workplace.  As the USA is a federal state, what the OSH Act or Agency covers is complex, as follows:

  • The Agency covers most private sector employers in all 50 US states, either directly through the federal agency or through an OSHA-approved state plan – 22 states have such a plan;
  • Workers at state and local government agencies are not covered by the Agency, but have OSH Act protections if they work in those states that have an OSHA-approved state program;
  • The Agency protects workers of all federal agencies;
  • The Act does not cover the self-employed, immediate family members of farm employers; and
  • The Act does not cover workplace hazards regulated by another federal agency (for example, the Mine Safety and Health Administration, the Department of Energy, or Coast Guard).[2]  

Are you confused?  I am!

Product Safety in the USA

To add to my confusion the US Consumer Product Safety Commission (CPSA) regulates the safety of some consumer products. It does so under thirteen different federal laws.  These acts regulate, for example, child safety, flammable fabrics, art supplies, poisons, and refrigerators[3].  I can’t see any coherent pattern to what the CPSA regulates.

However, the US Federal Government tends not to manage product safety.  It is more often addressed via state legislation, which varies from state to state.  

Product safety is also dealt with through civil liability: victims sue you if your product hurts someone.  In other words “Product liability is the area of law in which manufacturers, distributors, suppliers, retailers, and others who make products available to the public are held responsible for the injuries those products cause.”[4]

There are different theories of liability, one of them being ‘strict liability.  “In criminal and civil law, strict liability is a standard of liability under which a person is legally responsible for the consequences flowing from an activity even in the absence of fault or criminal intent on the part of the defendant.”[5] 

Back to Due Diligence

Now we circle back to due diligence: “due diligence is the only available defense to a crime that is one of strict liability … Once the criminal offence is proven, the defendant must prove on balance that they did everything possible to prevent the act from happening.”[6]

(I also note from that Wikipedia article that “It is not enough that they took the normal standard of care in their industry – they must show that they took every reasonable precaution.”  We now seem to be heading towards our old friend ‘reasonably practicable’ – but that’s another article!)

There is a big difference in the way that the USA manages workplace and product health and safety.  Due Diligence may be a useful concept in all these settings. However, I’m finding it very difficult to say what it means when applied to safety.

Due Diligence Around the World

It was also challenging to pin down due diligence and safety in the United Kingdom (and still is).

In 2007, the UK’s Health and Safety Executive (the national regulator, much like OSHA in the USA) published a useful study into Due Diligence[7].  This report looked at “whether the law in nine different countries imposes health and safety duties upon boardroom directors (and other senior managers)”.

Due Diligence in Nine Different Countries

It concluded that “seven out of nine countries contain safety legislation that imposes positive safety obligations upon either directors or senior managers of companies. These are: Germany, France, Italy, Sweden, Japan, Canada (four out of fourteen jurisdictions) and Australia (two out of nine jurisdictions).

Thus, the criminal law in these countries imposes safety obligations on directors or senior managers.  

Interestingly, the Report found that exercising “due diligence to prevent the commission of the offence” was often found to be a viable defense for company directors and senior managers in many jurisdictions.

Due Diligence in the United Kingdom

The report observed that, in 2007, “It is fair to say that the legislative framework for regulating occupational health and safety (OHS) in Great Britain appears unusual in not imposing positive duties on directors. The majority of the nine countries studied do have this kind of legislation.” 

The UK brought the Corporate Manslaughter and Corporate Homicide Act into force in 2007 – the same year as this Report.  The UK introduced this because of several failures to prosecute company directors after high-profile fatal accidents.  Before 2007, courts had to find individuals guilty of gross negligence manslaughter to hold them accountable. Such prosecutions often failed.

Whether the Due Diligence Report had any influence on the 2007 Act is hard to say. This Report is still the best result on the UK HSE’s website for ‘due diligence’ so not much seems to have changed.

Safety Law in Australia

Now Australia has an interesting mix of approaches derived from those in the USA and UK.

Australia is a Federation

Australia, like the USA, is a federal state.  Responsibility for health and safety generally resides with the states and territories.  The federal government only controls health and safety in federal workplaces or on federal land.  In Australia, we have a similar jurisdictional model to the USA, with all the complexity that can introduce.

US practices also influence Australian industry and commerce.  Safety requirements are often met by meeting specifications. (Whereas the UK uses a ‘safety by intent’ approach – another article I must write).  Thus, Australian safety practice often relies on certification against standards, as in the US. 

Australian Work Health and Safety Law

In Australia, we have adopted our own version of the UK Health and Safety at Work Act, 1974.  The Australian government introduced a much-refined version of UK law in 2011, some 37 years after the UK Act.

To achieve standardization across Australia, the Federal Government agreed with state and territory governments to introduce a model-based approach.

Safe Work Australia developed the Model WHS Act, Regulations, and Codes of Practice, collaboratively. Then the states and territories all agreed to adopt these centrally-developed articles of legislation.

States and territories were free to modify the Models as they saw fit. In general, the different jurisdictions have changed little, although Victoria has chosen not to implement WHS at all (thanks, Victoria, for being team players).

Unlike in the USA, Australian Work Health and Safety (WHS) legislation covers both workplaces and non-consumer goods. (Consumer goods are covered by other laws.)

This criminal law sets standards that manufacturers, designers, importers, and users must achieve when engineering, installing, commissioning equipment, and running it within a workplace.

Safety Due Diligence in Australia

In Australia, we are fortunate that the Work Health and Safety Act introduces a very specific and practical definition of what Due diligence is when applied to safety duties.

The Act says that Officers (company directors and senior managers) have additional duties.  Officers must exercise ‘due diligence. Under Division 4—Duty of officers, workers and other persons, Section 27  Duty of officers:

             (1)  If a person conducting a business or undertaking has a duty or obligation under this Act, an officer of the person conducting the business or undertaking must exercise due diligence to ensure that the person conducting the business or undertaking complies with that duty or obligation. 

