Categories
Start Here Work Health and Safety

Introduction to WHS Codes of Practice

In the 30-minute session, we introduce Australian WHS Codes of Practice (CoP). We cover: What they are and how to use them; their Limitations; we List (Federal) codes; provide Further commentary; and Where to get more information. This session is a useful prerequisite to all the other sessions on CoP.

Codes of Practice: Topics

  • What they are and how to use them;
  • Limitations;
  • List of CoP (Federal);
  • Further commentary; and
  • Where to get more information.

Codes of Practice: Transcript

Click Here for the Transcript

Hello and welcome to the Safety Artisan, where you will find professional, pragmatic, and impartial teaching and resources on all thing’s safety. I’m Simon and today is the 16th of August 2020. Welcome to the show.

Introduction

So, today we’re going to be talking about Codes of Practice. In fact, we’re going to be introducing Codes of Practice and the whole concept of what they are and what they do.

Topics for this Session

What we’re going to cover is what Codes of Practice are and how to use them – several slides on that; a brief word on their limitations; a list of federal codes of practice – and I’ll explain why I’m emphasizing it’s the list of federal ones; some further commentary and where to get more information. So, all useful stuff I hope.

CoP are Guidance

So, Codes of Practice come in the work, health and safety hierarchy below the act and regulations. So, at the top you’ve got the WHS Act, then you’ve got the WTS regulations, which the act calls up. And then you’ve got the Codes of Practice, which also the act calls up. We’ll see that in a moment. And what Codes of Practice do are they provide practical guidance on how to achieve the standards of work, health and safety required under the WHS act and regulations, and some effective ways to identify and manage risks. So, they’re guidance but as we’ll see in a moment, they’re much more than guidance. So, as I said, the Codes of Practice are called up by the act and they’re approved and signed off by the relevant minister. So, they are a legislative instrument.

Now, a quick footnote. These words, by the way, are in the introduction to every Code of Practice. There’s a little note here that says we’re required to consider all risks associated with work, not just for those risks that have associated codes of practice. So, we can’t hide behind that. We’ve got to think about everything. There are codes of practice for several things, but not everything. Not by a long way.

…Guidance We Should Follow

Now, there are three reasons why Codes of Practice are a bit more than just guidance. So, first of all, they are admissible in court proceedings. Secondly, they are evidence of what is known about a hazard, risk, risk assessment, risk control. And thirdly, courts may rely, or regulators may rely, on Codes of Practice to determine what is reasonably practicable in the circumstances to which the code applies. So, what’s the significance of that?

So first of all, the issue about being admissible. If you’re unfortunate enough to go to court and be accused of failing under WHS law, then you will be able to appeal to a Code of Practice in your defence and say, “I complied with the Code of Practice”. They are admissible in court proceedings. However, beyond that, all bets are off. It’s the court that decides what is anadmissible defence, and that means lawyers decide, not engineers. Now, given that you’re in court and the incident has already happened a lot of the engineering stuff that we do about predicting the probability of things is no longer relevant. The accident has happened. Somebody has got hurt. All these probability arguments are dust in your in the wake of the accident. So, Codes of Practice are a reliable defence.

Secondly, the bit about evidence of what is known is significant, because when we’re talking about what is reasonably practicable, the definition of reasonably practicable in Section 18 of the WHS act talks about what it is reasonable or what should have been known when people were anticipating the risk and managing it. Now, given that Codes of Practice were published back in 2012, there’s no excuse for not having read them. So, they’re pre –existing, they’re clearly relevant, the law has said that they’re admissible in court. We should have read them, and we should have acted upon them. And there’ll be no wriggling out of that. So, if we haven’t done something that CoP guided us to do, we’re going to look very vulnerable in court.  Or in the whatever court of judgment we’re up against, whether it be public opinion or trial by media or whatever it is.

And thirdly, some CoP can be used to help determine what is SOFARP. So in some circumstances, if you’re dealing with a risk that’s described a CoP, CoP is applicable. Then if you followed everything in CoP, then you might be able to claim that just doing that means that you’ve managed the risk SFARP. Why is that important? Because the only way we are legally allowed to expose people to risk is if we have eliminated or minimized that risk so far as is reasonably practicable, SFARP. That is the key test, the acid test, of “Have we met our risk management obligations? “And CoP are useful, maybe crucial, in two different ways for determining what is SFARP. So yes, they’re guidance but it’s guidance that we ignore at our peril.

Standards & Good Practice

So, moving on. Codes of Practice recognize, and I reemphasize this is in the introduction to every code of practice, they’re not the only way of doing things. There isn’t a CoP for everything under the sun. So, codes recognize that you can achieve compliance with WHS obligations by using another method as long as it provides an equivalent or higher standard of work, health and safety than the code. It’s important to recognize that Codes of Practice are basic. They apply to every business and undertaking in Australia potentially. So, if you’re doing something more sophisticated, then probably CoP on their own are not enough. They’re not good enough.

And in my day job as a consultant, that’s the kind of stuff we do. We do planes, trains and automobiles. We do ships and submarines. We do nuclear. We do infrastructure. We do all kinds of complex stuff for which there are standards and recognized good practice which go way beyond the requirements of basic Codes of Practice. And many I would say, probably most, technical and industry safety standards and practices are more demanding than Codes of Practice. So, if you’re following an industry or technical standard that says “Here’s a risk management process”, then it’s likely that that will be far more detailed than the requirements that are in Codes of Practice.

And just a little note to say that for those of us who love numbers and quantitative safety analysis, what this statement about equivalent or higher standards of health and safety is talking about  –We want requirements that are more demanding and more rigorous or more detailed than CoP. Not that the end –result in the predicted probability of something happening is better than what you would get with CoP because nobody knows what you would get with CoP. That calculation hasn’t been done. So, don’t go down the rabbit hole of thinking “I’ve got a quantitatively demonstrate that what we’re doing is better than CoP.” You haven’t. It’s all about demonstrating the input requirements are more demanding rather than the output because that’s never been done for CoP. So, you’ve got no benchmark to measure against in output terms.

The primacy of WHS & Regulations

A quick point to note that Codes of Practice, they are only guidance. They do refer to relevant WHS act and regulations, the hard obligations, and we should not be relying solely on codes in place of what it says in the WHS Act or the regulations. So, we need to remember that codes are not a substitute for the act or the regs. Rather they are a useful introduction. WHS ACT and regulations are actually surprisingly clear and easy to read. But even so, there are 600 regulations. There are hundreds of sections of the WHS act. It’s a big read and not all of it is going to be relevant to every business, by a long way. So, if you see a CoP that clearly applies to something that you’re doing, start with the cop. It will lead you into the relevant parts of WHS act and regulations. If you don’t know them, have a read around in there around the stuff that – you’ve been given the pointer in the CoP, follow it up.

But also, CoP do represent a minimum level of knowledge that you should have. Again, start with CoP, don’t stop with them. So, go on a bit. Look at the authoritative information in the act and the regs and then see if there’s anything else that you need to do or need to consider. The CoP will get you started.

And then finally, it’s a reference for determining SOFARP. You won’t see anything other than the definition of reasonably practicable in the Act. You won’t see any practical guidance in the Act or the regulations on how to achieve SOFARP. Whereas CoP does give you a narrative that you can follow and understand and maybe even paraphrase if you need to in some safety documentation. So, they are useful for that. There’s also guidance on reasonably practicable, but we’ll come to that at the end.

Detailed Requirements

It’s worth mentioning that there are some detailed requirements in codes. Now, when I did this, I think I was looking at the risk management Code of Practice, which will go through later in another session. But in this example, there are this many requirements. So, every CoP has the statement “The words ‘must’, ‘requires’, or ‘mandatory’ indicate a legal requirement exists that must be complied with.” So, if you see ‘must’, ‘requires’, or ‘mandatory’, you’ve got to do it. And in this example CoP that I was looking at, there are 35 ‘must’s, 39 ‘required’ or ‘requirement’ – that kind of wording – and three instances of ‘mandatory’. Now, bearing in mind the sentence that introduces those things contains two instances of ‘must’ and one of ‘requires’ and one of ‘mandatory’. So, straight away you can ignore those four instances. But clearly, there are lots of instances here of ‘must’ and ‘require’ and a couple of ‘mandatory’.

Then we’ve got the word ‘should’ is used in this code to indicate a recommended course of action, while ‘may’ is used to indicate an optional course of action. So, the way I would suggest interpreting that and this is just my personal opinion – I have never seen any good guidance on this. If it says ‘recommended’, then personally I would do it unless I can justify there’s a good reason for not doing it. And if it said ‘optional’, then I would consider it. But I might discard it if I felt it wasn’t helpful or I felt there was a better way to do it. So, that would be my personal interpretation of how to approach those words. So, ‘recommended’ – do it unless you can justify not doing it. ‘Optional’ – Consider it, but you don’t have to do it.

And in this particular one, we’ve got 43 instances of ‘should’ and 82 of ‘may’. So, there’s a lot of detailed information in each CoP in order to consider. So, read them carefully and comply with them where you have to work and that will repay you. So, a positive way to look at it, CoP are there to help you. They’re there to make life easy for you. Read them, follow them. The negative way to look at them is, ”I don’t need to do all this says in CoP because it’s only guidance”. You can have that attitude if you want. If you’re in the dock or in the witness box in court, that’s not going to be a good look. Let’s move on.

Limitations of CoP

So, I’ve talked CoP up quite a lot; as you can tell, I’m a fan because I like anything that helps us do the job, but they do have limitations. I’ve said before that there’s a limited number of them and they’re pretty basic. First of all, it’s worth noting that there are two really generic Codes of Practice. First of all, there’s the one on risk management. And then secondly, there’s the one on communication, consultation and cooperation. And I’ll be doing sessions on both of those. Now, those apply to pretty much everything we do in the safety world. So, it’s essential that you read them no matter what you’re doing and comply with them where you have to.

Then there are other codes of practice that apply to specific activities or hazards, and some of them are very, very specific, like getting rid of asbestos, or welding, or spray painting – or whatever it might be – shock blasting. Those have clearly got a very narrow focus. So, you will know if you’re doing that stuff. So, if you are doing welding and clearly you need to read the welding CoP. If welding isn’t part of your business or undertaking, you can forget it.

However, overall, there are less than 25 Codes of Practice. I can’t be more precise for reasons that we will come to in a moment. So, there’s a relatively small number of CoP and they don’t cover complex things. They’re not going to help you design a super –duper widget or some software or anything like that. It’s not going to help you do anything complicated. Also, Codes of Practice tend to focus on the workplace, which is understandable. They’re not much help when it comes to design trade –offs. They’re great for the sort of foundational stuff. Yes, we have to do all of this stuff regardless. When you get to questions of, “How much is enough?” Sometimes in safety, we say, “How much margin do I need?” “How many layers of protection do I need?” “Have I done enough?” CoP aren’t going to be a lot of use helping you with that kind of determination but you do need to have made sure you’ve done everything CoP first and then start thinking about those trade –offs, would be my advice. You’re less likely to go wrong that way. So, start with your firm basis of what you have to do to comply and then think “What else could I do?”

List of CoP (Federal) #1

Now for information, you’ve got three slides here where we’ve got a list of the Codes of Practice that apply at the federal or Commonwealth level of government in Australia. So, at the top highlighted I’ve already mentioned the ‘how’ to manage WHS risks and the consultation, cooperation, and coordination codes. Then we get into stuff like abrasive, blasting, confined spaces, construction and demolition and excavation, first aid. So, quite a range of stuff, covered.

List of CoP (Federal) #2

Hazardous manual tasks – so basically human beings carrying and moving stuff. Managing and controlling asbestos, and removing it. Then we’ve got a couple on hazardous chemicals on this page, electrical risks, managing noise, preventing hearing loss, and stevedoring. There you go. So, if you’re into stevedoring, then this CoP is for you. The highlighted ones we’re going to cover in later sessions.

List of CoP (Federal) #3

Then we’ve got managing risk of Plant in the workplace. There was going to be a Code of Practice for the design of Plant, but that never saw the light of day so we’ve only got guidance on that. We’ve got falls, environment, work environment, and facilities. We’ve got another one on safety data sheets for another one on hazardous chemicals, preventing falls in housing – I guess because that’s very common accident – safe design of structures, spray painting and powder coating, and welding processes. So, those are the list of – I think it’s 24 – Codes of Practice are applied by Comcare, the federal regulator.

Commentary #1

Now, I’m being explicit about which regulator and which set of CoP, because they vary around Australia. Basically, the background was the model Codes of Practice were developed by Safe Work Australia, which is a national body. But those model Codes of Practice do not apply. Safe Work Australia is not a regulator. Codes of Practice are implemented or enforced by the federal government and by most states and territories. And it says with variations for a reason. Not all states and territories impose all codes of practice. For example, I live in South Australia and if you go and look at the WorkSafe South Australia website or Safe Work – whatever it’s called – you will see that there’s a couple of CoP that for some reason we don’t enforce in South Australia. Why? I do not know. But you do need to think about these things depending on where you’re operating.

