The 2023 Digest brings you all The Safety Artisan’s blog posts from last year. I hope that you find this a useful resource! (The final post in the list is the 2022 Digest, which lists another 31 posts.)
So, how do we identify and analyze functional hazards? I’ve seen a lot of projects and programs. We’re great at doing the physical hazards, but not so good at the functional hazards. So, when I talk about physical and functional hazards, the physical stuff, I think we’re probably all very familiar with them. They’re all… Read more: Identify and Analyze Functional Hazards
So today, we’re talking about the Foundations of System Safety assessment. And as it says, it’s a free webinar from The Safety Artisan, and it’s one of a series. So, before we go on, I’ll just introduce myself. Why should you bother to listen to me? Well, in 25 years of experience in system safety,… Read more: Foundations of System Safety
TL;DR This article on Failure Mode Effects Analysis explains this powerful and commonly used family of techniques. You can access this webinar (and all the others) here. I have used FMEA and related techniques on many programs and it can produce powerful results quickly and cheaply. Recently, I’ve seen some criticism of FEMA on social… Read more: Failure Mode Effects Analysis
In my webinar ‘Five Ways to Identify Hazards’ I look at a mix of techniques. We need these diverse techniques to assure us (give justified confidence) that we have identified the full range of hazards associated with a system. To do this I draw on my 25 years of experience (see ‘Meet the Author‘, below)… Read more: Five Ways to Identify Hazards
In this post, ‘Exploring Causal Analysis: Techniques and Insights’, I provide a quick summary of my recent webinar. You can see a short video introduction below, or access the full webinar at my Safety Engineering Academy. Introduction: Causal analysis is a vital aspect of system safety engineering, offering insights into the root causes of issues… Read more: Exploring Causal Analysis: Techniques and Insights
In this post ‘Full Function Hazard Logs: A Deep Dive into Relational Databases’, I explore some things we can do with a hazard log built upon a database. In my 25-year career in safety engineering, I’ve seen many hazard logs and hazard tracking systems. Most of them were hosted in Microsoft Excel, but there were… Read more: Full Function Hazard Logs: A Deep Dive into Relational Databases
In this 45-minute session, I look at System Hazard Analysis with Mil-Std-882E. SHA is Task 205 in the Standard. I explore Task 205’s aim, description, scope, and contracting requirements. I also provide commentary, based on working with this Standard since 1996, which explains SHA. How to use it to complement Sub-System Hazard Analysis (SSHA, Task… Read more: System Hazard Analysis with Mil-Std-882E
In this video, I look at Functional Hazard Analysis with Mil-Std-882E (FHA, which is Task 208 in Mil-Std-882E). FHA analyses software, complex electronic hardware, and human interactions. I explore the aim, description, and contracting requirements of this Task, and provide extensive commentary on it. (I refer to other lessons for special techniques for software safety… Read more: Functional Hazard Analysis with Mil-Std-882E
In this 45-minute session, I look at how to do a Preliminary Hazard Analysis with Mil-Std-882E. Preliminary Hazard Analysis, or PHA, is Task 202 in the Standard. I explore Task 202’s aim, description, scope, and contracting requirements. There’s value-adding commentary, and I explain the issues with PHA – how to do it well and avoid… Read more: How to do Preliminary Hazard Analysis with Mil-Std-882E
Safety Engineering Academy Webinars are on vital topics. I run them live every month, and you can get them all at the Safety Engineering Academy here. They draw on my practical experience of these tools and techniques, from my 25-year-plus career. I have personally used all of these techniques, and I have seen them used… Read more: Safety Engineering Academy Webinars
What are the Challenges of Online Learning? In my previous article, I looked at ‘Five Key Dimensions of Online Learning’, which explored what makes it popular. But there’s a downside too – things that put students off. What are they, and can they be fixed? “Top reasons cited by students who do not intend to… Read more: Challenges of Online Learning
In this video lesson, I look at Sub-System Hazard Analysis with Mil-Std-882E (SSHA, which is Task 204). I teach the mechanics of the task, but not just that. I’m using my long experience with this Standard to teach a pragmatic approach to getting the work done. Task 204 is one of three tasks that integrate… Read more: Sub-System Hazard Analysis with Mil-Std-882E
Get your free Preliminary Hazard Identification & Analysis, PHIA Guide here! Introduction Hazard Identification is sometimes defined as: “The process of identifying and listing the hazards and accidents associated with a system.” Hazard Analysis is sometimes defined as: “The process of describing in detail the hazards and accidents associated with a system and defining accident… Read more: Preliminary Hazard Identification & Analysis Guide
In this article ‘Five Key Dimensions of Online Learning’, I discuss the learning dimensions and attributes that students are looking for. How do I know what students are looking for? Fortunately “McKinsey surveyed more than 7,000 students in 17 countries to find out which elements of online higher education they value most.”[1] Unfortunately, McKinsey didn’t… Read more: Five Key Dimensions of Online Learning
“What Have Hazard Logs Ever Done for Us? Well, there’s the aqueduct…” Monty Python’s Flying Circus may not be an obvious connection to hazard management, but it works! Hazard Logs – or Hazard Tracking Systems (HTS), which is a better term – are underappreciated but vital tools. In this webinar on hazard logs, one of… Read more: What Have Hazard Logs Ever Done for Us?