Australian WHS Act, 2011

We’re now talking about what is due diligence in the context of health and safety. I need to be precise about that. The term ‘due diligence’ appears in other Australian laws and can have different meanings. In this post, the definition of due diligence applies to WHS duties only.

We’ve got to do six things, in sub-paragraphs (a) to (f), to demonstrate due diligence. 

What does Due Diligence Mean (a & b)?

(5)  In this section, due diligence includes taking reasonable steps:

                     (a)  to acquire and keep up‑to‑date knowledge of work health and safety matters; and

                     (b)  to gain an understanding of the nature of the operations of the business or undertaking of the person conducting the business or undertaking and generally of the hazards and risks associated with those operations; and

Section 27

Officers must acquire and keep up to date with knowledge of work health and safety matters obligations and so forth.

Secondly, officers must gain an understanding of the nature of their business’s operations and the risks they control.  If you’re a company director you need to know what the operation does.

You cannot hide behind “I didn’t know” because it’s a legal requirement for you to do so.  There’s no pleading ignorance because ignorance is, in fact, illegal and you’ve got to have a general understanding of the hazards and risks associated with those operations.  

We don’t necessarily have to be up on all the specifics of everything going on in your organization, but you should know what your organization does. However, we should be aware of the general costs and risks associated with that kind of business.

What does Due Diligence Mean (c, d, e & f)?

                     (c)  to ensure that the person conducting the business or undertaking has available for use, and uses, appropriate resources and processes to eliminate or minimise risks to health and safety from work carried out as part of the conduct of the business or undertaking; and

Section 27

Now, thirdly, we are moving on. Basically, sub-paragraphs C, D, E, and F refer to appropriate resources and processes.  Officers have got to ensure that PCBUs have available and use appropriate resources and processes in order to control risks.  That says you’ve got to provide those resources and processes and there is supervision.

Maybe you put in a Safety Management System that ensures people actually do use the stuff they should, to keep themselves safe.  And that’s very relevant because often people don’t like wearing, for example, Personal Protective Equipment (PPE) because it’s uncomfortable or slows you down, so the temptation is to take it off.

What does Due Diligence Mean (d)?

                     (d)  to ensure that the person conducting the business or undertaking has appropriate processes for receiving and considering information regarding incidents, hazards and risks and responding in a timely way to that information; and

Section 27

Moving on to part D, we’re still on the appropriate processes. We must have appropriate processes for receiving and considering information on incidents, hazards, and risks.  Again, we’ve got to keep up to date. What’s going on in our own plants and maybe similar plants in the industry? We need a process to respond in a timely way to that information.

If we discover that there is a new incident or hazard that you didn’t previously know about. We need to respond and react to that quickly enough to make a difference to the health and safety of workers.  That works together with sub-paragraph B, doesn’t it?  In parts A and B we need to keep up to date on the risks and what’s going on in the business. Also, in part A, we need to ensure that the PCBU has processes for compliance with any duty or obligation and follows them again to provide that stuff.

In the system safety world, often the designers will need to provide the raw material that becomes those processes. Or maybe if we’re selling a product, it comes with an instruction manual of all the processes needed.

What does Due Diligence Mean (e-f)?

                     (e)  to ensure that the person conducting the business or undertaking has, and implements, processes for complying with any duty or obligation of the person conducting the business or undertaking under this Act; and

                      (f)  to verify the provision and use of the resources and processes referred to in paragraphs (c) to (e).

Examples:  For the purposes of paragraph (e), the duties or obligations under this Act of a person conducting a business or undertaking may include:

(a)    reporting notifiable incidents;

(b)    consulting with workers;

(c)    ensuring compliance with notices issued under this Act;

(d)    ensuring the provision of training and instruction to workers about work health and safety;

(e)    ensuring that health and safety representatives receive their entitlements to training.

Section 27

Finally, the officers must verify the provision and use of these resources and processes (in Parts C, D, and E).  Thus, we’ve got a simple six-point program that comprises due diligence, but it’s quite demanding. There’s no shirking this stuff or pretending you didn’t know.  I suspect it’s designed to hang Company directors who neglect and harm their workers.

What Due Diligence is All About

Let’s face it, this is all good common-sense stuff. We should be doing this anyway.

These requirements are only the minimum required for all businesses and undertakings in Australia. In any kind of high-risk industry, we should have a Safety Management System that does all of this and more.

Conclusion

Well, we’ve looked at due diligence as it applies to safety in many different countries.  We’ve concentrated on the USA, the UK, and Australia. But Germany, France, Italy, Sweden, Japan, Canada got an honorable mention as well.

The combinations of due diligence with criminal law, civil law, and safety are very confusing in the USA. It is largely non-existent in the UK. 

Only Australia has spelled out in law what due diligence means for safety.  You may not work in Australia, but I suggest that the clarity and practicality of the WHS Act definition on ‘due diligence’ are useful for safety practitioners everywhere.  

What does Due Diligence mean for Safety Practices where You are?

[1] Merriam-Webster online dictionary.

[2] https://en.wikipedia.org/wiki/Occupational_Safety_and_Health_Administration

[3] https://www.cpsc.gov/Regulations-Laws–Standards/Statutes

[4] https://en.wikipedia.org/wiki/Product_liability#Strict_liability

[5] https://en.wikipedia.org/wiki/Strict_liability

[6] https://en.wikipedia.org/wiki/Due_diligence

[7] https://www.hse.gov.uk/research/rrpdf/rr535.pdf

Categories
Behind the Scenes Blog

Testimonials

Testimonials from 20+ years in the industry. Hear what some clients and ex-colleagues have to say about The Safety Artisan.

General Testimonials

The way you teach this subject makes it comprehensible and part of an integral whole. It seems like your approach is rare (and valuable) in the world of System Safety.

Thomas Anthony
Director, Aviation Safety and Security Program
Viterbi School of Engineering
University of Southern California

“Hi Simon, I would just like to say that the content you have been putting out recently is absolutely amazing and I enjoy reading and listening through it.”

James Moodie

“Simon, Love the even-handed approach you’ve adopted and also the tongue-in-cheek comments.” 