It’s also worth saying that WHS is not implemented in every state in Australia. Western Australia currently have plans to implement WHS, but as of 2020 but I don’t believe they’ve done so yet. Hopefully, it’s coming soon. And Victoria, for some unknown reason, have decided they’re just not going to play ball with everybody else. They’ve got no plans to implement WHS that I can find online. They’re still using their old OHS legislation. It’s not a universal picture in Australia, thanks to our rather silly version of government that we have here in Australia – forget I said that. So, if it’s a Commonwealth workplace and we apply the federal version of WHS and Codes of Practice. Otherwise, we use state or territory versions and you need to see the local regulator’s Web page to find out what is applied where. And the definition of a Commonwealth workplace is in the WHS Act, but also go and have a look at the Comcare website to see who Comcare police. Because there are some nationalised industries that count as a Commonwealth workplace and it can get a bit messy.

So, sometimes you may have to ask for advice from the regulator but go and see what they say. Don’t rely on what consultants say or what you’ve heard on the grapevine. Go and see what the regulator actually says and make sure it’s the right regulator for where you’re operating.

Commentary #2

What’s to come? I’m going to do a session on the Risk Management Code of Practice, and I’m also, associated with that, going to do a session on the guidance on what is reasonably practicable. Now that’s guidance, it’s not a Code of Practice. But again, it’s been published so we need to be aware of it and it’s also very simple and very helpful. I would strongly recommend looking at that guidance if you’re struggling with SFARP for what it means, it’s very good. I’ll be talking about that soon. Also, I’m going to do a session on tolerability of risk, because you remember when I said “CoP aren’t much good for helping you do trade–offs in design” and that kind of thing. They’re really only good for simple stuff and compliance. Well, what you need to understand to deal with the more sophisticated problems is the concept of tolerability of risk. That’ll help us do those things. So, I’m going to do a session on that.

I’m also going to do a session on consultation, cooperation, and coordination, because, as I said before, that’s universally applicable. If we’re doing anything at a workplace, or with stuff that’s going to a workplace, that we need to be aware of what’s in that code. And then I’m also going to do sessions on plant, structures and substances (or hazardous chemicals) because those are the absolute bread and butter of the WHS Act. If you look at the duties of designers, manufacturers, importers, suppliers, and installers, et cetera, you will find requirements on plant, substances and structures all the way through those clauses in the WHS Act. Those three things are key so we’re going to be talking about that.

Now, I mentioned before that there was going to be a Code of Practice on plant design, but it never made it. It’s just guidance. So, we’ll have a look at that if we can as well – Copyright permitting. And then I want to look at electrical risks because I think the electrical risks code is very useful. Both for electrical risks, but it’s also a useful teaching vehicle for designers and manufacturers to understand their obligations, especially if you operate abroad and you want to know, or if you’re importing stuff “Well, how do I know that my kit can be safely used in Australia?” So, if you can’t do the things that the electrical risk CoP requires in the workplace if your piece of kit won’t support that, then it’s going to be difficult for your customers to comply. So, probably there’s a hint there that if you want to sell your stuff successfully, here’s what you need to be aware of. And then that applies not just to electrical, I think it’s a good vehicle for understanding how CoP can help us with our upstream obligations, even though CoP applies to a workplace. That session will really be about the imaginative use of Code of Practice in order to help designers and manufacturers, etc.

And then I want to also talk about noise Code of Practice, because noise brings in the concept of exposure standards. Now, generally, Codes of Practice don’t quote many standards. They’re certainly not mandatory, but noise is one of those areas where you have to have standards to say, “this is how we’re going to measure the noise”. This is the exposure standard. So, you’re not allowed to expose people to more than this. That brings in some very important concepts about health monitoring and exposure to certain things. Again, it’ll be useful if you’re managing noise but I think that session will be useful to anybody who wants to understand how exposure standards work and the requirements for monitoring exposure of workers to certain things. Not just noise, but chemicals as well. We will be covering a lot of that in the session(s) on HAZCHEM.

Copyright & Attribution

I just want to mention that everything in quotes/in italics is downloaded from the Federal Register of Legislation, and I’ve gone to the federal legislation because I’m allowed to reproduce it under the license, under which it’s published. So, the middle paragraph there – I’m required to point that out that I sourced it from the Federal Register of legislation, the website on that date. And for the latest information, you should always go to the website to double–check that the version that you’re looking at is still in force and is still relevant. And then for more information on the terms of the license, you can go and see my page at the www.SafetyArtisan.com because I go through everything that’s required and you can check for yourself in detail.

For More…

Also, on the website, there’s a lot more lessons and resources, some of them free, some of them you have to pay to access, but they’re all there at www.safetyartisan.com. Also, there’s the Safety Artisan page at www.patreon.com/SafetyArtisan where you will see the paid videos. And also, I’ve got a channel on YouTube where the free videos are all there. So, please go to the Safety Artisan channel on YouTube and subscribe and you will automatically get a notification when a new free video pops up.

End

And that brings me to the end of the presentation, so thanks very much for listening. I’m just going to stop sharing that now. It just remains for me to say thank you very much for tuning in and I look forward to sharing some more useful information on Codes of Practice with you in the next session in about a month’s time. Cheers now, everybody. Goodbye.

There’s more!

You can find the Model WHS Codes of Practice here. Back to the Topics Page.

Categories
Start Here Work Health and Safety

Lessons Learned from a Fatal Accident

Lessons Learned: in this 30-minute video, we learn lessons from an accident in 2016 that killed four people on the Thunder River Rapids Ride in Queensland. The coroner’s report was issued this year, and we go through the summary of that report. In it we find failings in WHS Duties, Due Diligence, risk management, and failures to eliminate or minimize risks So Far As is Reasonably Practicable (SFARP). We do not ‘name and shame’, rather we focus on where we can find guidance to do better.

In 2016, four people died on the Thunder River Rapids Ride.

Lessons Learned: Key Points

We examine multiple failings in:

  • WHS Duties;
  • WHS Due Diligence;
  • Risk management; and
  • Eliminating or minimizing risks So Far As is Reasonably Practicable (SFARP).

Transcript: Lessons Learned from a Theme Park Tragedy

Click here for the Video Transcript

Introduction

Hello, everyone, and welcome to the Safety Artisan: purveyors of fine safety engineering training videos and other resources. I’m Simon and I’m your host and today we’re going to be doing something slightly different. So, there’re no PowerPoint slides. Instead, I’m going to be reading from a coroner’s report from a well-known accident here in Australia and we’re going to be learning some lessons in the context of WHS workplace health and safety law.

Disclaimer

Now, I’d just like to reassure you before we start that I won’t be mentioning the names of the deceased. I won’t be sharing any images of them. And I’m not even going to mention the firm that owned the theme park because this is not about bashing people when they’re down. It’s about us as a community learning lessons when things go wrong in order to fix the problem, not the blame. So that’s what I’d like to emphasize here.

The Coroner’s Report

So, I’m just turning to the summary of the coroner’s report. Basically, the coroner was examining the deaths of four people back in 2016 on what was called the Thunder River Rapids Ride. Or TRRR or TR3 for short because it’s a bit of a mouthful. This was a water ride, as the name implies, and what went wrong was the water level dropped. Rafts, these circular rafts that went down the rapids, went down the chute, got stuck. Another raft came up behind the stuck raft and went into it. One of the rafts tipped over.

These rafts seat six people in a circular configuration. You may have seen them. They’re in – different versions of this ride are in lots of theme parks.

But out of the six, unfortunately, the only two escaped and four people were killed, tragically. So that’s the background. That happened in October 2016, I think it was. The coroner’s report came out a few months ago, and I’ve been wanting to talk about it for some time because it really does illustrate very well a number of issues where WHS can help us do the right thing.

WHS duties

So, first of all, I’m looking at the first paragraph in the summary, the coroner starts off; the design and construction of the TRRR at the conveyor and unload area posed a significant risk to the health and safety of patrons. Notice that the coroner says the design and construction. Most people think that WHS only applies to workplaces and people managing workplaces, but it does a lot more than that. Sections 22 through 26 of the Act talk about the duties of designers, manufacturers, importers, suppliers and then people who commissioned, install, et cetera.

So, WHS supplies duties on a wide range of businesses and undertakings and designers and constructors are key. Now, it’s worth noting that there was no importer here. The theme park, although the TRRR ride was similar to a ride available commercially elsewhere, for some reason, they chose to design and build their own version in Queensland. Don’t know why. Anyway, that doesn’t really matter now. So, there was no importer, but otherwise, even if you didn’t design and construct the thing, if you imported it, the same duties still apply to you.

No effective risk assessment

So, the coroner then goes on to talk about risks and hazards and says each of these obvious hazards posed a risk to the safety of patrons on the ride and would have been easily identifiable to a competent person had one ever been commissioned to conduct a risk and hazard assessment of the ride. So, what the coroner is saying there is, “No effective risk assessment has been done”. Now, that is clearly contrary to the risk management code of practice under WHS and also, of course, that the definition of SFARP, so far as reasonably practicable, basically is a risk assessment or risk management process. So, if you’ve not done effective risk management, you can’t say that you’ve eliminated or minimized risks SFARP, which is another legal requirement. So, a double whammy there.

Then moving on. “Had noticed been taken of lessons learned from the preceding incidents, which were all of a very similar nature …” and then he goes on. Basically, that’s the back end of a sentence where he says, you didn’t do this, you had incidents on the ride, which are very similar in the past, and you didn’t learn from them. And again, with respect to reducing risks SFARP, Section 18 in the WHS Act, which talks about the definition of reasonably practicable, which is the core of SFARP, talks about what ought to have been known at the time. So, when you’re doing a risk assessment or maybe you’re reassessing risk after a modification and this ride was heavily modified several times or after an incident, you need to take account of the available information. And the owners of TRRR the operators clearly didn’t do that. So, another big failing.

The coroner goes on to note that records available with respect to the modifications to the ride are scant and ad hoc. And again, there’s a section in the WHS risk management code of practice about keeping records. It’s not that onerous. I mean, the COP is pretty simple but they didn’t meet the requirement of the code of practice. So, bad news again.

due diligence

And then finally, I’ve got to the bottom of page one. So, the coroner then notes the maintenance tasks undertaken on the ride whilst done so regularly and diligently by the staff, seemed to have been based upon historical checklists which were rarely reviewed despite the age of the device or changes to the applicable Australian standards.

Now, this is interesting. So, this is contravening a different section of the WHS Act. In Section 27, it talks about the duties of officers and effectively that sort of company directors, senior managers. Officers are supposed to exercise due diligence. In the act, due diligence is fairly simple- It’s six bullet points, but one of them is that the officers have to sort of keep up to date on what’s going on in their operation. They have to provide up to date and effective safety information for their staff. They’re also supposed to keep up with what’s going on in safety regulation that’s applicable to their operation. So, I reckon in that one statement from the coroner then there’s probably three breaches of due diligence there to start with.

risk controls lacking

We’ve reached the bottom of page one- Let’s carry on. The coroner then goes on to talk about risk controls that were or were not present and says, “in accordance with the hierarchy of controls, plant and engineering measures should have been considered as solutions to identified hazards”. So in WHS regulations and it’s repeated in the risk code of practice, there’s a thing called the hierarchy of controls. Basically, it says that some types of risk controls are more effective than others and therefore they come at the top of the list, whereas others are less effective and should be considered last.

So, top of the list is, “Can you eliminate the hazard?” If not, can you substitute the hazardous thing for something else that’s less hazardous- or with something else that is less hazardous, I should say? Can you put in engineering solutions or controls to control hazard? And then finally, at the bottom of my list is admin procedures for people to follow and then personal protective equipment for workers, for example. We’ll talk about this more later, but the top end of the hierarchy had just not been considered or not effectively anyway.

a predictable risk

So, the coroner then goes on to say, “raft’s coming together on the ride was a well-known risk, highlighted by the incident in 2001 and again in 2004”. Now actually it says 2004, I think that might be a typo. Elsewhere, it says 2014, but certainly, there were two significant incidents that were similar to the accident that actually killed four people. And it was acknowledged that various corrective measures could be undertaken to, quote, “adequately control the risk of raft collision”. However, a number of these suggestions were not implemented on the ride.

Now, given that they’ve demonstrated the ability to kill multiple people on the ride with a raft collision, it’s going to be a very, very difficult thing to justify not implementing controls. So, given the seriousness of the potential risk, to say that a control is feasible is practicable, but then to say “We’re not going to do it. It’s not reasonable”. That’s going to be very, very difficult to argue and I would suggest it’s almost a certainty that not all reasonably practicable controls were implemented, which means the risk is not SFARP, which is a legal requirement.

Further on, we come back to document management, which was poor with no formal risk register in place. So, no evidence of a proper risk assessment. Members of the department did not conduct any holistic risk assessments of rides with the general view that another department was responsible. So, the fact that risk assessment wasn’t done- That’s a failing. The fact that senior management didn’t knock heads together and say “This has to be done. Make it happen”- That’s also another failing. That’s a failing of due diligence, I suspect. So, we’ve got a couple more problems there.

high-risk plant

Then, later on, the coroner talks about necessary engineering oversight of high-risk plant not being done. Now, under WHS act definitions, amusement rides are counted as high-risk plant, presumably because of the number of serious accidents that have happened with them over the years. The managers of the TRRR didn’t meet their obligations with respect to high-risk plants. So, there are some things that are optional for common garden stuff is mandatory for high-risk plants and those obligations were not met it seems.