In ‘Optimizing Safety: Active Hazard Management with Hazard Logs’ we look at how to unleash the power of this underrated tool! Introduction A Hazard Log is more than just a record; it’s a dynamic tool for actively managing safety risks associated with systems. This continually updated log encapsulates Hazards, Accident Sequences, and Accidents, ensuring a… Read more: Optimizing Safety: Active Hazard Management with Hazard Logs
In this blog post and video ‘Hazard Logs and Hazard Tracking Systems’, I’m going to tell you about their benefits and features. In many industries, we are required to create a hazard log: perhaps by a regulator, a customer, or a prime contractor. Or maybe it’s “just the way we do it round here”. Whatever… Read more: Hazard Logs and Hazard Tracking Systems
The 2023 Digest brings you all The Safety Artisan’s blog posts from last year. I hope that you find this a useful resource! (The final post in the list is the 2022 Digest, which lists another 31 posts.) That’s the 2023 Digest – look out for much more in 2024! My name’s Simon Di Nucci.… Read more: The 2023 Digest
This is the first in a new series of blog posts on Principles of Software Safety Assurance. In it, we look at the 4+1 principles that underlie all software safety standards. We outline common software safety assurance principles that are evident in software safety standards and best practices. You can think of these guidelines as… Read more: Principles of Software Safety Assurance
Lessons Learned: in this 30-minute video, we learn lessons from an accident in 2016 that killed four people on the Thunder River Rapids Ride in Queensland. The coroner’s report was issued this year, and we go through the summary of that report. In it we find failings in WHS Duties, Due Diligence, risk management, and… Read more: Lessons Learned from a Fatal Accident
Understanding System Safety Engineering: A Quick Guide, takes you through some key points of this complex subject. Introduction System safety engineering plays a crucial role in ensuring the safety of complex systems. In this post, we will explore the fundamental concepts of system safety engineering and its importance in the realm of systems engineering. System… Read more: Understanding System Safety Engineering: A Quick Guide
Introduction In System Safety FAQs I will deal with the most commonly searched-for online queries. This post is also the basis for the First in a new series of monthly webinars I’m running. I will also be answering your questions: leave them in the comments at the bottom of this post! What is System Safety?… Read more: System Safety FAQ
Here is a video about my CISSP exam journey. Get the full ‘My CISSP Exam Journey’ free video here. I’ve just passed the Certified Information Systems Security Professional (CISSP) Exam, which was significantly updated on 1st May 2021. In this 30-minute video I will cover: I wish you every success in your CISSP journey: it’s… Read more: My CISSP Exam Journey
That’s the 2023 Digest – look out for much more in 2024!
My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!
Lessons Learned: in this 30-minute video, we learn lessons from an accident in 2016 that killed four people on the Thunder River Rapids Ride in Queensland. The coroner’s report was issued this year, and we go through the summary of that report. In it we find failings in WHS Duties, Due Diligence, risk management, and failures to eliminate or minimize risks So Far As is Reasonably Practicable (SFARP). We do not ‘name and shame’, rather we focus on where we can find guidance to do better.
In 2016, four people died on the Thunder River Rapids Ride.