Paul Bird, Former Manager Safety Engineering, BAES Australia

“Explanation about the military standard was very interesting, because for the first time somebody talked about possible disadvantages.”

Henri Van Buren, reviewing “System Safety Risk Analysis Programs”

“Valuable information, Clear explanations, Engaging delivery, Helpful practice activities, Accurate course description, Knowledgeable instructor.”

Manuel Louie B. Santos, reviewing “Risk Management 101”

“Understanding safety law can be difficult and, at times, confronting.  Thankfully, Simon has a knack of bringing clarity to complex legal requirements, using real work examples to help understanding.  I highly recommend Simon to any director or manager wanting to understand their legal obligations and ensure a safe workplace.”

Jonathan Carroll, Senior Leadership, Pacific National

“Simon, You are and always will be the master at explaining the way Safety management works in real life. It is great to see your broad and vast experience being available through this medium and The Safety Artisan website. I will definitely be dropping in to seek your trusted guidance.”

Kevin Payne, Systems Safety Consultant at QinetiQ

Testimonials from Udemy Courses

Principles of Software Safety Standards (scores 4.42 out of 5.00)

Performance by course attribute:

  • Are you learning valuable information? 97% said YES!
  • Are the explanations of concepts clear? 100% said YES!
  • Is the instructor’s delivery engaging? 95% said YES!
  • Are there enough opportunities to apply what you are learning? 86% said YES!
  • Is the course delivering on your expectations? 94% said YES!
  • Is the instructor knowledgeable about the topic? 97% said YES!

Get your discount here (please use this link, otherwise Udemy take 67% of the price).

How to Design a System Safety Program (scores 4.29 out of 5.00)

Performance by course attribute:

  • Are you learning valuable information? 100% said YES!
  • Are the explanations of concepts clear? 100% said YES!
  • Is the instructor’s delivery engaging? 100% said YES!
  • Are there enough opportunities to apply what you are learning? 100% said YES!
  • Is the course delivering on your expectations? 75% said YES!
  • Is the instructor knowledgeable about the topic? 100% said YES!

Get your discount here (please use this link, otherwise Udemy take 67% of the price).

How to Prepare for the CISSP Exam (scores 4.61 out of 5.00)

Performance by course attribute:

  • Are you learning valuable information? 100% said YES!
  • Are the explanations of concepts clear? 100% said YES!
  • Is the instructor’s delivery engaging? 100% said YES!
  • Are there enough opportunities to apply what you are learning? 100% said YES!
  • Is the course delivering on your expectations? 100% said YES!
  • Is the instructor knowledgeable about the topic? 100% said YES!

Get it for FREE here.

Risk Management 101 (scores 4.48 out of 5.00)

Performance by course attribute:

  • Are you learning valuable information? 100% said YES!
  • Are the explanations of concepts clear? 100% said YES!
  • Is the instructor’s delivery engaging? 100% said YES!
  • Are there enough opportunities to apply what you are learning? 94% said YES!
  • Is the course delivering on your expectations? 97% said YES!
  • Is the instructor knowledgeable about the topic? 100% said YES!

Get it for FREE here.

Back to Home Page.

Categories
Blog Safety Management

FAQ on Risk Management

In this FAQ on Risk Management, I will point you to some lessons where you will get some answers to basic questions.

Lessons on this Topic

Welcome to Risk Management 101, where we’re going to go through these basic concepts of risk management. We’re going to break it down into the constituent parts and then we’re going to build it up again and show you how it’s done.

So what is this risk analysis stuff all about? What is ‘risk’? How do you define or describe it? How do you measure it? In Risk Basics I explain the basic terms.

Risk Analysis Programs – Design a program for any system in any application. You’ll be able to:

  • Describe fundamental risk concepts;
  • Define what a risk analysis program is;
  • and much more…

If you don’t find what you want in this FAQ on Risk Management, there are plenty more lessons under Start Here and System Safety Analysis topics. Or just enter ‘risk’ into the search function at the bottom of any page.

The Common Risk Management Questions

Click here to see the most Commonly-asked Questions

why risk management, why risk management is important, why risk management is important in project management, why risk management plan is important, why risk management is important for business, why risk management matters, are risk management, are risk management services, is risk management important, is risk management framework, is risk management effective, can risk management be outsourced, can risk management increase risk, can risk management create value, how can risk management help companies, how can risk management be improved, how can risk management improve performance, how risk management improve organization performance, how risk management works, how risk management help you, how risk management helps, how risk management plans can be monitored, how risk management help us, how risk management add value to a firm, how risk management developed, what risk management do, what risk management means, what risk management is, what risk management is not, where risk management, which risk management certification is best, which risk management principle is best demonstrated, which risk management technique is considered the best, which risk management handling technique is an action, which risk management techniques, who risk management guidelines, who risk management, who risk management framework, who risk management tool, who risk management plan, who risk management strategies, will risk management be automated, how will risk management help you, how will this risk management plan be monitored, risk management will reduce, risk management will

Categories
Blog Functional Safety

Functional Safety

The following is a short, but excellent, introduction to the topic of ‘Functional Safety’ by the United Kingdom Health and Safety Executive (UK HSE). It is equally applicable outside the UK, and the British Standards (‘BS EN’) are versions of international ISO/IEC standards – e.g. the Australian version (‘AS/NZS’) is often identical to the British standard.

My comments and explanations are shown [thus].

[Functional Safety]

“Functional safety is the part of the overall safety of plant and equipment that depends on the correct functioning of safety-related systems and other risk reduction measures such as safety instrumented systems (SIS), alarm systems and basic process control systems (BPCS).

[Functional Safety is popular, in fact almost ubiquitous, in the process industry, where large amounts of flammable liquids and gasses are handled. That said, the systems and techniques developed by and for the process industry have been so successful that they are found in many other industrial, transport and defence applications.]

SIS [Safety Instrumented Systems]

SIS are instrumented systems that provide a significant level of risk reduction against accident hazards.  They typically consist of sensors and logic functions that detect a dangerous condition and final elements, such as valves, that are manipulated to achieve a safe state.