And then in just the next paragraph, we reinforce this due diligence issue. Only a scant amount of knowledge was held by those in management positions, including the general manager of engineering, as to the design modifications and passed notable incidents on the ride. One of the requirements of due diligence is that senior management must have a knowledge of their operations, a knowledge of the hazards and risks associated with the operations. So for the engineering manager to be ignorant about modifications and risks associated with the ride, I think is a clear failure of due diligence.

Still talking about engineering, the coroner notes “it is significant that the general manager had no knowledge of past incidents involving rafts coming together on the ride”. Again, due diligence. If things have happened those need to be investigated and learned from and then you need to apply fresh controls if that’s required. And again, this is a requirement. So, this shows a lack of due diligence. It’s also a requirement in the risk management code of practice to look at things when new knowledge is gained. So, a couple more failures there.

no water-level detection, alarm or emergency stop

Now, it said that the operators of the ride were well aware that when one pump failed, and there were two, the ride was no longer able to operate with the water level dropping dramatically, stranding the rafts on the steel support railings. And of course, that’s how the accident happened.

Regardless, there was no formal means by which to monitor the water level of the ride or audible alarm to advise one of the pumps had ceased to operate. So, a water level monitor? Well, we’re talking potentially about a float, which is a pretty simple thing. There’s one in every cistern, in every toilet in Australia. Maybe the one for the ride would have to be a bit more sophisticated than that- A bit industrial grade but basically the same principle.

And no alarm to advise the operators that this pump had failed, even though it was known that this would have a serious effect on the operation of the ride. So, there’re multiple problems here. I suspect you’ll be able to find regulations that require these things. Certainly, if you looked at the code of practice on plant design because this counts as industrial plants, it’s a high-risk plant, so you would expect very high standards of engineering controls on high-risk plants and these were missing. More on that later.

In a similar vein, the coroner says “a basic automated detection system for the water level would have been inexpensive and may have prevented the incident from occurring”. So basically, the coroner is saying this control mechanism would have been cheap so it’s certainly reasonably practicable. If you’ve got a cheap control that will prevent a serious injury or a death, then how on earth are you going to argue that it’s not reasonable to implement it? The onus is on us to implement all reasonably practical controls.

And then similarly, the lack of a single emergency stop on the ride, which was capable of initiating a complete shutdown of all the mechanisms, was also inadequate. And that’s another requirement from the code of practice on plant design, which refers back to WHS regulations. So, another breach there.

human factors

We then move on to a section where it talks about operators, operators’ account of the incident, and other human factors. I’m probably going to ask my friend Peter Bender, who is a Human Factors specialist, to come and do a session on this and look at this in some more detail, because there are rich pickings in this section and I’m just going to skim the surface here because we haven’t got time to do more. And the coroner says “it’s clear that these 38 signals and checks to be undertaken by the ride operators were excessive, particularly given that the failure to carry out anyone could potentially be a factor which would contribute to a serious incident”. So clearly, 38 signals and checks distributed between two ride operators, because there was no one operator in control of the whole ride- that’s a human factors nightmare for a start- but clearly, the work designed for the ride was poor. There is good guidance available from Safe Work Australia on good work design so there’s really no excuse for this kind of lapse.

And then the coroner goes on to say, reinforcing this point about the ride couldn’t be safely controlled by a human operator. The lack of engineering controls on a ride of this nature is unjustifiable. Again, reinforcing the point that risk was not SFARP because not all reasonably practicable controls had been implemented. Particularly controls at the higher end of the hierarchy of controls. So, a serious failing there.  

(Now, I’ve got something that I’m going to skip, actually, but – It’s a heck of a comment, but it’s not actually relevant to WHS.)

training and competence

We’re moving on to training and competence. Those responsible for managing the ride whilst following the process and procedure in place – and I’m glad to see you from a human practice point of view that the coroner is not just trying to blame the last person that touched it. He’s making a point of saying the operators did all the right stuff. Nevertheless, they were largely not qualified to perform the work for which they were charged.

The process and procedures that they were following seemed to have been created by unknown persons. Because of the poor record-keeping, presumably who it is safe to assume lacked the necessary expertise. And I think the coroner is making a reasonable assumption there, given the multiple failings that we’ve seen are in risk management, in due diligence, in record-keeping, in the knowledge of key people, et cetera, et cetera.

It seems that the practice at the park was simply to accept what had always been done in terms of policy and procedure. And despite changes to safety standards and practices happening over time, because this is an old ride, only limited and largely reactionary consideration was ever given to making changes, including training, providing to staff. So, reactionary -bad word. We’re supposed to predict risk and prevent harm happening. So, multiple failures on due diligence here and on staff training, providing adequate staff training, providing adequate procedures, et cetera.

The coroner goes on to say, “regardless of the training provided at the park, it would never have been sufficient to overcome the poor design of the ride. The lack of automation and engineering controls”. So, again, the hierarchy of controls was not applied, relatively cheap, engineering controls not used, placing an undue burden on the operator. Sadly, this is all too common and in many applications. This is one of the reasons they are not naming the ride operators or trying to shame them because I’ve seen this happen in so many different places. It wouldn’t be fair to single these people out.

‘incident free’ operations?

Now we have a curious, a curious little statement in paragraph 1040. The coroner says “submissions are made that there was a 30-year history of incident-free operation of the ride”. So, what it looks like is that the ride operators, management, trying to tell the coroner that they never had an incident on the ride in 30 years, which sounds pretty impressive, doesn’t it, at face value. But of course, the coroner already knew or discovered later on that there had been incidents on the ride. In fact, there have been two incidents that were very similar to the fatal accident.

Now, on the surface, this looks bad, doesn’t it? It looks like the ride management were trying to mislead the coroner. I don’t actually think that’s the case because I’ve seen that many organizations do poor incident reporting, poor incident recording, and poor learning from experience from incidents that it doesn’t surprise me that the senior management were not aware of incidents on their ride. Unfortunately, it’s partly human nature. Nobody likes to dwell on their failures or think about nasty things happening, and nobody likes to go to the boss saying we need to shut down a moneymaking ride. Don’t forget, this was a very popular ride. We need to shut down a moneymaking ride in order to spend more money-making modifications to make it safer. And then management turns around and say, “Well, nobody’s been hurt. So, what’s the problem?”

And again, I’ve seen this attitude again and again, even on people operating much more sophisticated and much more dangerous equipment than this. So, whilst this really does look bad- the optics are not good, as they like to say. I don’t think there’s actually a conspiracy going on here. I think it’s just stupid mistakes because it’s so common. Moving on.

standards

Now the coroner goes on to talk about standards not being followed, particularly when standards get updated over time. Bearing in mind this ride was 30 years old. The coroner states “it is essential that any difference in these standards are recognized and steps taken to ensure any shortfalls with a device manufactured internationally is managed”. Now, this is a little bit of an aside, because as I’ve mentioned before, the TRRR was actually designed and manufactured in Australia. Albeit not to any standards that we would recognize these days. But most rides were not and this highlights duties of importers. So, if you import something from abroad, you need to make sure that it complies with Australian requirements. That’s a requirement, that’s a duty under WHS law. We’ll come back to this in just a moment.

(We’ll skip that [comment] because we’ve done training and competency to death.)

the role of the regulator

So, following on about the international standards, the coroner also has a crack at the Queensland regulator, who I won’t name, and says “the regulator draws my attention to the difficulties arising when we’re requiring all amusement devices to comply with Australian standards. This difficulty is brought about by the fact that most amusement devices are designed and manufactured overseas, predominantly based on European standards”. Now, in the rest of the report, the coroner has a good old crack at the regulator. (If you’re Irish, a crack means a bit of fun. I’m not talking about a bit of fun.)

The coroner sticks the boot into the regulator for being pretty useless. And sadly, that’s no surprise in Australia. So basically, the regulator said, “Oh, it’s all too difficult!” And you think, “Well, it’s your job, actually, so why haven’t you done it properly?”

But being a little bit more practical, if you work in an industry where a lot of stuff is imported and let’s face it, that’s pretty common in Australia, you’ve got two choices. You can either try and change Australian standards so that they align better to the standards of the kit where you’re getting the stuff from in your industry, or maybe the regulators say could say, “Okay, this is a common problem across the industry. We will provide some guidance that tells you how to make that transition from the international standards to Australian standards and what we as the regulator consider acceptable and not acceptable”. And then that really helps the industry to do the right thing and to be consistent in terms of operation and enforcement.

So, the regulator is letting the people who they regulate know this is the standard that is required of you, this is what you have to do. And that’s really the job of a good regulator. So, the fact that the regulator in this particular case just hadn’t bothered to do so over a period of some decades, it would seem, doesn’t really say a lot for the professionalism of the regulator. And I’m not surprised that the coroners decided to have a go at them.

Summary

So, we’ve been through just over 20 comments, I think. I mean, I actually had 24/25 in total, but I skipped a few because they were a bit repetitive and it’s interesting to note that there were two major comments on failure to conduct designer duties and that kind of thing. Seven on risk management, four on SFARP, although of course, all the risk management ones also affects SFARP, and five on due diligence. So, there’re almost 20 significant breaches there and I wasn’t even really trying to pick up everything the coroner said. And bearing in mind, I was only reading from the summary. I didn’t bother reading the whole report because it’s pages and pages and pages.

And the lesson that we can draw from all of this friends, is not to bash the people who make mistakes, but to learn lessons for ourselves. How could we do better? And I think the lesson is everything that we need to do has been clearly set out in the WHS Act, in the WHS regulations. Then there’re codes of practice that give us guidance in particular areas and our general responsibilities and these codes of practice also guide us on to what could should be considered, SFARP, for certain hazards and risks. Then there’s also some fantastic guidance, documentation and information available from Safe Work Australia. On, for example, human factors and good work design and so on and so forth.

So, there’s lots of really good, really readable information out there and it’s all free. It’s all available on that wonderful thing we call the Internet. So, there really is no excuse for making basic mistakes like this and killing people. It’s not that difficult. And a lot of the safety requirements are not that onerous. You don’t have to be a rocket scientist to read them and understand them. A lot of the requirements are basic, structured, common sense. So, the lesson from this awful accident is it doesn’t have to be this way. We can do much better than that quite easily and if we don’t and something goes wrong, then the law will be after us.

looking ahead

It will be interesting to see – I believe that the WorkSafe Queensland are now investigating to see whether they’re going to bring any prosecutions. It should be said that the police investigated and didn’t bring any prosecutions against individuals. I don’t know if Queensland has a corporate manslaughter act. I wouldn’t think so based on the fact that they’ve not prosecuted anybody, but you don’t need to find an individual guilty of gross negligence, manslaughter for four WHS to take effect. So, I suspect that in due course, we will see the operators of the theme park probably cop a significant fine and maybe some of their directors and senior managers will be going to jail. That’s how serious these and how numerous these breaches are. You really don’t need to dig very deep to see what’s gone wrong and to see the legal obligations have not been met.

Since this video was recorded the TRRR owners have been charged with three offences under WHS law. They pleaded guilty and were fined $4.5M.

End of Lessons Learned

Back to the ‘Work Health & Safety‘ and ‘Start Here‘ Topics Pages.

Categories
Start Here System Safety

Safety Concepts Part 2

In this 33-minute session, Safety Concepts Part 2, The Safety Artisan equips you with more Safety Concepts. We look at the basic concepts of safety, risk, and hazard in order to understand how to assess and manage them. Exploring these fundamental topics provides the foundations for all other safety topics, but it doesn’t have to be complex. The basics are simple, but they need to be thoroughly understood and practiced consistently to achieve success. This video explains the issues and discusses how to achieve that success.

This is the three-minute demo of the full (33 minute) Safety Concepts, Part 2 video.

Safety Concepts Part 2: Topics

  • Risk & Harm;
  • Accident & Accident Sequence;
  • (Cause), Hazard, Consequence & Mitigation;
  • Requirements / Essence of System Safety;
  • Hazard Identification & Analysis;
  • Risk Reduction / Estimation;
  • Risk Evaluation & Acceptance;
  • Risk Management & Safety Management; and
  • Safety Case & Report.

Safety Concepts Part 2: Transcript

Click Here for the Transcript

Hi everyone, and welcome to the safety artisan where you will find professional, pragmatic, and impartial advice on safety. I’m Simon, and welcome to the show today, which is recorded on the 23rd of September 2019. Today we’re going to talk about system safety concepts. A couple of days ago I recorded a short presentation (Part 1) on this, which is also on YouTube.  Today we are going to talk about the same concepts but in much more depth.

In the short session, we took some time picking apart the definition of ‘safe’. I’m not going to duplicate that here, so please feel free to go have a look. We said that to demonstrate that something was safe, we had to show that risk had been reduced to a level that is acceptable in whatever jurisdiction we’re working in.