Lessons Learned: Key Points
We examine multiple failings in:
WHS Duties;
WHS Due Diligence;
Risk management; and
Eliminating or minimizing risks So Far As is Reasonably Practicable (SFARP).
Transcript: Lessons Learned from a Theme Park Tragedy
Introduction
Hello, everyone, and welcome to the Safety Artisan: purveyors of fine safety engineering training videos and other resources. I’m Simon and I’m your host and today we’re going to be doing something slightly different. So, there are no PowerPoint slides. Instead, I’m going to be reading from a coroner’s report from a well-known accident here in Australia and we’re going to be learning some lessons in the context of WHS workplace health and safety law.
Disclaimer
Now, I’d just like to reassure you before we start that I won’t be mentioning the names of the deceased. I won’t be sharing any images of them. And I’m not even going to mention the firm that owned the theme park because this is not about bashing people when they’re down. It’s about us as a community learning lessons when things go wrong to fix the problem, not the blame. So that’s what I’d like to emphasize here.
The Coroner’s Report
So, I’m just going to I’m just turning to the summary of the coroner’s report. The coroner was examining the deaths of four people back in 2016 on what was called the Thunder River Rapids Ride. Or TRRR or TR3 for short because it’s a bit of a mouthful. This was a water ride, as the name implies, and what went wrong was the water level dropped. Rafts, these circular rafts that went down the rapids, went down the chute, got stuck. Another raft came up behind the stuck raft and went into it. One of the rafts tipped over. These rafts seat six people in a circular configuration. You may have seen them. They’re in – different versions of this ride are in lots of theme parks.
But out of the six, unfortunately, the only two escaped before people were killed, tragically. So that’s the background. That happened in October 2016, I think it was. The coroner’s report came out a few months ago, and I’ve been wanting to talk about it for some time because it illustrates very well several issues where WHS can help us do the right thing.
WHS Duties
So, first of all, I’m looking at the first paragraph in the summary, the coroner starts off; the design and construction of the TRRR at the conveyor and unload area posed a significant risk to the health and safety of patrons. Notice that the coroner says the design and construction. Most people think that WHS only applies to workplaces and people managing workplaces, but it does a lot more than that. Sections 22 through 26 of the Act talk about the duties of designers, manufacturers, importers, suppliers, and then people who commissioned, install, et cetera.
So, WHS supplies duties on a wide range of businesses and undertakings, and designers and constructors are key. There are two of them. Now, it’s worth noting that there was no importer here. The theme park, although the TRRR ride was similar to a ride available commercially elsewhere, for some reason, they chose to design and build their version in Queensland. Don’t know why. Anyway, that doesn’t matter now. So, there was no importer, but otherwise, even if you didn’t design and construct the thing, if you imported it, the same duties still apply to you.
No Effective Risk Assessment
So, the coroner then goes on to talk about risks and hazards and says each of these obvious hazards posed a risk to the safety of patrons on the ride and would have been easily identifiable to a competent person had one ever been commissioned to conduct a risk and hazard assessment of the ride. So, what the coroner is saying there is, “No effective risk assessment has been done”. Now, that is contrary to the risk management code of practice under WHS and also, of course, that the definition of SFARP, so far as reasonably practicable, basically is a risk assessment or risk management process. So, if you’ve not done effective risk management, you can’t say that you’ve eliminated or minimized risks SFARP, which is another legal requirement. So, a double whammy there.
Then moving on. “Had noticed been taken of lessons learned from the preceding incidents, which were all of a very similar nature …” and then he goes on. That’s the back end of a sentence where he says, you didn’t do this, you had incidents on the ride, which are very similar in the past, and you didn’t learn from them. And again, concerning reducing risks SFARP, Section 18 in the WHS Act, which talks about the definition of reasonably practicable, which is the core of SFARP, talks about what ought to have been known at the time.
So, when you’re doing a risk assessment or maybe you’re reassessing risk after a modification – and this ride was heavily modified several times or after an incident – you need to take account of the available information. And the owners of TRRR the operators didn’t do that. So, another big failing.
The coroner goes on to note that records available concerning the modifications to the ride are scant and ad hoc. And again, there’s a section in the WHS risk management code of practice about keeping records. It’s not that onerous. I mean, the COP is pretty simple but they didn’t meet the requirement of the code of practice. So, bad news again.