The general benchmark of good practice is BS EN 61508, Functional safety of electrical/electronic/programmable electronic safety related systems. BS EN 61508 has been used as the basis for application-specific standards such as:

  • BS EN 61511: process industry
  • BS EN 62061: machinery
  • BS EN 61513: nuclear power plants

BS EN 61511, Functional safety – Safety instrumented systems for the process industry sector, is the benchmark standard for the management of functional safety in the process industries. It defines the safety lifecycle and describes how functional safety should be managed throughout that lifecycle. It sets out many engineering and management requirements, however, the key principles of the safety lifecycle are to:

  • use hazard and risk assessment to identify requirements for risk reduction
  • allocate risk reduction to SIS or to other risk reduction measures (including instrumented systems providing safety functions of low / undefined safety integrity)
  • specify the required function, integrity and other requirements of the SIS
  • design and implement the SIS to satisfy the safety requirements specification
  • install, commission and validate the SIS
  • operate, maintain and periodically proof-test the SIS
  • manage modifications to the SIS
  • decommission the SIS

BS EN 61511 also defines requirements for management processes (plan, assess, verify, monitor and audit) and for the competence of people and organisations engaged in functional safety.  An important management process is Functional Safety Assessment (FSA) which is used to make a judgement as to the functional safety and safety integrity achieved by the safety instrumented system.

Alarm Systems

Alarm systems are instrumented systems designed to notify an operator that a process is moving out of its normal operating envelope to allow them to take corrective action.  Where these systems reduce the risk of accidents, they need to be designed to good practice requirements considering both the E,C&I design and human factors issues to ensure they provide the necessary risk reduction.

In certain limited cases, alarm systems may provide significant accident risk reduction, where they also might be considered as a SIS. The general benchmark of good practice for management of alarm systems is BS EN 62682.

BPCS [Basic Process Control Systems]

BPCS are instrumented systems that provide the normal, everyday control of the process.  They typically consist of field instrumentation such as sensors and control elements like valves which are connected to a control system, interfaced, and could be operated by a plant operator.  A control system may consist of simple electronic devices like relays or complicated programmable systems like DCS (Distributed Control System) or PLCs (Programmable Logic Controllers).

BPCS are normally designed for flexible and complex operation and to maximize production rather than to prevent accidents.  However, it is often their failure that can lead to accidents, and therefore they should be designed to good practice requirements. The general benchmark of good practice for instrumentation in process control systems is BS 6739.”

[To be honest, I would have put this the other way around. The BCPS came first, although they were just called ‘control systems’, and some had alarms to get the operators’ attention. As the complexity of these control systems increased, then cascading alarms became a problem and alarms had to be managed as a ‘thing’. Finally, the process industry used additional systems, when the control system/alarm system combo became inadequate, and thus the terms SIS and BCPS were born.]

[It’s worth noting that for very rapid processes where a human either cannot intervene fast enough or lacks the data to do so reliably, the SIS becomes an automatic protection system, as found in rail signaling systems, or ‘autonomous’ vehicles. Also for domains where there is no ‘fail-safe’ state, for example in aircraft flight control systems, the tendency has been to engineer multiple, redundant, high-integrity control systems, rather than use a BCPS/SIS combo.]

Copyright

The above text is reproduced under Creative Commons Licence from the UK HSE’s webpage. The Safety Artisan complies with such licensing conditions in full.

[Functional Safety – END]

Back to Home Page

Categories
Blog Work Health and Safety

Introduction to WHS Codes of Practice

In the 30-minute session, we introduce Australian WHS Codes of Practice (CoP). We cover: What they are and how to use them; their Limitations; we List (Federal) codes; provide Further commentary; and Where to get more information. This session is a useful prerequisite to all the other sessions on CoP.

Codes of Practice: Topics

  • What they are and how to use them;
  • Limitations;
  • List of CoP (Federal);
  • Further commentary; and
  • Where to get more information.

Codes of Practice: Transcript

Click Here for the Transcript

Hello and welcome to the Safety Artisan, where you will find professional, pragmatic, and impartial teaching and resources on all thing’s safety. I’m Simon and today is the 16th of August 2020. Welcome to the show.

Introduction

So, today we’re going to be talking about Codes of Practice. In fact, we’re going to be introducing Codes of Practice and the whole concept of what they are and what they do.

Topics for this Session

What we’re going to cover is what Codes of Practice are and how to use them – several slides on that; a brief word on their limitations; a list of federal codes of practice – and I’ll explain why I’m emphasizing it’s the list of federal ones; some further commentary and where to get more information. So, all useful stuff I hope.

CoP are Guidance

So, Codes of Practice come in the work, health and safety hierarchy below the act and regulations. So, at the top you’ve got the WHS Act, then you’ve got the WTS regulations, which the act calls up. And then you’ve got the Codes of Practice, which also the act calls up. We’ll see that in a moment. And what Codes of Practice do are they provide practical guidance on how to achieve the standards of work, health and safety required under the WHS act and regulations, and some effective ways to identify and manage risks. So, they’re guidance but as we’ll see in a moment, they’re much more than guidance. So, as I said, the Codes of Practice are called up by the act and they’re approved and signed off by the relevant minister. So, they are a legislative instrument.

Now, a quick footnote. These words, by the way, are in the introduction to every Code of Practice. There’s a little note here that says we’re required to consider all risks associated with work, not just for those risks that have associated codes of practice. So, we can’t hide behind that. We’ve got to think about everything. There are codes of practice for several things, but not everything. Not by a long way.

…Guidance We Should Follow

Now, there are three reasons why Codes of Practice are a bit more than just guidance. So, first of all, they are admissible in court proceedings. Secondly, they are evidence of what is known about a hazard, risk, risk assessment, risk control. And thirdly, courts may rely, or regulators may rely, on Codes of Practice to determine what is reasonably practicable in the circumstances to which the code applies. So, what’s the significance of that?