And in this definition, there are a couple of tests that are appropriate that the U.K., but perhaps not elsewhere. We also must meet safety requirements. And we must define Scope and bound the system that we’re talking about a Physical system or an intangible system like a computer program. We must define what we’re doing with it what it’s being used for. And within which operating environment within which context is being used.  And if we could do all those things, then we can objectively say – or claim – that the system is safe.

Topics

We’re going to talk about a lot more Topics. We’re going to talk about risk accidents. The cause has a consequence sequence. They talk about requirements and. Spoiler alert. What I consider to be the essence of system safety. And then we’ll get into talking about the process. Of demonstrating safety, hazard identification, and analysis.

Risk Reduction and estimation. Risk Evaluation. And acceptance. And then pulling it all together. Risk management safety management. And finally, reporting, making an argument that the system is safe supporting with evidence. And summarizing all of that in a written report. This is what we do, albeit in different ways and calling it different things.

Risk

Onto the first topic. Risk and harm.  Our concept of risk. It’s a combination of the likelihood and severity of harm. Generally, we’re talking about harm. To people. Death. Injury. Damage to help. Now we might also choose to consider any damage to property in the environment. That’s all good. But I’m going to concentrate on. Harm. To people. Because. Usually. That’s what we’re required to do. By the law. And there are other laws covering the environment and property sometimes. That. We’re not going to talk.  just to illustrate this point. This risk is a combination of Severity and likelihood.

We’ve got a very crude. Risk table here. With a likelihood along the top. And severity. Downside. And we might. See that by looking at the table if we have a high likelihood and high severity. Well, that’s a high risk. Whereas if we have Low Likelihood and low severity. We might say that’s a low risk. And then. In between, a combination of high and low we might say that’s medium. Now, this is a very crude and simple example. Deliberately.

You will see risk matrices like this. In. Loads of different standards. And you may be required to define your own for a specific system, there are lots of variations on this but they’re all basically. Doing this thing and we’re illustrating. How we determine the level of risk. By that combination of severity. And likely, I think a picture is worth a thousand words. Moving online to the accident. We’re talking about (in this standard) an unintended event that causes harm.

Accidents, Sequences and Consequences

Not all jurisdictions just consider accidental event some consider deliberate as well. We’ll leave that out. A good example of that is work health and safety in Australia but no doubt we’ll get to that in another video sometime. And the accident sequences the progression of events. That results in an accident that leads to an. Now we’re going to illustrate the accident sequence in a moment but before we get there. We need to think about cousins.  here we’ve got a hazard physical situation of state system. Often following some initiating event that may lead to an accident, a thing that may cause harm.

And then allied with that we have the idea of consequences. Of outcomes or an outcome. Resulting from. An. Event. Now that all sounds a bit woolly doesn’t it, let’s illustrate that. Hopefully, this will make it a lot clearer. Now. I’ve got a sequence here. We have. Causes. That might lead to a hazard. And the hazard might lead to different consequences. And that’s the accident. See. Now in this standard, they didn’t explicitly define causes.

Cause, Hazard and Consequence

They’re just called events. But most mostly we will deal with causes and consequences in system safety. And it’s probably just easier to implement it. Whether or not you choose to explicitly address every cause. That’s often option step. But this is the accident Sequence that we’re looking at. And they this sort of funnels are meant to illustrate the fact that they may be many causes for one hazard. And one has it may lead to many consequences on some of those consequences. Maybe. No harm at all.

We may not actually have an accident. We may get away with it. We may have a. Hazard. And. Know no harm may befall a human. And if we take all of this together that’s the accident sequence. Now it’s worth. Reiterating. That just because a hazard exists it does not necessarily need. Lead to harm. But. To get to harm. We must have a hazard; a hazard is both necessary and sufficient. To lead to harmful consequences. OK.

Hazards: an Example

And you can think of a hazard as an accident waiting to happen. You can think of it in lots of different ways, let’s think about an example, the hazard might be. Somebody slips. Okay well while walking and all. That slip might be caused by many things it might be a wet surface. Let’s say it’s been raining, and the pavement is slippery, or it might be icy. It might be a spillage of oil on a surface, or you’d imagine something slippery like ball bearings on a surface.

So, there’s something that’s caused the surface to become slippery. A person slips – that’s the hazard. Now the person may catch themselves; they may not fall over. They may suffer no injury at all. Or they might fall and suffer a slight injury; and, very occasionally, they might suffer a severe injury. It depends on many different factors. You can imagine if you slipped while going downstairs, you’re much more likely to be injured.

And younger, healthy, fit people are more likely to get over a fall without being injured, whereas if they’re very elderly and frail, a fall can quite often result in a broken bone. If an elderly person breaks a bone in a fall the chances of them dying within the next 12 months are quite high. They’re about one in three.

So, the level of risk is sensitive to a lot of different factors. To get an accurate picture, an accurate estimate of risk, we’re going to need to factor in all those things. But before we get to that, we’ve already said that hazard need not lead to harm. In this standard, we call it an incident, where a hazard has occurred; it could have progressed to an accident but didn’t, we call this an incident. A near miss.

We got away with it. We were lucky. Whatever you want to call it. We’ve had an incident but no he’s been hurt. Hopefully, that incident is being reported, which will help us to prevent an actual accident in future.  That’s another very useful concept that reminds us that not all hazards result in harm. Sometimes there will be no accident. There will be no harm simply because we were lucky, or because someone present took some action to prevent harm to themselves or others.

Mitigation Strategies (Controls)

But we would really like to deliberately design out or avoid Hazards if we can. What we need is a mitigation strategy, we need a measure or measures that, when we put them into practice, reduce that risk. Normally, we call these things controls. Again, now we’ve illustrated this; we’ve added to the funnels. We’ve added some mitigation strategies and they are the dark blue dashed lines.

And they are meant to represent Barriers that prevent the accident sequence progressing towards harm. And they have dashed lines because very few controls are perfect, you know everything’s got holes in it. And we might have several of them. But usually, no control will cover all possible causes; and very few controls will deal with all possible consequences.  That’s what those barriers are meant to illustrate.

That idea that picture will be very useful to us later. When we are thinking about how we’re going to estimate and evaluate risk overall and what risk reduction we have achieved. And how we talk about justifying what we’ve done is good. That’s a very powerful illustration. Well, let’s move on to safety requirements.

Safety Requirements

Now. I guess it’s no great surprise to say that requirements, once met, can contribute directly to the safety of the system. Maybe we’ve got a safety requirement that says all cars will be fitted with seatbelts. Let’s say we’ll be required to wear a seatbelt.  That makes the system safer.

Or the requirement might be saying we need to provide evidence of the safety of the system. And, the requirement might refer to a process that we’ve got to go through or a set kind of evidence that we’ve got to provide. Safety requirements can cover either or both of these.

The Essence of System Safety

Requirements. Covering. Safety of the system or demonstrating that the system is safe. Should give us assurance, which is adequate confidence or justified confidence. Supported with evidence by following a process. And we’ll talk more about process. We meet safety requirements. We get assurance that we’ve done the right thing. And this really brings us to the essence of what system safety is, we’ve got all these requirements – everything is a requirement really – including the requirement. To demonstrate risk reduction.

And those requirements may apply to the system itself, the product. Or they may provide, or they may apply to the process that generates the evidence or the evidence. Putting all those things together in an organized and orderly way really is the essence of system safety, this is where we are addressing safety in a systematic way, in an orderly way. In an organized way. (Those words will keep coming back). That’s the essence of system safety, as opposed to the day-to-day task of keeping a workplace safe.

Maybe by mopping up spills and providing handrails, so people don’t slip over. Things like that. We’re talking about a more sophisticated level of safety. Because we have a more complex problem a more challenging problem to deal with. That’s system safety. We will start on the process now, and we begin with hazard identification and analysis; first, we need to identify and list the hazards, the Hazards and the accidents associated with the system.

We’ve got a system, physical or not. What could go wrong? We need to think about all the possibilities. And then having identified some hazards we need to start doing some analysis, we follow a process. That helps us to delve into the detail of those hazards and accidents. And to define and understand the accident sequences that could result. In fact, in doing the analysis we will very often identify some more hazards that we hadn’t thought of before, it’s not a straight-through process it tends to be an iterative process.

Risk Reduction

And what ultimately what we’re trying to do is reduce risk, we want a systematic process, which is what we’re describing now. A systematic process of reducing risk. And at some point, we must estimate the risk that we’re left with. Before and after all these controls, these mitigations, are applied. That’s risk estimation.  Again, there’s that systematic word, we’re going to use all the available information to estimate the level of risk that we’ve got left. Recalling that risk is a combination of severity and likelihood.

Now as we get towards the end of the process, we need to evaluate risk against set criteria. And those criteria vary depending on which country you’re operating in or which industry we’re in: what regulations apply and what good practice is relevant. All those things can be a factor. Now, in this case, this is a U.K. standard, so we’ve got two tests for evaluating risk. It’s a systematic determination using all the available evidence. And it should be an objective evaluation as far as we can make it.

Risk Evaluation

We should use certain criteria on whether a risk can be accepted or not. And in the U.K. there are two tests for this. As we’ve said before, there is ALARP, the ‘As Low As is Reasonably Practicable’ test, which says: Have we put into practice all reasonably practicable controls? (To reduce risk, this is risk reduction target). And then there’s an absolute level of risk to consider as well. Because even if we’ve taken all practical measures, the risk remaining might still be so high as to be unacceptable to the law.

Now that test is specific to the U.K, so we don’t have to worry too much about it. The point is there are objective criteria, which we must test ourselves or measure ourselves against. An evaluation that will pop out the decision, as to whether a further risk reduction is necessary if the risk level is still too high. We might conclude that are still reasonably practicable measures that we could take. Then we’ve got to do it.

We have an objective decision-making process to say: have we done enough to reduce risk? And if not, we need to do some more until we get to the point where we can apply the test again and say yes, we’ve done enough. Right, that’s rather a long-winded way of explaining that. I apologize, but it is a key issue and it does trip up a lot of people.

Risk Acceptance

Now, once we’ve concluded that we’ve done enough to reduce risk and no further risk reduction is necessary, somebody should be in a position to accept that risk.  Again, it’s a systematic process, by which relevant stakeholders agree that risks may be accepted. In other words, somebody with the right authority has said yes, we’re going to go ahead with the system and put it into practice, implement it. The resulting risks to people are acceptable, providing we apply the controls.

And we accept that responsibility.  Those people who are signing off on those risks are exposing themselves and/or other people to risk. Usually, they are employees, but sometimes members of the public as well, or customers. If you’re going to put customers in an airliner you’re saying yes there is a level of risk to passengers, but that the regulator, or whoever, has deemed [the risk] to be acceptable. It’s a formal process to get those risks accepted and say yes, we can proceed. But again, that varies greatly between different countries, between different industries. Depending on what regulations and laws and practices apply. (We’ll talk about different applications in another section.)

Risk Management

Now putting all this together we call this risk management.  Again, that wonderful systematic word: a systematic application of policies, procedures and practices to these tasks. We have hazard identification, analysis, risk estimation, risk evaluation, risk reduction & risk acceptance. It’s helpful to demonstrate that we’ve got a process here, where we go through these things in order. Now, this is a simplified picture because it kind of implies that you just go through the process once.

With a complex system, you go through the process at least once. We may identify further hazards, when we get into Hazard Analysis and estimating risk. In the process of trying to do those things, even as late as applying controls and getting to risk acceptance. We may discover that we need to do additional work. We may try and apply controls and discover the controls that we thought were going to be effective are not effective.

Our evaluation of the level of risk and its acceptability is wrong because it was based on the premise that controls would be effective, and we’ve discovered that they’re not, so we must go back and redo some work. Maybe as we go through, we even discover Hazards that we hadn’t anticipated before. This can and does happen, it’s not necessarily a straight-through process. We can iterate through this process. Perhaps several times, while we are moving forward.

Safety Management

OK, Safety Management. We’ve gone to a higher level really than risk because we’re thinking about requirements as well as risk. We’re going to apply organization, we’re going to applying management principles to achieve safety with high confidence. For the first time we’ve introduced this idea of confidence in what we’re doing. Well, I say the first time, this is insurance isn’t it? Assurance, having justified confidence or appropriate confidence, because we’ve got the evidence. And that might be product evidence too we might have tested the product to show that it’s safe.

We might have analysed it. We might have said well we’ve shown that we follow the process that gives us confidence that our evidence is good. And we’ve done all the right things and identified all the risks.  That’s safety management. We need to put that in a safety management system, we’ve got a defined organization structure, we have defined processes, procedures and methods. That gives us direction and control of all the activities that we need to put together in a combination. To effectively meet safety requirements and safety policy.

And our safety tests, whatever they might be. More and more now we’re thinking about top-level organization and planning to achieve the outcomes we need. With a complex system, with a complex operating environment and a complex application.