Due Diligence
And then finally, I’ve got to the bottom of page one. So, the coroner then notes the maintenance tasks undertaken on the ride whilst done so regularly and diligently by the staff, seemed to have been based upon historical checklists which were rarely reviewed despite the age of the device or changes to the applicable Australian standards. Now, this is interesting. So, this is contravening a different section of the WHS Act.
Section 27, talks about the duties of officers and effectively that sort of company directors, and senior managers. Officers are supposed to exercise due diligence. In the act, due diligence is fairly simple- It’s six bullet points, but one of them is that the officers have to sort of keep up to date on what’s going on in their operation. They have to provide up-to-date and effective safety information for their staff. They’re also supposed to keep up with what’s going on in safety regulations that apply to their operation. So, I reckon in that one statement from the coroner then there’s probably three breaches of due diligence there to start with.
Risk Controls Lacking
We’ve reached the bottom of page one- Let’s carry on. The coroner then goes on to talk about risk controls that were or were not present and says, “in accordance with the hierarchy of controls, plant and engineering measures should have been considered as solutions to identified hazards”. So in WHS regulations and it’s repeated in the risk code of practice, there’s a thing called the hierarchy of controls. It says that some types of risk controls are more effective than others and therefore they come at the top of the list, whereas others are less effective and should be considered last.
So, top of the list is, “Can you eliminate the hazard?” If not, can you substitute the hazardous thing for something else that’s less hazardous- or with something else that is less hazardous, I should say? Can you put in engineering solutions or controls to control hazards? And then finally, at the bottom of my list are admin procedures for people to follow and then personal protective equipment for workers, for example. We’ll talk about this more later, but the top end of the hierarchy had just not been considered or not effectively anyway.
A Predictable Risk
So, the coroner then goes on to say, “rafts coming together on the ride was a well-known risk, highlighted by the incident in 2001 and again in 2004”. Now actually it says 2004, I think that might be a typo. Elsewhere, it says 2014, but certainly, two significant incidents were similar to the accident that killed four people. And it was acknowledged that various corrective measures could be undertaken to, quote, “adequately control the risk of raft collision”.
However, a number of these suggestions were not implemented on the ride. Now, given that they’ve demonstrated the ability to kill multiple people on the ride with a raft collision, it’s going to be a very, very difficult thing to justify not implementing controls. So, given the seriousness of the potential risk, to say that a control is feasible is practicable, but then to say “We’re not going to do it. It’s not reasonable”. That’s going to be very, very difficult to argue and I would suggest it’s almost a certainty that not all reasonably practicable controls were implemented, which means the risk is not SFARP, which is a legal requirement.
Further on, we come back to document management, which was poor with no formal risk register in place. So, no evidence of a proper risk assessment. Members of the department did not conduct any holistic risk assessments of rides with the general view that another department was responsible. So, the fact that risk assessment wasn’t done – that’s a failure. The fact that senior management didn’t knock heads together and say “This has to be done. Make it happen”- That’s also another failing. That’s a failing of due diligence, I suspect. So, we’ve got a couple more problems there.
High-Risk Plant
Then, later on, the coroner talks about necessary engineering oversight of high-risk plant not being done. Now, under WHS act definitions, amusement rides are counted as high-risk plant, presumably because of the number of serious accidents that have happened with them over the years. The managers of the TRRR didn’t meet their obligations concerning high-risk plants. So, some things that are optional for common stuff are mandatory for high-risk plants, and those obligations were not met it seems.
And then in just the next paragraph, we reinforce this due diligence issue. Only a scant amount of knowledge was held by those in management positions, including the general manager of engineering, as to the design modifications and past notable incidents on the ride. One of the requirements of due diligence is that senior management must know their operations, and know the hazards and risks associated with the operations. So for the engineering manager to be ignorant about modifications and risks associated with the ride, I think is a clear failure of due diligence.
Still talking about engineering, the coroner notes “it is significant that the general manager had no knowledge of past incidents involving rafts coming together on the ride”. Again, due diligence. If things have happened those need to be investigated and learned from and then you need to apply fresh controls if that’s required. And again, this is a requirement. So, this shows a lack of due diligence. It’s also a requirement in the risk management code of practice to look at things when new knowledge is gained. So, a couple more failures there.