So first of all, the issue about being admissible. If you’re unfortunate enough to go to court and be accused of failing under WHS law, then you will be able to appeal to a Code of Practice in your defence and say, “I complied with the Code of Practice”. They are admissible in court proceedings. However, beyond that, all bets are off. It’s the court that decides what is anadmissible defence, and that means lawyers decide, not engineers. Now, given that you’re in court and the incident has already happened a lot of the engineering stuff that we do about predicting the probability of things is no longer relevant. The accident has happened. Somebody has got hurt. All these probability arguments are dust in your in the wake of the accident. So, Codes of Practice are a reliable defence.

Secondly, the bit about evidence of what is known is significant, because when we’re talking about what is reasonably practicable, the definition of reasonably practicable in Section 18 of the WHS act talks about what it is reasonable or what should have been known when people were anticipating the risk and managing it. Now, given that Codes of Practice were published back in 2012, there’s no excuse for not having read them. So, they’re pre –existing, they’re clearly relevant, the law has said that they’re admissible in court. We should have read them, and we should have acted upon them. And there’ll be no wriggling out of that. So, if we haven’t done something that CoP guided us to do, we’re going to look very vulnerable in court.  Or in the whatever court of judgment we’re up against, whether it be public opinion or trial by media or whatever it is.

And thirdly, some CoP can be used to help determine what is SOFARP. So in some circumstances, if you’re dealing with a risk that’s described a CoP, CoP is applicable. Then if you followed everything in CoP, then you might be able to claim that just doing that means that you’ve managed the risk SFARP. Why is that important? Because the only way we are legally allowed to expose people to risk is if we have eliminated or minimized that risk so far as is reasonably practicable, SFARP. That is the key test, the acid test, of “Have we met our risk management obligations? “And CoP are useful, maybe crucial, in two different ways for determining what is SFARP. So yes, they’re guidance but it’s guidance that we ignore at our peril.

Standards & Good Practice

So, moving on. Codes of Practice recognize, and I reemphasize this is in the introduction to every code of practice, they’re not the only way of doing things. There isn’t a CoP for everything under the sun. So, codes recognize that you can achieve compliance with WHS obligations by using another method as long as it provides an equivalent or higher standard of work, health and safety than the code. It’s important to recognize that Codes of Practice are basic. They apply to every business and undertaking in Australia potentially. So, if you’re doing something more sophisticated, then probably CoP on their own are not enough. They’re not good enough.

And in my day job as a consultant, that’s the kind of stuff we do. We do planes, trains and automobiles. We do ships and submarines. We do nuclear. We do infrastructure. We do all kinds of complex stuff for which there are standards and recognized good practice which go way beyond the requirements of basic Codes of Practice. And many I would say, probably most, technical and industry safety standards and practices are more demanding than Codes of Practice. So, if you’re following an industry or technical standard that says “Here’s a risk management process”, then it’s likely that that will be far more detailed than the requirements that are in Codes of Practice.

And just a little note to say that for those of us who love numbers and quantitative safety analysis, what this statement about equivalent or higher standards of health and safety is talking about  –We want requirements that are more demanding and more rigorous or more detailed than CoP. Not that the end –result in the predicted probability of something happening is better than what you would get with CoP because nobody knows what you would get with CoP. That calculation hasn’t been done. So, don’t go down the rabbit hole of thinking “I’ve got a quantitatively demonstrate that what we’re doing is better than CoP.” You haven’t. It’s all about demonstrating the input requirements are more demanding rather than the output because that’s never been done for CoP. So, you’ve got no benchmark to measure against in output terms.

The primacy of WHS & Regulations

A quick point to note that Codes of Practice, they are only guidance. They do refer to relevant WHS act and regulations, the hard obligations, and we should not be relying solely on codes in place of what it says in the WHS Act or the regulations. So, we need to remember that codes are not a substitute for the act or the regs. Rather they are a useful introduction. WHS ACT and regulations are actually surprisingly clear and easy to read. But even so, there are 600 regulations. There are hundreds of sections of the WHS act. It’s a big read and not all of it is going to be relevant to every business, by a long way. So, if you see a CoP that clearly applies to something that you’re doing, start with the cop. It will lead you into the relevant parts of WHS act and regulations. If you don’t know them, have a read around in there around the stuff that – you’ve been given the pointer in the CoP, follow it up.

But also, CoP do represent a minimum level of knowledge that you should have. Again, start with CoP, don’t stop with them. So, go on a bit. Look at the authoritative information in the act and the regs and then see if there’s anything else that you need to do or need to consider. The CoP will get you started.

And then finally, it’s a reference for determining SOFARP. You won’t see anything other than the definition of reasonably practicable in the Act. You won’t see any practical guidance in the Act or the regulations on how to achieve SOFARP. Whereas CoP does give you a narrative that you can follow and understand and maybe even paraphrase if you need to in some safety documentation. So, they are useful for that. There’s also guidance on reasonably practicable, but we’ll come to that at the end.

Detailed Requirements

It’s worth mentioning that there are some detailed requirements in codes. Now, when I did this, I think I was looking at the risk management Code of Practice, which will go through later in another session. But in this example, there are this many requirements. So, every CoP has the statement “The words ‘must’, ‘requires’, or ‘mandatory’ indicate a legal requirement exists that must be complied with.” So, if you see ‘must’, ‘requires’, or ‘mandatory’, you’ve got to do it. And in this example CoP that I was looking at, there are 35 ‘must’s, 39 ‘required’ or ‘requirement’ – that kind of wording – and three instances of ‘mandatory’. Now, bearing in mind the sentence that introduces those things contains two instances of ‘must’ and one of ‘requires’ and one of ‘mandatory’. So, straight away you can ignore those four instances. But clearly, there are lots of instances here of ‘must’ and ‘require’ and a couple of ‘mandatory’.