Safety Planning

Now I’ll just mention planning. Okay, we need a safety management plan that defines the strategy: how we’re going to get there, how are we going to address safety. We need to document that safety management system for a specific project. Planning is very important for effective safety. Safety is very vulnerable to poor planning. If a project is badly planned or not planned at all, it becomes very difficult to Do safety effectively, because we are dependent on the process, on following a rigorous process to give us confidence that all results are correct.  If you’ve got a project that is a bit haphazard, that’s not going to help you achieve the objectives.

Planning is important. Now the bit of that safety plan that deals with timescales, milestones and other date-related information. We might refer to as a safety program. Now being a UK Definition, British English has two spellings of program. The double-m-e version of programme. Applies to that time-based progression, or milestone-based progression.

Whereas in the US and in Australia, for example, we don’t have those two words we just have the one word, ‘program’. Which Covers everything: computer programs, a programme of work that might have nothing to do with or might not be determined by timescales or milestones. Or one that is. But the point is that certain things may have to happen at certain points in time or before certain milestones. We may need to demonstrate safety before we are allowed to proceed to tests and trials or before we are allowed to put our system into service.

Demonstrating Safety

We’ve got to demonstrate that Safety has been achieved before we expose people to risk.  That’s very simple. Now, finally, we’re almost at the end. Now we need to provide a demonstration – maybe to a regulator, maybe to customers – that we have achieved safety.  This standard uses the concept of a safety case. The safety case is basically, imagine a portfolio full of evidence.  We’ve got a structured argument to put it all together. We’ve got a body of the evidence that supports the argument.

It provides a Compelling, Comprehensible (or understandable) and valid case that a system is safe. For a given application or use, in a given Operating environment.  Really, that definition of what a safety case is harks back to that meaning of safety.  We’ve got something that really hits the nail on the head. And we might put all of that together and summarise it in a safety case report. That summarises those arguments and evidence, and documents progress against the Safe program.

Remember I said our planning was important. We started off saying that we need to do this, that the other in order to achieve safety. Hopefully, in the end, in the safety report we’ll be able to state that we’ve done exactly that. We did do all those things. We did follow the process rigorously. We’ve got good results. We’ve got a robust safety argument. With evidence to support it. At the end, it’s all written up in a report.

Documenting Safety

Now that isn’t always going to be called a safety case report; it might be called a safety assessment report or a design justification report. There are lots of names for these things. But they all tend to do the same kind of thing, where they pull together the argument as to why the system is safe. The evidence to support the argument, document progress against a plan or some set of process requirements from a standard or a regulator or just good practice in an industry to say: Yes, we’ve done what we were expected to do.

The result is usually that’s what justifies [the system] getting past that milestone. Where the system is going into service and can be used. People can be exposed to those risks, but safely and under control.

Everyone’s a winner, as they say!

Copyright – Creative Commons Licence

Okay. I’ve used a lot of information from a UK government website. I’ve done that in accordance with the terms of its creative commons license, and you can see more about that here. We have we complied with that, as we are required to, and to say to you that the information we’ve supplied is under the terms of this license.

Safety Concepts Part 2: More Resources

And for more resources and for more lessons on system safety. And other safe topics. I invite you to visit the safety artisan.com website  Thanks very much for watching. I hope you found that useful.

We’ve covered a lot of information there, but hopefully in a structured way. We’ve repeated the key concepts and you can see that in that standard. The key concepts are consistently defined, and they reinforce each other. In order to get that systematic, disciplined approach to safety, that’s we need.

Anyway, that’s enough from me. I hope you enjoyed watching and found that useful. I look forward to talking to you again soon. Please send me some feedback about what you thought about this video and also what you would like to see covered in the future.

Thank you for visiting The Safety Artisan. I look forward to talking to you again soon. Goodbye.

Safety Concepts Part 1 defines the meaning of ‘Safe’, and it is free. Return to the Start Here Page.

Categories
Start Here System Safety

System Safety Principles

In this 45-minute video, I discuss System Safety Principles, as set out by the US Federal Aviation Authority in their System Safety Handbook. Although this was published in 2000, the principles still hold good (mostly) and are worth discussing. I comment on those topics where modern practice has moved on, and those jurisdictions where the US approach does not sit well.

This is the ten-minute preview of the full, 45-minute video.

System Safety Principles: Topics

  • Foundational statement
  • Planning
  • Management Authority
  • Safety Precedence
  • Safety Requirements
  • System Analyses Assumptions & Criteria
  • Emphasis & Results
  • MA Responsibilities
  • Software hazard analysis
  • An Effective System Safety Program

System Safety Principles: Transcript

Click Here for Transcript

Hi everyone, and welcome to the safety artisan where you will find professional pragmatic, and impartial advice on all thing’s safety. I’m Simon and welcome to the show today, which is recorded on the 23rd of September 2019. Today we’re going to talk about System safety concepts. A couple of days ago I recorded a short presentation on this, which is on the Patreon website and is also on YouTube.  Today we are going to talk about the same concepts but in much more depth.

Hence, this video is only available on the ‘Safety Artisan’ Patreon page. In the short session, we took some time picking apart the definition of ‘safe’. I’m not going to duplicate that here, so please feel free to go have a look. We said that to demonstrate that something was safe, we had to show that risk had been reduced to a level that is acceptable in whatever jurisdiction we’re working in.

And in this definition, there are a couple of tests that are appropriate that the U.K., but perhaps not elsewhere. We also must meet safety requirements. And we must define Scope and bound the system that we’re talking about a Physical system or an intangible system like a. A computer program or something. We must define what we’re doing with it what it’s being used for. And within which operating environment within which context is being used.  And if we could do all those things, then we can objectively say or claim that this system is safe. OK.  that’s very briefly that.

Topics

What we’re going to talk about a lot more Topics. We’re going to talk about risk accidents. The cause has a consequence sequence. They talk about requirements and. Spoiler alert. What I consider to be the essence of system safety. And then we’ll get into talking about the process. Of demonstrating safety, hazard identification, and analysis.

Risk Reduction and estimation. Risk Evaluation. And acceptance. And then pulling it all together. Risk management safety management. And finally, reporting, making an argument that the system is safe supporting with evidence. And summarizing all of that in a written report. This is what we do, albeit in different ways and calling it different things.

Risk

Onto the first topic. Risk and harm.  Our concept of risk. It’s a combination of the likelihood and severity of harm. Generally, we’re talking about harm. To people. Death. Injury. Damage to help. Now we might also choose to consider any damage to property in the environment. That’s all good. But I’m going to concentrate on. Harm. To people. Because. Usually. That’s what we’re required to do. By the law. And there are other laws covering the environment and property sometimes. That. We’re not going to talk.  just to illustrate this point. This risk is a combination of Severity and likelihood.

We’ve got a very crude. Risk table here. With a likelihood along the top. And severity. Downside. And we might. See that by looking at the table if we have a high likelihood and high severity. Well, that’s a high risk. Whereas if we have Low Likelihood and low severity. We might say that’s a low risk. And then. In between, a combination of high and low we might say that’s medium. Now, this is a very crude and simple example. Deliberately.

You will see risk matrices like this. In. Loads of different standards. And you may be required to define your own for a specific system, there are lots of variations on this but they’re all basically. Doing this thing and we’re illustrating. How we determine the level of risk. By that combination of severity. And likely, I think a picture is worth a thousand words. Moving online to the accident. We’re talking about (in this standard) an unintended event that causes harm.

Accidents, Sequences and Consequences

Not all jurisdictions just consider accidental event some consider deliberate as well. We’ll leave that out. A good example of that is work health and safety in Australia but no doubt we’ll get to that in another video sometime. And the accident sequences the progression of events. That results in an accident that leads to an. Now we’re going to illustrate the accident sequence in a moment but before we get there. We need to think about cousins.  here we’ve got a hazard physical situation of state system. Often following some initiating event that may lead to an accident, a thing that may cause harm.

And then allied with that we have the idea of consequences. Of outcomes or an outcome. Resulting from. An. Event. Now that all sounds a bit woolly doesn’t it, let’s illustrate that. Hopefully, this will make it a lot clearer. Now. I’ve got a sequence here. We have. Causes. That might lead to a hazard. And the hazard might lead to different consequences. And that’s the accident. See. Now in this standard, they didn’t explicitly define causes.

Cause, Hazard and Consequence

They’re just called events. But most mostly we will deal with causes and consequences in system safety. And it’s probably just easier to implement it. Whether or not you choose to explicitly address every cause. That’s often option step. But this is the accident Sequence that we’re looking at. And they this sort of funnels are meant to illustrate the fact that they may be many causes for one hazard. And one has it may lead to many consequences on some of those consequences. Maybe. No harm at all.

We may not actually have an accident. We may get away with it. We may have a. Hazard. And. Know no harm may befall a human. And if we take all of this together that’s the accident sequence. Now it’s worth. Reiterating. That just because a hazard exists it does not necessarily need. Lead to harm. But. To get to harm. We must have a hazard; a hazard is both necessary and sufficient. To lead to harmful consequences. OK.

Hazards: an Example

And you can think of a hazard as an accident waiting to happen. You can think of it in lots of different ways, let’s think about an example, the hazard might be. Somebody slips. Okay well while walking and all. That slip might be caused by many things it might be a wet surface. Let’s say it’s been raining, and the pavement is slippery, or it might be icy. It might be a spillage of oil on a surface, or you’d imagine something slippery like ball bearings on a surface.

So, there’s something that’s caused the surface to become slippery. A person slips – that’s the hazard. Now the person may catch themselves; they may not fall over. They may suffer no injury at all. Or they might fall and suffer a slight injury; and, very occasionally, they might suffer a severe injury. It depends on many different factors. You can imagine if you slipped while going downstairs, you’re much more likely to be injured.

And younger, healthy, fit people are more likely to get over a fall without being injured, whereas if they’re very elderly and frail, a fall can quite often result in a broken bone. If an elderly person breaks a bone in a fall the chances of them dying within the next 12 months are quite high. They’re about one in three.

So, the level of risk is sensitive to a lot of different factors. To get an accurate picture, an accurate estimate of risk, we’re going to need to factor in all those things. But before we get to that, we’ve already said that hazard need not lead to harm. In this standard, we call it an incident, where a hazard has occurred; it could have progressed to an accident but didn’t, we call this an incident. A near miss.

We got away with it. We were lucky. Whatever you want to call it. We’ve had an incident but no he’s been hurt. Hopefully, that incident is being reported, which will help us to prevent an actual accident in future.  That’s another very useful concept that reminds us that not all hazards result in harm. Sometimes there will be no accident. There will be no harm simply because we were lucky, or because someone present took some action to prevent harm to themselves or others.

Mitigation Strategies (Controls)

But we would really like to deliberately design out or avoid Hazards if we can. What we need is a mitigation strategy, we need a measure or measures that, when we put them into practice, reduce that risk. Normally, we call these things controls. Again, now we’ve illustrated this; we’ve added to the funnels. We’ve added some mitigation strategies and they are the dark blue dashed lines.

And they are meant to represent Barriers that prevent the accident sequence progressing towards harm. And they have dashed lines because very few controls are perfect, you know everything’s got holes in it. And we might have several of them. But usually, no control will cover all possible causes; and very few controls will deal with all possible consequences.  That’s what those barriers are meant to illustrate.

That idea that picture will be very useful to us later. When we are thinking about how we’re going to estimate and evaluate risk overall and what risk reduction we have achieved. And how we talk about justifying what we’ve done is good. That’s a very powerful illustration. Well, let’s move on to safety requirements.

Safety Requirements

Now. I guess it’s no great surprise to say that requirements, once met, can contribute directly to the safety of the system. Maybe we’ve got a safety requirement that says all cars will be fitted with seatbelts. Let’s say we’ll be required to wear a seatbelt.  That makes the system safer.

Or the requirement might be saying we need to provide evidence of the safety of the system. And, the requirement might refer to a process that we’ve got to go through or a set kind of evidence that we’ve got to provide. Safety requirements can cover either or both of these.

The Essence of System Safety

Requirements. Covering. Safety of the system or demonstrating that the system is safe. Should give us assurance, which is adequate confidence or justified confidence. Supported with evidence by following a process. And we’ll talk more about process. We meet safety requirements. We get assurance that we’ve done the right thing. And this really brings us to the essence of what system safety is, we’ve got all these requirements – everything is a requirement really – including the requirement. To demonstrate risk reduction.

And those requirements may apply to the system itself, the product. Or they may provide, or they may apply to the process that generates the evidence or the evidence. Putting all those things together in an organized and orderly way really is the essence of system safety, this is where we are addressing safety in a systematic way, in an orderly way. In an organized way. (Those words will keep coming back). That’s the essence of system safety, as opposed to the day-to-day task of keeping a workplace safe.

Maybe by mopping up spills and providing handrails, so people don’t slip over. Things like that. We’re talking about a more sophisticated level of safety. Because we have a more complex problem a more challenging problem to deal with. That’s system safety. We will start on the process now, and we begin with hazard identification and analysis; first, we need to identify and list the hazards, the Hazards and the accidents associated with the system.

We’ve got a system, physical or not. What could go wrong? We need to think about all the possibilities. And then having identified some hazards we need to start doing some analysis, we follow a process. That helps us to delve into the detail of those hazards and accidents. And to define and understand the accident sequences that could result. In fact, in doing the analysis we will very often identify some more hazards that we hadn’t thought of before, it’s not a straight-through process it tends to be an iterative process.

Risk Reduction

And what ultimately what we’re trying to do is reduce risk, we want a systematic process, which is what we’re describing now. A systematic process of reducing risk. And at some point, we must estimate the risk that we’re left with. Before and after all these controls, these mitigations, are applied. That’s risk estimation.  Again, there’s that systematic word, we’re going to use all the available information to estimate the level of risk that we’ve got left. Recalling that risk is a combination of severity and likelihood.

Now as we get towards the end of the process, we need to evaluate risk against set criteria. And those criteria vary depending on which country you’re operating in or which industry we’re in: what regulations apply and what good practice is relevant. All those things can be a factor. Now, in this case, this is a U.K. standard, so we’ve got two tests for evaluating risk. It’s a systematic determination using all the available evidence. And it should be an objective evaluation as far as we can make it.

Risk Evaluation

We should use certain criteria on whether a risk can be accepted or not. And in the U.K. there are two tests for this. As we’ve said before, there is ALARP, the ‘As Low As is Reasonably Practicable’ test, which says: Have we put into practice all reasonably practicable controls? (To reduce risk, this is risk reduction target). And then there’s an absolute level of risk to consider as well. Because even if we’ve taken all practical measures, the risk remaining might still be so high as to be unacceptable to the law.

Now that test is specific to the U.K, so we don’t have to worry too much about it. The point is there are objective criteria, which we must test ourselves or measure ourselves against. An evaluation that will pop out the decision, as to whether a further risk reduction is necessary if the risk level is still too high. We might conclude that are still reasonably practicable measures that we could take. Then we’ve got to do it.

We have an objective decision-making process to say: have we done enough to reduce risk? And if not, we need to do some more until we get to the point where we can apply the test again and say yes, we’ve done enough. Right, that’s rather a long-winded way of explaining that. I apologize, but it is a key issue and it does trip up a lot of people.

Risk Acceptance

Now, once we’ve concluded that we’ve done enough to reduce risk and no further risk reduction is necessary, somebody should be in a position to accept that risk.  Again, it’s a systematic process, by which relevant stakeholders agree that risks may be accepted. In other words, somebody with the right authority has said yes, we’re going to go ahead with the system and put it into practice, implement it. The resulting risks to people are acceptable, providing we apply the controls.

And we accept that responsibility.  Those people who are signing off on those risks are exposing themselves and/or other people to risk. Usually, they are employees, but sometimes members of the public as well, or customers. If you’re going to put customers in an airliner you’re saying yes there is a level of risk to passengers, but that the regulator, or whoever, has deemed [the risk] to be acceptable. It’s a formal process to get those risks accepted and say yes, we can proceed. But again, that varies greatly between different countries, between different industries. Depending on what regulations and laws and practices apply. (We’ll talk about different applications in another section.)

Risk Management

Now putting all this together we call this risk management.  Again, that wonderful systematic word: a systematic application of policies, procedures and practices to these tasks. We have hazard identification, analysis, risk estimation, risk evaluation, risk reduction & risk acceptance. It’s helpful to demonstrate that we’ve got a process here, where we go through these things in order. Now, this is a simplified picture because it kind of implies that you just go through the process once.

With a complex system, you go through the process at least once. We may identify further hazards, when we get into Hazard Analysis and estimating risk. In the process of trying to do those things, even as late as applying controls and getting to risk acceptance. We may discover that we need to do additional work. We may try and apply controls and discover the controls that we thought were going to be effective are not effective.

Our evaluation of the level of risk and its acceptability is wrong because it was based on the premise that controls would be effective, and we’ve discovered that they’re not, so we must go back and redo some work. Maybe as we go through, we even discover Hazards that we hadn’t anticipated before. This can and does happen, it’s not necessarily a straight-through process. We can iterate through this process. Perhaps several times, while we are moving forward.

Safety Management

OK, Safety Management. We’ve gone to a higher level really than risk because we’re thinking about requirements as well as risk. We’re going to apply organization, we’re going to applying management principles to achieve safety with high confidence. For the first time we’ve introduced this idea of confidence in what we’re doing. Well, I say the first time, this is insurance isn’t it? Assurance, having justified confidence or appropriate confidence, because we’ve got the evidence. And that might be product evidence too we might have tested the product to show that it’s safe.

We might have analysed it. We might have said well we’ve shown that we follow the process that gives us confidence that our evidence is good. And we’ve done all the right things and identified all the risks.  That’s safety management. We need to put that in a safety management system, we’ve got a defined organization structure, we have defined processes, procedures and methods. That gives us direction and control of all the activities that we need to put together in a combination. To effectively meet safety requirements and safety policy.

And our safety tests, whatever they might be. More and more now we’re thinking about top-level organization and planning to achieve the outcomes we need. With a complex system, with a complex operating environment and a complex application.

Safety Planning

Now I’ll just mention planning. Okay, we need a safety management plan that defines the strategy: how we’re going to get there, how are we going to address safety. We need to document that safety management system for a specific project. Planning is very important for effective safety. Safety is very vulnerable to poor planning. If a project is badly planned or not planned at all, it becomes very difficult to Do safety effectively, because we are dependent on the process, on following a rigorous process to give us confidence that all results are correct.  If you’ve got a project that is a bit haphazard, that’s not going to help you achieve the objectives.

Planning is important. Now the bit of that safety plan that deals with timescales, milestones and other date-related information. We might refer to as a safety program. Now being a UK Definition, British English has two spellings of program. The double-m-e version of programme. Applies to that time-based progression, or milestone-based progression.

Whereas in the US and in Australia, for example, we don’t have those two words we just have the one word, ‘program’. Which Covers everything: computer programs, a programme of work that might have nothing to do with or might not be determined by timescales or milestones. Or one that is. But the point is that certain things may have to happen at certain points in time or before certain milestones. We may need to demonstrate safety before we are allowed to proceed to tests and trials or before we are allowed to put our system into service.

Demonstrating Safety

We’ve got to demonstrate that Safety has been achieved before we expose people to risk.  That’s very simple. Now, finally, we’re almost at the end. Now we need to provide a demonstration – maybe to a regulator, maybe to customers – that we have achieved safety.  This standard uses the concept of a safety case. The safety case is basically, imagine a portfolio full of evidence.  We’ve got a structured argument to put it all together. We’ve got a body of the evidence that supports the argument.

It provides a Compelling, Comprehensible (or understandable) and valid case that a system is safe. For a given application or use, in a given Operating environment.  Really, that definition of what a safety case is harks back to that meaning of safety.  We’ve got something that really hits the nail on the head. And we might put all of that together and summarise it in a safety case report. That summarises those arguments and evidence, and documents progress against the Safe program.

Remember I said our planning was important. We started off saying that we need to do this, that the other in order to achieve safety. Hopefully, in the end, in the safety report we’ll be able to state that we’ve done exactly that. We did do all those things. We did follow the process rigorously. We’ve got good results. We’ve got a robust safety argument. With evidence to support it. At the end, it’s all written up in a report.

Documenting Safety

Now that isn’t always going to be called a safety case report; it might be called a safety assessment report or a design justification report. There are lots of names for these things. But they all tend to do the same kind of thing, where they pull together the argument as to why the system is safe. The evidence to support the argument, document progress against a plan or some set of process requirements from a standard or a regulator or just good practice in an industry to say: Yes, we’ve done what we were expected to do.

The result is usually that’s what justifies [the system] getting past that milestone. Where the system is going into service and can be used. People can be exposed to those risks, but safely and under control.

Everyone’s a winner, as they say!

Copyright – Creative Commons Licence

Okay. I’ve used a lot of information from the UK government website. I’ve done that in accordance with the terms of its creative commons license, and you can see more about that [here]. We have we complied with that, as we are required to, and to say to you that the information we’ve supplied is under the terms of this license.

More Resources

And for more resources and for more lessons on system safety. And other safe topics. I invite you to visit the safety artisan.com website or to go and look at the videos on Patreon, at my safety artisan page. And that’s www.Patreon.com/SafetyArtisan. Thanks very much for watching. I hope you found that useful.

We’ve covered a lot of information there, but hopefully in a structured way. We’ve repeated the key concepts and you can see that in that standard. The key concepts are consistently defined, and they reinforce each other. In order to get that systematic, disciplined approach to safety, that’s we need.

Anyway, that’s enough from me. I hope you enjoyed watching and found that useful. I look forward to talking to you again soon. Please send me some feedback about what you thought about this video and also what you would like to see covered in the future.

Thank you for visiting the Safety Artisan. I look forward to talking to you again soon. Goodbye.

Back to the Start Here Page.

Categories
Start Here Work Health and Safety

Comparing Australian & UK Safety Law

Comparing Australian & UK Safety Law. Are you a safety professional thinking of emigrating from the UK to Australia?  Well, I’ve done it, and here’s my BREXIT special guide!  In this 45-minute video, The Safety Artisan looks at the similarities and differences between British and Australian safety practices.  This should also help Aussies thinking of heading over to work in the UK and even, dare I say it, to the EU!

“It’s beginning to look a lot like BREXIT! La, La-la, la, la…”

Comparing Australian & UK Safety Law, Key Points

  • Introduction. With BREXIT looming, British and Australian professionals may be thinking of working in each other’s countries;
  • Legislation. Our laws, regulations and codes of practice are quite similar;
  • Guidance. Try the UK Health and Safety Executive (HSE) or the Safe Work Australia websites – both are excellent;
  • Jurisdictions. This is complex in a federated state like Australia, so Brits need to do their homework;
  • Regulators. This varies by industry/domain – many are very similar, while some are quite different;
  • Cultural Issues: Australia vs. the UK. Brits and Aussies are likely to feel quite comfortable working in each other’s countries; and
  • Cultural Issues: Australia vs. the EU. There are some commonalities across the EU, but also dramatic differences.

Comparing Australian & UK Safety Law: Transcript

Click Here for the Transcript

Comparing Australian & UK Safety Law: Topics

This is a free full-length show. I think it’s going to be about 30 minutes just to let you know; in those 30 minutes, we’re going to compare the British and Australian approaches to safety. We’re going to talk about the similarities and differences between Australian and British legislation. On the safety guidance that’s available from the various authorities the different jurisdictions in the UK and Australia. Jurisdiction is not really an issue in the UK but certainly is in Australia, so that’s something we really need to go through.

We’ll talk about regulators and the different approaches to regulation. And, finally, some cultural issues. I may mention the dreaded EU. It’s worth talking a little bit about that too because there are still significant links between the EU and the UK on how safety is done which Australians might find helpful.

Introduction

Now, where’s Michael Bublé when I need him to sing the song? It says it’s looking a lot like Brexit. With the Conservatives winning in the UK they’ve passed the Brexit act. It looks like it’s finally going to happen. Now whether you think that’s a good idea or not I’m not going to debate that, you’ll be pleased to hear – you’re sick of that, I’m sure.

There are going to be some safety professionals and other engineering professionals who were working in the EU. And who maybe won’t be able to do so easily anymore, and there might be some Brits thinking well maybe this is an opportunity. This is a prompt for me to think about moving to Australia and seeing what life is like there. Conversely, there may be Aussies seeking opportunities in the UK because if the flow of professionally qualified Engineers and so forth from the EU countries dries up or slows down then there might be more opportunity for Aussies. Indeed, the UK has been talking about introducing an Australian-style points-based immigration system. And I think we might see a favourable treaty between UK and Australia before too long.

What have I got to contribute here? I spent quite a few years in the UK as a safety engineer and safety consultant and I worked on a lot of international projects. I worked on a lot of UK procurements of American equipment. And I also worked very closely with German, Italian and Spanish colleagues on the Eurofighter Typhoon for thirteen years on and off. And I have quite a bit of experience of working in Germany and some of working with the French. I’ve got I think quite a reasonable view of different approaches to safety and how the UK differs from and is like our European counterparts.

Also, seven years ago I emigrated to Australia. I went through that points-based process, fortunately with a firm to back me up. I made the transition from doing UK-style safety to Australian-style safety.

Let’s get on with it.

Legislation #1

There are very many similarities between Australian and UK approaches to safety. Australia has learned a lot from the UK and continues to be very close to the UK in many ways, particularly in our style of law and legislation. But there are differences and I’m mainly going to talk about the differences.

First of all in the UK we’ve had the Health And Safety At Work (HSAW) Act around since 1974. That’s the executive Act that sets up the Health and Safety Executive the HSE as a regulator, gives it teeth and enables further legislation and regulations. Now if I was still in the UK, the next thing we would talk about would be in any discussion about health and safety at work would be the ‘six-pack’.

Now, these were six EU directives that the UK converted into UK regulations, as indeed all EU member states were required to. Incidentally, the UK was very successful in influencing EU safety policy, so it’s a bit ironic that their turning their back on that.  What will you find in the six-pack?