Then we’ve got the word ‘should’ is used in this code to indicate a recommended course of action, while ‘may’ is used to indicate an optional course of action. So, the way I would suggest interpreting that and this is just my personal opinion – I have never seen any good guidance on this. If it says ‘recommended’, then personally I would do it unless I can justify there’s a good reason for not doing it. And if it said ‘optional’, then I would consider it. But I might discard it if I felt it wasn’t helpful or I felt there was a better way to do it. So, that would be my personal interpretation of how to approach those words. So, ‘recommended’ – do it unless you can justify not doing it. ‘Optional’ – Consider it, but you don’t have to do it.

And in this particular one, we’ve got 43 instances of ‘should’ and 82 of ‘may’. So, there’s a lot of detailed information in each CoP in order to consider. So, read them carefully and comply with them where you have to work and that will repay you. So, a positive way to look at it, CoP are there to help you. They’re there to make life easy for you. Read them, follow them. The negative way to look at them is, ”I don’t need to do all this says in CoP because it’s only guidance”. You can have that attitude if you want. If you’re in the dock or in the witness box in court, that’s not going to be a good look. Let’s move on.

Limitations of CoP

So, I’ve talked CoP up quite a lot; as you can tell, I’m a fan because I like anything that helps us do the job, but they do have limitations. I’ve said before that there’s a limited number of them and they’re pretty basic. First of all, it’s worth noting that there are two really generic Codes of Practice. First of all, there’s the one on risk management. And then secondly, there’s the one on communication, consultation and cooperation. And I’ll be doing sessions on both of those. Now, those apply to pretty much everything we do in the safety world. So, it’s essential that you read them no matter what you’re doing and comply with them where you have to.

Then there are other codes of practice that apply to specific activities or hazards, and some of them are very, very specific, like getting rid of asbestos, or welding, or spray painting – or whatever it might be – shock blasting. Those have clearly got a very narrow focus. So, you will know if you’re doing that stuff. So, if you are doing welding and clearly you need to read the welding CoP. If welding isn’t part of your business or undertaking, you can forget it.

However, overall, there are less than 25 Codes of Practice. I can’t be more precise for reasons that we will come to in a moment. So, there’s a relatively small number of CoP and they don’t cover complex things. They’re not going to help you design a super –duper widget or some software or anything like that. It’s not going to help you do anything complicated. Also, Codes of Practice tend to focus on the workplace, which is understandable. They’re not much help when it comes to design trade –offs. They’re great for the sort of foundational stuff. Yes, we have to do all of this stuff regardless. When you get to questions of, “How much is enough?” Sometimes in safety, we say, “How much margin do I need?” “How many layers of protection do I need?” “Have I done enough?” CoP aren’t going to be a lot of use helping you with that kind of determination but you do need to have made sure you’ve done everything CoP first and then start thinking about those trade –offs, would be my advice. You’re less likely to go wrong that way. So, start with your firm basis of what you have to do to comply and then think “What else could I do?”

List of CoP (Federal) #1

Now for information, you’ve got three slides here where we’ve got a list of the Codes of Practice that apply at the federal or Commonwealth level of government in Australia. So, at the top highlighted I’ve already mentioned the ‘how’ to manage WHS risks and the consultation, cooperation, and coordination codes. Then we get into stuff like abrasive, blasting, confined spaces, construction and demolition and excavation, first aid. So, quite a range of stuff, covered.

List of CoP (Federal) #2

Hazardous manual tasks – so basically human beings carrying and moving stuff. Managing and controlling asbestos, and removing it. Then we’ve got a couple on hazardous chemicals on this page, electrical risks, managing noise, preventing hearing loss, and stevedoring. There you go. So, if you’re into stevedoring, then this CoP is for you. The highlighted ones we’re going to cover in later sessions.

List of CoP (Federal) #3

Then we’ve got managing risk of Plant in the workplace. There was going to be a Code of Practice for the design of Plant, but that never saw the light of day so we’ve only got guidance on that. We’ve got falls, environment, work environment, and facilities. We’ve got another one on safety data sheets for another one on hazardous chemicals, preventing falls in housing – I guess because that’s very common accident – safe design of structures, spray painting and powder coating, and welding processes. So, those are the list of – I think it’s 24 – Codes of Practice are applied by Comcare, the federal regulator.

Commentary #1

Now, I’m being explicit about which regulator and which set of CoP, because they vary around Australia. Basically, the background was the model Codes of Practice were developed by Safe Work Australia, which is a national body. But those model Codes of Practice do not apply. Safe Work Australia is not a regulator. Codes of Practice are implemented or enforced by the federal government and by most states and territories. And it says with variations for a reason. Not all states and territories impose all codes of practice. For example, I live in South Australia and if you go and look at the WorkSafe South Australia website or Safe Work – whatever it’s called – you will see that there’s a couple of CoP that for some reason we don’t enforce in South Australia. Why? I do not know. But you do need to think about these things depending on where you’re operating.

It’s also worth saying that WHS is not implemented in every state in Australia. Western Australia currently have plans to implement WHS, but as of 2020 but I don’t believe they’ve done so yet. Hopefully, it’s coming soon. And Victoria, for some unknown reason, have decided they’re just not going to play ball with everybody else. They’ve got no plans to implement WHS that I can find online. They’re still using their old OHS legislation. It’s not a universal picture in Australia, thanks to our rather silly version of government that we have here in Australia – forget I said that. So, if it’s a Commonwealth workplace and we apply the federal version of WHS and Codes of Practice. Otherwise, we use state or territory versions and you need to see the local regulator’s Web page to find out what is applied where. And the definition of a Commonwealth workplace is in the WHS Act, but also go and have a look at the Comcare website to see who Comcare police. Because there are some nationalised industries that count as a Commonwealth workplace and it can get a bit messy.

So, sometimes you may have to ask for advice from the regulator but go and see what they say. Don’t rely on what consultants say or what you’ve heard on the grapevine. Go and see what the regulator actually says and make sure it’s the right regulator for where you’re operating.

Commentary #2

What’s to come? I’m going to do a session on the Risk Management Code of Practice, and I’m also, associated with that, going to do a session on the guidance on what is reasonably practicable. Now that’s guidance, it’s not a Code of Practice. But again, it’s been published so we need to be aware of it and it’s also very simple and very helpful. I would strongly recommend looking at that guidance if you’re struggling with SFARP for what it means, it’s very good. I’ll be talking about that soon. Also, I’m going to do a session on tolerability of risk, because you remember when I said “CoP aren’t much good for helping you do trade–offs in design” and that kind of thing. They’re really only good for simple stuff and compliance. Well, what you need to understand to deal with the more sophisticated problems is the concept of tolerability of risk. That’ll help us do those things. So, I’m going to do a session on that.

I’m also going to do a session on consultation, cooperation, and coordination, because, as I said before, that’s universally applicable. If we’re doing anything at a workplace, or with stuff that’s going to a workplace, that we need to be aware of what’s in that code. And then I’m also going to do sessions on plant, structures and substances (or hazardous chemicals) because those are the absolute bread and butter of the WHS Act. If you look at the duties of designers, manufacturers, importers, suppliers, and installers, et cetera, you will find requirements on plant, substances and structures all the way through those clauses in the WHS Act. Those three things are key so we’re going to be talking about that.

Now, I mentioned before that there was going to be a Code of Practice on plant design, but it never made it. It’s just guidance. So, we’ll have a look at that if we can as well – Copyright permitting. And then I want to look at electrical risks because I think the electrical risks code is very useful. Both for electrical risks, but it’s also a useful teaching vehicle for designers and manufacturers to understand their obligations, especially if you operate abroad and you want to know, or if you’re importing stuff “Well, how do I know that my kit can be safely used in Australia?” So, if you can’t do the things that the electrical risk CoP requires in the workplace if your piece of kit won’t support that, then it’s going to be difficult for your customers to comply. So, probably there’s a hint there that if you want to sell your stuff successfully, here’s what you need to be aware of. And then that applies not just to electrical, I think it’s a good vehicle for understanding how CoP can help us with our upstream obligations, even though CoP applies to a workplace. That session will really be about the imaginative use of Code of Practice in order to help designers and manufacturers, etc.

And then I want to also talk about noise Code of Practice, because noise brings in the concept of exposure standards. Now, generally, Codes of Practice don’t quote many standards. They’re certainly not mandatory, but noise is one of those areas where you have to have standards to say, “this is how we’re going to measure the noise”. This is the exposure standard. So, you’re not allowed to expose people to more than this. That brings in some very important concepts about health monitoring and exposure to certain things. Again, it’ll be useful if you’re managing noise but I think that session will be useful to anybody who wants to understand how exposure standards work and the requirements for monitoring exposure of workers to certain things. Not just noise, but chemicals as well. We will be covering a lot of that in the session(s) on HAZCHEM.

Copyright & Attribution

I just want to mention that everything in quotes/in italics is downloaded from the Federal Register of Legislation, and I’ve gone to the federal legislation because I’m allowed to reproduce it under the license, under which it’s published. So, the middle paragraph there – I’m required to point that out that I sourced it from the Federal Register of legislation, the website on that date. And for the latest information, you should always go to the website to double–check that the version that you’re looking at is still in force and is still relevant. And then for more information on the terms of the license, you can go and see my page at the www.SafetyArtisan.com because I go through everything that’s required and you can check for yourself in detail.

For More…

Also, on the website, there’s a lot more lessons and resources, some of them free, some of them you have to pay to access, but they’re all there at www.safetyartisan.com. Also, there’s the Safety Artisan page at www.patreon.com/SafetyArtisan where you will see the paid videos. And also, I’ve got a channel on YouTube where the free videos are all there. So, please go to the Safety Artisan channel on YouTube and subscribe and you will automatically get a notification when a new free video pops up.

End

And that brings me to the end of the presentation, so thanks very much for listening. I’m just going to stop sharing that now. It just remains for me to say thank you very much for tuning in and I look forward to sharing some more useful information on Codes of Practice with you in the next session in about a month’s time. Cheers now, everybody. Goodbye.

There’s more!

You can find the Model WHS Codes of Practice here. Back to the Topics Page.

Categories
Blog Safety Management

Safety Concepts Part 1

In this ‘Safety Concepts Part 1’ Blog post, The Safety Artisan looks at the meaning of the term “safe”. I look at an objective definition of safe – objective because it can be demonstrated to have been met.

This fundamental topic provides the foundation for all other safety topics, and it isn’t complex. The basics are simple, but they need to be thoroughly understood and practiced consistently to achieve success.

System Safety Concepts – highlights.

Get the full-length Lesson as part of the FREE Triple Learning Bundle.

Safety Concepts Part 1: Topics

  • A practical (useful) definition of ‘safe’:
    • What is risk?
    • What is risk reduction?
    • What are safety requirements?
  • Scope:
    • What is the system?
    • What is the application (function)?
    • What is the (operating) environment?

Safety Concepts Part 1: Transcript

Hi everyone and welcome to the Safety Artisan, where you will find professional, pragmatic, and impartial advice. Whether you want to know how safety is done or how to do it, I hope you’ll find today’s session helpful.

It’s the 21st of September 2019 as I record this. Welcome to the show. So, let’s get started. We’re going to talk today about System Safety concepts. What does it all mean?  We need to ask this question because it’s not obvious, as we will see.

If we look at a dictionary definition of the word ‘safe’, it’s an adjective: to be protected from or not exposed to danger or risk. Not likely to be harmed or lost. There are synonyms – protect, shield, shelter, guard, and keep out of harm’s way. They’re all good words, and I think we all know what we’re talking about. However, as a definition, it’s too imprecise. We can’t objectively say whether we have achieved safety or not.

A Practical Definition of ‘Safe’

What we need is a better definition, a more practical definition. I’ve taken something from an old UK Defence Standard. Forget about which standard, that’s not important. It’s just that we’re using a consistent set of definitions to work through basic safety concepts. And it’s important to do that because different standards, come from different legal systems and they have different philosophies. So, if you start mixing standards and different concepts together, that doesn’t always work.