First of all, the regulations on management of health and safety at work otherwise known as HSG65 and there’s a lot of good advice in there on how to do risk management that is broadly equivalent, for an Aussie audience, to the Risk Management Code Of Practice: similar things in there that it’s trying to achieve. Then we’ve got the Provision and Use of Work Equipment Regulations or PUWER for short. That says if you provide equipment for workers it’s got to be fit for purpose. Then there are regulations on manual handling, on workplace health safety and welfare, on personal protective equipment at work, and on the health and safety of display screen equipment of the kind that I’m using here and now (I’m sat in my EU-standard computer chair with five legs and certain mandatory adjustable settings).

Now Aussies will be sat there looking at this list thinking it looks awfully familiar. We just package them up slightly differently.

There’s also, it should be said, a separate act called the Control Of Major Accident Hazards or COMAH as it’s known. And that was introduced after the Piper Alpha disaster in the North Sea which claimed 167 lives in a single accident. That covers big installations that could cause a mass-casualty accident. So that’s the UK approach.

Legislation #2

Now the Australian approach is much simpler. The Aussies have had time to look at UK legislation, take the essentials from it and boil it down in into its essence quite cleverly. There is a single Work Health and Safety (WHS) Act, which was signed up in 2011 and came into force on the 1st of January 2012. And there are a single set of WHS Regulations that go hand in hand with the Act.

And they cover a wide spectrum of stuff. A lot of the things in the UK that you would see covered in different acts and different regulations are all covered in one place. Not only does it address, as you would expect, the workplace responsibilities of employers and employees etc., but there are also upstream duties on designers and manufacturers and suppliers and importers and so forth. The WHS act pulls all these things together quite elegantly into one.

It’s a very readable act. I have to say it’s one of the few pieces of legislation that I think a non-lawyer can read and make sense of. But you’ve got to read what it says not what you think it says (just a word of caution).  The regulations cover Major Hazard Facilities, rather like the COMAH regulations, so they’re all included as well.

It’s worth noting that Australian WHS, unlike the UK, does not differentiate between safety and security. If somebody gets hurt, then it doesn’t matter whether it is an accident or whether it was a malicious act. If it happens to a worker, then WHS covers it. And that puts obligations on employers to look after the security of workers, which is an interesting difference, as the UK law generally does not do that. We’re seeing more prosecutions (I’m told by the lawyers) for harm caused by criminal acts than we are yet seeing for safety accidents.

And that’s the act and regulations. And it’s also worth saying that Australia has a system of Codes Of Practice just as the UK has Approved Codes Of Practice. Now that’s all I’m going to say for now. There are other videos and resources on the website that go into the Act and Regulations and COP. I’m going to do a whole series on all those things, unpacking them one by one.

Legislation #3

Let’s think about exceptions for a moment because the way that the UK and Australia do exceptions in their Health and Safety legislation is slightly different. In the UK, the Health and Safety at Work Act explicitly does not apply to ships and aircraft moving under their own power. That’s quite clear. That kind of division does not occur in Australia.

Also, the UK Health and Safety Act does not apply to special forces, or to combat operations by the armed forces, or to the work up to combat operations. Again, those exclusions do not exist in Australia. And then it’s also worth saying there are many other acts enforced by the UK HSE. It’s not just about HSAW, the six-pack and COMAH. There’s a lot of regs and stuff on mining and offshore, etc., you name it. The UK is a complex economy and there are lots of historical laws. Going back up to 100 years. I think the Explosives Act was in 1898, which is still being enforced.

Now Australia has a different approach. They’ve made a clean sweep; taken a very different approach as we’ll see later. And there are only really three explicit exclusions to the Act. It says that WHS doesn’t apply to merchant ships, which are covered by the Occupational Health and Safety (Maritime Industry) Act. So, merchant ships aren’t covered, and WHS doesn’t apply to offshore petroleum installations either. More on that later.

There is a separate act that deals with radiation protection, and that is enforced by the ARPANSA, the Australian Radiation and Nuclear Safety Protection Agency. So, [HSAW and WHS have] a slightly different approach to what is covered and what is not; but very similar in the essentials.

Legislation #4

One of those essentials is the determination of how much safety is enough. In the UK the HSE talks about ALARP and in Australia the Act talks about SFARP. This quote here is directly from the UK HSE website. Basically, it says that ALARP and SFARP are essentially the same things. And the core concept, what is reasonably practicable, is what’s defined in the WHS Act.

Now it’s worth mentioning that the HSE say, this because it was the HSE who invented the term ALARP. If you look in UK legislation you will see the term SFARP, and you’ll see other terms like ‘all measures necessary’. There are various phrases in UK laws to say how much is enough, and the HSE said it doesn’t matter what it says in the law, the test we will use is ALARP and it covers all these things. It was always intended to be essentially the same as SFARP.

Now there is some controversy in Australia about that, and some people think that ALARP and SFARP are different. The truth is that in Australia, as in the UK, some people did ALARP badly. They did it wrong. If you do ALARP wrong, it’s not the same as SFARP, it’s different. But if you’re doing ALARP properly it is the same. Now, there are some people who will die in a ditch in order to disagree with me over that but I’m quoting you from the HSE, who invented the term to describe SFARP.

It’s also worth noting that WHS uses the term SFARP, but the offshore regulator, which is the National Offshore Petroleum Safety and Environmental Management Agency (NOPSEMA), they use the term ALARP, because they’ve got a separate act from WHS for enforcing safety on offshore platforms. But again, even though they’re using ALARP, it’s the same as SFARP, if you look at the way that NOPSEMA explain ALARP.  They do it properly. And it matches up with SFARP, in fact, that NOPSEMA guidance is very good.

Guidance

We’ll talk more on regulators, but first a little aside and you’ll see why in a moment. Before we can get to talking about regulators, I need to tell you about where you can get guidance in Australia.

Now in the UK, you’ve got the HSE, who is the regulator and they also provide a lot of guidance. Any safety Engineer in the UK will immediately think of a document called R2P2, which is short for ‘Reducing Risk, Protecting People’. That’s an 80-something page document, in which the HSE explain their rationale for how they will enforce safety law and safety regulations and what they mean by ALARP and so on. There’s also a lot of guidance on their website as well, which is excellent and available under a Creative Commons licence so you can do an awful lot with it.

In Australia, it’s a little bit more complex than that. The WHS act was drafted by Safe Work Australia, which is a statutory agency of the government. It’s not a regulator, but it was the SWA who developed the Model WHS Act, the Model Regulations and the Model Codes Of Practice. (More on that in just a second.) It’s Safe Work Australia that provides a lot of good guidance on their website.

Most Australian regulators will refer you to legislation [i.e. not their own guidance]. We’ve got a bit of an American approach in that respect in Australia, in that you can’t do anything without a lawyer to tell you what you can and can’t do. Well, that’s the way that some government agencies seem to approach it. Sadly, they’ve lost the idea that the regulator is there to bridge the gap and explain safety to ordinary people so they can just get on with it.

Now some regulators in Australia, particularly say the New South Wales state regulator or Victorian state regulator do provide good guidance for use within their jurisdiction. The red flashing lights and the sirens should be going off at this point because we have a jurisdiction issue in Australia, and we’ll come onto that now.

Jurisdictions

In the UK, it’s reasonably simple. You’ve got the HSE for England and Wales, you’ve got the HSE for Scotland and you’ve got the HSE for Northern Ireland. They are enforcing essentially the same acts and the same regulations, right across the United Kingdom. Now there are differences in law: England and Wales have a legal system; Scotland has a slightly different legal system; then Northern Ireland has peculiarities of its own. But they’re all related. There are historical reasons why the law is different, but, from a safety point of view, all those three regulators do the same thing. And work consistently.

In Australia, it’s a bit different. Australia is a Federated Nation. We have States and Territories as you can see, we’ve got Queensland, New South Wales and Victoria. Within New South Wales we’ve got the ACT, that’s the Australian Capital Territory, and Canberra is the Australian Federal capital.

Most Australians live on that East Coast, down the coast of Queensland NSW and Victoria. Then we’ve got Tasmania, South Australia, the Northern Territory and Western Australia. All those states and territories have and enforce their own Safety Law and Regulations.

On top of that, you’ve got a Federal approach to safety as well. Now, this will be a bit of a puzzle to Brits, but in Australia, we call the national government in Canberra ‘the Commonwealth’. Brits are used to the Commonwealth being 100+ countries that used to belong to the UK, but now they’re a club. But in Australia, the Commonwealth is the national government, the Federal Government.

Regulators #1

Let’s talk about regulators, starting at the national level. If you look at the bottom right-hand corner, we have got Comcare. They are the national regulator, who enforce WHS for The Commonwealth of Australia, [Which is] all Federal workplaces, Defence, any land that’s owned by The Commonwealth, and anything where you’ve got a national system. You’ve also got some nationalised or semi-nationalised industries that effectively belong to the Commonwealth, or are set up by national regulations, and they operate to the Commonwealth version of WHS

Then you’ve got the Northern Territory, Tasmania, South Australia, Queensland, New South Wales and the Australian Capital Territory. All those states and territories have their own versions of the Model WHS Act, Regulations and COP. They’re not all identical but they’re pretty much the same. There are slight differences in the way that things are enforced, for example in South Australia there’s a couple of Codes Of Practice that Work Safe SA have said they will not enforce.

These differences don’t change the price of fish. All these regulators have their own jurisdiction, and they’re all doing more or less the same thing as Commonwealth WHS. If you start with the Model WHS Act or the Commonwealth version, then you won’t be far off what’s going on in those states and territories. However, you do have to remember that if you’re doing non-Commonwealth work in those states and territories, you’re going to be under the jurisdiction of the local state or territory regulator.

That’s the easy bit!

Unfortunately, not all states have adopted WHS yet. Western Australia (bottom left-hand corner) they are going to implement WHS but it’s not there yet. Currently, in December 2019 they’re heading towards WHS, but they’re still using their old Occupational Health and Safety (OS&H) Legislation from about 1999, I think.

Victoria has decided that they’re not going to implement WHS. Even though everybody agreed they would [change to WHS], they’re going to stick with their Occupational Health and Safety at work Act, which again I think dates from something like 1999. (These acts are amended and kept up to date.)  Victoria has no plans to implement WHS.

You, like me, might be thinking what a ridiculous way this is to organise yourself. We’re a nation of less than twenty-five million people, and we’ve got all this complexity about regulators and how we regulate and yes: it is daft! Model WHS was an attempt to get away from that stupidity. I have to say it’s mostly been successful, and I think we will get there one day, but that’s the situation we’ve got in Australia.

Regulators #2

Now, a quick little sample of regulators in the UK and Australia just to compare. I can’t go through them all, because there are a lot. I wanted to illustrate the similarities and differences; there are many similarities for Brits coming to Australia or Aussies going to the UK. You will find a regulatory system that in most part looks and feels familiar.

In the UK, for example, you’ve got the Civil Aviation Authority, who regulate non-military flying, airports etc; in Australia, you’ve got the Civil Aviation Safety Authority, which does almost the same thing. In the UK you’ve got the Air Accident Investigation Branch, who do what their name implies; in Australia, you’ve got the Australian Transportation Safety Bureau, who also investigates air accidents (they do maritime accidents as well). By the way, the ATSB in Australia is somewhat modelled on the American ATSB, with a very similar approach to the way they do business.

Now when we get onto the maritime side, it’s quite different. In the UK, you’ve got the Maritime and Coastguard Agency or MCGA. They regulate Civil Maritime Traffic and health and safety on merchant ships; they also investigate accidents. In Australia, don’t forget we’ve got the ATSB looking at maritime accidents and publishing statistics. We’ve then got the Australian Maritime Safety Authority, the AMSA, who look at the design aspects of safety of ships. (These are all national / Federal / Commonwealth regulators, by the way.) You’ve then got ‘Sea Care’, who look at the OH&S workplace aspects of working on merchant ships.

Then separately [again] we’ve got the National Offshore Petroleum Safety and Environmental Management Authority NOPSEMA, who look after oil rigs and gas rigs, that sit more than three nautical miles offshore. Because if they’re inside three nautical miles then that’s the jurisdiction of the local state or territory.

Indeed, NOPSEMA is evidence of the Federal government trying to get all the states and territories to come together.  They succeeded with WHS but with the offshore stuff, the states and territories refused to cooperate with the Commonwealth. (This is a common theme in Australia. The different branches of the government seem to delight in fighting each other rather than serving the Australian public.) The Commonwealth decided Australia could not develop an offshore industry on this basis – it wasn’t going to happen. So, they unilaterally set up NOPSEMA. Bang. Suck on that states and territories.

Culture

Let’s look a little bit at culture. Let’s face it, Australians, Brits and Americans in many ways are very similar. We have an Anglo-Saxon approach to things, and Australian and British law is very similar. We also have a similar sense of humour, which is very important when trying to do safety

You’ve got the five eyes countries – Australia, New Zealand, the UK, the US and Canada – who have worked closely together for several decades. There’s a lot of commonality between these English-speaking countries that have a common Anglo-Saxon colonial past.

However, the big difference in Australia is that we are much more heavily influenced by the US than the UK is. You’ll find a lot of a US-style ‘certification against specification’ in Australia in different industries. That’s subtly different to the UK and Australian legal approach, which is based on ‘safety by intent’. This idea is that safety is achieved by keeping people safe [managing risk in the real world], where a contract specification means very little. Are people kept safe? That’s the essential idea behind UK and Australian law. It’s a bit that’s a bit different to the sort of American approach of you know specifications and requirements.

There’s nothing wrong with either approach, they’re just different, but mixing them together does cause confusion. In the UK if you work, as I did for most of my working life, in the aviation industry, it is an international enterprise and it uses a US-style safety-by-specification and certification approach because civil aviation is essentially US-led. (From the 1944 Chicago convention onwards.) It’s important to understand the difference, and there’s a lot more of this US certification influence in Australia.

Summary

We’ve talked about some different aspects. I can’t go into detail on everything, as I simply don’t know all the details on everything, as I’m not an expert in it all domains. Nobody is. But I hope I’ve given you a useful overview of differences for British engineers wanting to be aware of safety in Australia, and Aussies wanting to go to the UK.

Cultural Issues: UK versus the EU

It’s also worth having, while we’re on the subject, just one slide on the EU, because the UK has been part of the EU for a long time. UK legislation has been heavily influenced by the EU and vice versa. As I said earlier, the UK has been quite successful in influencing EU directives, which the UK that turns into regulations as the other EU nations do. That’s the second bullet point. If you go work in the EU, you should find local laws that implement the EU directives in common with the UK.

The big difference between the UK and the other EU states is the ALARP measure of how much safety is enough, and that is unique to the UK. So much so, that other EU nations took the UK to the European Court of Arbitration saying that ALARP was a sort of anti-competitive variation that shouldn’t be allowed. Now, they lost and ALARP stands in the UK, but just illustrates that there are some critical differences and ALARP is probably the most important one.

Back to the first bullet point. In English, we differentiate between safety and security. Now I’ve mentioned the UK HSAW does so but WHS does not do that (deliberately I guess), whether it’s accidental or harm or malicious harm you’ve got to protect your workers. However, in many European countries, the word for safety and security are the same. If you get to Germany, ‘Sicherheit’ means safety and security. In France it’s ‘securité’ and variations thereof in other romance languages, safety and security are the same words in many European languages.

Now having said that, a lot of these EU economies where you might be thinking of working, are modern economies with lots of internationally regulated stuff going on. The aviation industry, for example, but there are lots of advanced industries that are regulated in a similar way, right around the world. You’ll still find familiar concepts in different EU countries.

Now culturally, I’ve spent a lot of time working with Germans, who tend to come unstuck with the Anglo-Saxon approach to safety, because they have the mentality that they make things to work, not to fail. For German engineers especially, the Anglo-Saxon fixation with looking at how things could go wrong seems very strange. They often just don’t get it unless they’ve been in an industry like aviation, where that approach has been inculcated into them. Germans often don’t understand Australian WHS, because it’s just not their mentality. (They don’t build things to fail, they build them to work, so maybe ‘Safety-II’ will take off in Germany because of that.)

In France, I have to say the French are extremely competent engineers and they’re very good at safety. However, they do it their way they do it the French way, which is different to UK/Australia. Don’t expect the French to do it our way. They’re going to do it their way, and you need to learn, to understand what they do, how they do it and why they do it that way. France is in many ways a very nationalized country and it’s a national enterprise. Most engineers go through one system, and there is one top college for engineering in France.

There’s one and only one way of doing it in France, which may come as a bit of a shock to Aussies given our somewhat ‘here and there’ approach to regulation in Australia. The French are competent but don’t expect them to comply with the Aussie or UK way of doing things.

Now, I’ve said ‘variations across Southern Europe’, and I’m trying to be tactful here because a lot of the southern European approach to Safety is very variable. Sometimes I’ve been very impressed watching how, say, the Spanish do business, but in other countries like Italy the approach to safety can be a bit of a shocker. If you’re buying stuff from Italy, the contract may say they’ll do ‘x y z’ and they’ll produce safety reports. Just because they’ve said so, doesn’t mean a that it’s going to happen or that the stuff they produce is going to be worth the paper it’s written on, quite frankly. Some countries are very good in certain areas, but not so much in others.

Copyright Statement

Well, thanks for listening!  This presentation contains a little bit of information from the UK HSE and some from Safe Work Australia and I’ve produced that under the [appropriate] Creative Commons licenses. If you go to The Safety Artisan website you will see the details of the licenses.

The content of this video presentation is copyright The Safety Artisan, 2019.

[Please SUBSCRIBE to The Safety Artisan YouTube channel to see free training videos and free previews of paid content.].

It just remains for me to say stay safe and I’ll see you next month. Goodbye!

Comparing Australian & UK Safety Law: The End!

Back to the WHS Topic Page.

Categories
Safe Design Start Here

Snapshot – Five Principles of Safe Design

Snapshot: Five Principles of Safe Design

Five Principles of Safe Design

  • Principle 1: Persons with control—those who make decisions affecting the design of products, facilities or processes are able to promote health and safety at the source.
  • Principle 2: Product lifecycle—safe design applies to every stage in the lifecycle from conception through to disposal. It involves eliminating hazards or minimising risks as early in the lifecycle as possible.
  • Principle 3: Systematic risk management—apply hazard identification, risk assessment and risk control processes to achieve safe design.
  • Principle 4: Safe design knowledge and capability—should be either demonstrated or acquired by those who control design.
  • Principle 5: Information transfer—effective communication and documentation of design and risk control information amongst everyone involved in the phases of the lifecycle is essential for the safe design approach.

– Safe Work Australia website (see Copyright Statement).

More Posts on ‘Safe Design’ are Coming Soon!

Back to the Start Here Page.

Categories
Start Here System Safety

Safety Concepts Part 1

In ‘Safety Concepts Part 1’, the Safety Artisan looks at the meaning of the term “safe”. We look at an objective definition of safe – objective because it can be demonstrated to have been met. This fundamental topic provides the foundation for all other safety topics, and it isn’t complex. The basics are simple, but they need to be thoroughly understood and practiced consistently to achieve success.

System Safety Concepts – a Short Introduction

Safety Concepts Part 1: Topics

  • A practical (useful) definition of ‘safe’:
    • What is risk?
    • What is risk reduction?
    • What are safety requirements?
  • Scope:
    • What is the system?
    • What is the application (function)?
    • What is the (operating) environment?

Safety Concepts Part 1: Transcript

Click Here for the Transcript

Hi everyone and welcome to the Safety Artisan, where you will find professional, pragmatic and impartial advice. Whether you want to know how safety is done or how to do it, I hope you’ll find today’s session helpful.

It’s the 21st of September 2019 as I record this. Welcome to the show. So, let’s get started. We’re going to talk today about System Safety concepts. What does it all mean?  We need to ask this question because it’s not obvious, as we will see.

If we look at a dictionary definition of the word ‘safe’, it’s an adjective: to be protected from or not exposed to danger or risk. Not likely to be harmed or lost. There are synonyms – protect, shield, shelter, guard, and keep out of harm’s way. They’re all good words, and I think we all know what we’re talking about. However, as a definition, it’s too imprecise. We can’t objectively say whether we have achieved safety or not.

A Practical Definition of ‘Safe’

What we need is a better definition, a more practical definition. I’ve taken something from an old UK Defence Standard. Forget about which standard, that’s not important. It’s just that we’re using a consistent set of definitions to work through basic safety concepts. And it’s important to do that because different standards, come from different legal systems and they have different philosophies. So, if you start mixing standards and different concepts together, that doesn’t always work.

OK so whatever you do, be consistent. That’s the key point. We’re going to use this set of definitions from the UK Defence Standard because they are consistent.

In this standard, ‘safe’ means: “Risk has been demonstrated to have been reduced to a level that is ALARP, and broadly acceptable or tolerable. And relevant prescriptive safety requirements have been met. For a system, in a given application, in a given Operating Environment.” OK, so let’s unpack that.

System Safety – Risk

So, we start with risk. We need to manage risk. We need to show that risk has been reduced to an acceptable level. As required perhaps by law, or regulation or a standard. Or just good practice in a particular industry. Whatever it is, we need to show that the risk of harm to people has been reduced. Not just any old reduction, we need to show that it’s been reduced to a particular level. Now in this standard, there are two tests for that.

And they’re both objective tests. The first one says as low as reasonably practicable. Basically, it’s asking have all reasonably practicable risk reduction measures been taken. So that’s one test. And the second test is a bit simpler. It’s basically saying reduce the absolute level of risk to something that is tolerable or acceptable. Now don’t worry too much about precisely what these things mean. The purpose for today is to note that we’ve got an objective test to say that we’ve done enough.

System Safety – Requirements

So that’s dealt with risk. Let’s move on to safety requirements. If a requirement is relevant, then we need to apply it. If it’s prescriptive, if it says you must do this, or you must do that. Then we need to meet it. There are two separate parts to this ‘Safe’ thing: we’ve got to meet requirements; and, we’ve got to manage risk. We can’t use one as an excuse for not doing the other.

So just because we reduce risk until it’s tolerable or acceptable doesn’t mean that we can ignore safety requirements. Or vice versa. So those are the two key things that we’ve got to do. But that’s not actually quite enough to get us there. Because we’ve got to define what we’re doing, with what and in what context. Well, we’re reducing the risk of a system. And the system might be a physical thing.

Defining the Scope: The System

It might be a vehicle, an aeroplane or a ship or a submarine, it might be a car or a truck. Or it might be something a bit more intangible. It might be a computer program that we’re using to make decisions that affect the safety of human beings, maybe a medical diagnosis system. Or we’re processing some scripts or prescriptions for medicine and we’ve got to get it right. We could poison somebody. So, whether it’s a tangible or an intangible system.

We need to define it. And that’s not as easy as it sounds, because if we’re applying system safety, we’re doing it because we have a complex system. It’s not a toaster. It’s something a bit more challenging. Defining the system carefully and precisely is really important and helpful. So, we define what our system is, our thing or our service. The system. What are we doing with it? What are we applying it to?

Defining the Scope: The Application

What are we using it for? Now, just to illustrate that no standard is perfect. Whoever wrote that defence standard didn’t bother to define the application. Which is kind of a major stuff-up to be honest, because that’s really important. So, let’s go back to an ordinary dictionary definition just to get an idea of what it means. By the way, I checked through the standard that I was referring to, and it does not explain in this standard.

What it means by the application. Otherwise, I would use that by preference. But if we go back to the dictionary, we see application: the act of putting something into operation. OK, so, we’re putting something to use. We’re implementing, employing it or deploying it maybe we’re utilizing it, applying it, executing it, enacting it. We’re carrying it out, putting it into operation or putting it into practice. All useful words that help us to understand.

I think we know what we’re talking about. So, we’ve got a thing or a service. Well, what are we using it for? Quite obviously, you know a car is probably going to be quite safe on the road. Put it in water and it probably isn’t safe at all. So, it’s important to use things for their proper application, to the use to which they were designed. And then, kind of harking back to what I just said, the correct operating environment.

Defining the Scope: The Operating Environment

For this system, and the application to which we will put it to. So, we’ve got a thing that we want to use for something. What’s the operating environment in which it will be safe? What’s it qualified or certified for? What’s the performance envelope that it’s been designed for? Typically, things work pretty well within the operating environment, within the envelope for which they were designed. Take them outside of that envelope and they perform not so well.

Maybe not at all. You take an aeroplane too high and the air is too thin, and it becomes uncontrollable. You take it too low and it smashes into the ground. Neither outcome is particularly good for the occupants of the aeroplane. Or whoever happens to be underneath it when it hits the ground. All of those three things:  what is the system? What are we doing with it? and where are we doing it? All those things have to be defined. Otherwise, we can’t really say that risk has been dealt with, or that safety requirements have been met.

System Safety: why Bother?

So, we’ve spent several slides just talking about what safe means, which might seem a bit over the top. But I promise you it is not, because having a solid understanding of what we’re trying to do is important in safety. Because safety is intangible. So, we need to understand what it is we’re aiming for. As some Greek bloke said, thousands of years ago: “If you don’t know to which port, you are bound, then no wind is favourable.”

It’s almost impossible to have a satisfactory Safety Program if you don’t know what you’re trying to achieve. Whereas, if you do have a precise understanding of what you’re trying to achieve, you’ve got a reasonably good chance of success. And that’s what it’s all about.

Copyright Statement

Well, I’ve quoted you some information. From a UK government web site. And I’ve done so. In accordance with the terms of its creative commons license and you can see. More information about the terms of that can be found at this page.

End: Safety Concepts Part 1

If you want more, if you want to unpack all the Major Definitions, all the system safety concepts that we’re talking about, then there’s the second part of this video, which you can see here.

I hope you enjoy it. Well, that’s it for the short video, for now. Please go and have a look at the longer video to get the full picture. OK, everyone, it’s been a pleasure talking to you and I hope you found that useful. I’ll see you again soon. Goodbye.

Back to the Start Here Page.