OK so whatever you do, be consistent. That’s the key point. We’re going to use this set of definitions from the UK Defence Standard because they are consistent.

In this standard, ‘safe’ means: “Risk has been demonstrated to have been reduced to a level that is ALARP, and broadly acceptable or tolerable. And relevant prescriptive safety requirements have been met. For a system, in a given application, in a given Operating Environment.” OK, so let’s unpack that.

System Safety – Risk

So, we start with risk. We need to manage risk. We need to show that risk has been reduced to an acceptable level. As required perhaps by law, regulation, or a standard. Or just good practice in a particular industry. Whatever it is, we need to show that the risk of harm to people has been reduced. Not just any old reduction, we need to show that it’s been reduced to a particular level. Now in this standard, there are two tests for that.

And they’re both objective tests. The first one says as low as reasonably practicable. Basically, it’s asking have all reasonably practicable risk reduction measures have been taken. So that’s one test. And the second test is a bit simpler. It’s basically saying reduce the absolute level of risk to something that is tolerable or acceptable. Now don’t worry too much about precisely what these things mean. The purpose of today is to note that we’ve got an objective test to say that we’ve done enough.

System Safety – Requirements

So that’s dealt with risk. Let’s move on to safety requirements. If a requirement is relevant, then we need to apply it. If it’s prescriptive, if it says you must do this, or you must do that. Then we need to meet it. There are two separate parts to this ‘Safe’ thing: we’ve got to meet requirements; and, we’ve got to manage risk. We can’t use one as an excuse for not doing the other.

So just because we reduce risk until it’s tolerable or acceptable doesn’t mean that we can ignore safety requirements. Or vice versa. So those are the two key things that we’ve got to do. But that’s not actually quite enough to get us there. Because we’ve got to define what we’re doing, with what, and in what context. Well, we’re reducing the risk of a system. And the system might be a physical thing.

Defining the Scope: The System

It might be a vehicle, an airplane, a ship, or a submarine, it might be a car or a truck. Or it might be something a bit more intangible. It might be a computer program that we’re using to make decisions that affect the safety of human beings, maybe a medical diagnosis system. Or we’re processing some scripts or prescriptions for medicine and we’ve got to get it right. We could poison somebody. So, whether it’s a tangible or an intangible system.

We need to define it. And that’s not as easy as it sounds, because if we’re applying system safety, we’re doing it because we have a complex system. It’s not a toaster. It’s something a bit more challenging. Defining the system carefully and precisely is really important and helpful. So, we define what our system is, our thing, or our service. The system. What are we doing with it? What are we applying it to?

Defining the Scope: The Application

What are we using it for? Now, just to illustrate that no standard is perfect. Whoever wrote that defense standard didn’t bother to define the application. Which is kind of a major stuff-up to be honest, because that’s really important. So, let’s go back to an ordinary dictionary definition just to get an idea of what it means. By the way, I checked through the standard that I was referring to, and it does not explain it in this standard.

What it means by the application. Otherwise, I would use that by preference. But if we go back to the dictionary, we see application: the act of putting something into operation. OK, so, we’re putting something to use. We’re implementing, employing it, or deploying it maybe we’re utilizing it, applying it, executing it, enacting it. We’re carrying it out, putting it into operation, or putting it into practice. All useful words that help us to understand.

I think we know what we’re talking about. So, we’ve got a thing or a service. Well, what are we using it for? Quite obviously, you know a car is probably going to be quite safe on the road. Put it in water and it probably isn’t safe at all. So, it’s important to use things for their proper application, to the use to which they were designed. And then, kind of harking back to what I just said, the correct operating environment.

Defining the Scope: The Operating Environment

For this system, and the application to which we will put it to. So, we’ve got a thing that we want to use for something. What’s the operating environment in which it will be safe? What is it qualified or certified for? What’s the performance envelope that it’s been designed for? Typically, things work pretty well within the operating environment, within the envelope for which they were designed. Take them outside of that envelope and they perform not so well.

Maybe not at all. You take an airplane too high and the air is too thin, and it becomes uncontrollable. You take it too low and it smashes into the ground. Neither outcome is particularly good for the occupants of the airplane. Or whoever happens to be underneath it when it hits the ground. All of those three things:  what is the system? What are we doing with it? and where are we doing it? All those things have to be defined. Otherwise, we can’t really say that risk has been dealt with, or that safety requirements have been met.

System Safety: why Bother?

So, we’ve spent several slides just talking about what safe means, which might seem a bit over the top. But I promise you it is not, because having a solid understanding of what we’re trying to do is important in safety. Because safety is intangible. So, we need to understand what it is we’re aiming for. As some Greek bloke said, thousands of years ago: “If you don’t know to which port, you are bound, then no wind is favorable.”

It’s almost impossible to have a satisfactory Safety Program if you don’t know what you’re trying to achieve. Whereas, if you do have a precise understanding of what you’re trying to achieve, you’ve got a reasonably good chance of success. And that’s what it’s all about.

Copyright

Well, I’ve quoted you some information. From a UK government website. And I’ve done so in accordance with the terms of its Creative Commons license. More information about the terms of that can be found on this page.

End: Safety Concepts Part 1

If you want more, if you want to unpack all the Major Definitions, all the system safety concepts that we’re talking about, then there’s the second part of this video, which you can see here.

I hope you enjoy it. Well, that’s it for the short video, for now. Please go and have a look at the longer video to get the full picture. OK, everyone, it’s been a pleasure talking to you and I hope you found that useful. I’ll see you again soon. Goodbye.

Back to the Start Here Page. Get the full-length Lesson as part of the FREE Triple Learning Bundle.

Meet the Author

Learn safety engineering with me, an industry professional with 25 years of experience, I have:

•Worked on aircraft, ships, submarines, ATMS, trains, and software;

•Tiny programs to some of the biggest (Eurofighter, Future Submarine);

•In the UK and Australia, on US and European programs;

•Taught safety to hundreds of people in the classroom, and thousands online;

•Presented on safety topics at several international conferences.