No Water-Level Detection, Alarm Or Emergency Stop
Now, it said that the operators of the ride were well aware that when one pump failed, and there were two, the ride was no longer able to operate with the water level dropping dramatically, stranding the rafts on the steel support railings. And of course, that’s how the accident happened. Regardless, there was no formal means by which to monitor the water level of the ride and no audible alarm to advise one of the pumps had ceased to operate. So, a water level monitor? Well, we’re talking potentially about a float, which is a pretty simple thing. There’s one in every cistern, in every toilet in Australia. Maybe the one for the ride would have to be a bit more sophisticated than that- A bit industrial grade but the same principle.
And no alarm to advise the operators that this pump had failed, even though it was known that this would have a serious effect on the operation of the ride. So, there are multiple problems here. I suspect you’ll be able to find regulations that require these things. Certainly, if you looked at the code of practice on plant design because this counts as industrial plants, it’s a high-risk plant, so you would expect very high standards of engineering controls on high-risk plants and these were missing. More on that later.
In a similar vein, the coroner says “a basic automated detection system for the water level would have been inexpensive and may have prevented the incident from occurring”. So basically, the coroner is saying this control mechanism would have been cheap so it’s certainly reasonably practicable. If you’ve got a cheap control that will prevent a serious injury or a death, then how on earth are you going to argue that it’s not reasonable to implement it? The onus is on us to implement all reasonably practical controls.
And then similarly, the lack of a single emergency stop on the ride, which was capable of initiating a complete shutdown of all the mechanisms, was also inadequate. And that’s another requirement from the code of practice on plant design, which refers back to WHS regulations. So, another breach there.
Human Factors
We then move on to a section where it talks about operators, operators’ accounts of the incident, and other human factors. I’m probably going to ask my friend Peter Bender, who is a Human Factors specialist, to come and do a session on this and look at this in some more detail, because there are rich pickings in this section and I’m just going to skim the surface here because we haven’t got time to do more.
The coroner says “it’s clear that these 38 signals and checks to be undertaken by the ride operators was excessive, particularly given that the failure to carry out any one could potentially be a factor which would contribute to a serious incident”. So clearly, 38 signals and checks were distributed between two ride operators, because there was no one operator in control of the whole ride- that’s a human factors nightmare for a start- but clearly, the work designed for the ride was poor. There is good guidance available from Safe Work Australia on good work design so there’s no excuse for this kind of lapse.
And then the coroner goes on to say, reinforcing this point that the ride couldn’t be safely controlled by a human operator. The lack of engineering controls on a ride of this nature is unjustifiable. Again, reinforces the point that risk was not SFARP because not all reasonably practicable controls had been implemented. Particularly controls at the higher end of the hierarchy of controls. So, a serious failing there.
(Now, I’ve got something that I’m going to skip, actually, but – It’s a heck of a comment, but it’s not relevant to WHS.)
Training And Competence
We’re moving on to training and competence. Those responsible for managing the ride whilst following the process and procedure in place – and I’m glad to see you from a human practice point of view that the coroner is not just trying to blame the last person who touched it. He’s making a point of saying the operators did all the right stuff. Nevertheless, they were largely not qualified to perform the work for which they were charged.
The process and procedures that they were following seemed to have been created by unknown persons. Because of the poor record-keeping, presumably who it is safe to assume lacked the necessary expertise. And I think the coroner is making a reasonable assumption there, given the multiple failings that we’ve seen in risk management, in due diligence, in record-keeping, in the knowledge of key people, et cetera, et cetera. It seems that the practice at the park was simply to accept what had always been done in terms of policy and procedure.
And despite changes to safety standards and practices happening over time, because this is an old ride, only limited and largely reactionary consideration was ever given to making changes, including training, provided to staff. So, reactionary -bad word. We’re supposed to predict risk and prevent harm from happening. So, multiple failures in due diligence here and on staff training, providing adequate staff training, providing adequate procedures, et cetera.
The coroner goes on to say, “regardless of the training provided at the park, it would never have been sufficient to overcome the poor design of the ride. The lack of automation and engineering controls”. So, again, the hierarchy of controls was not applied, and relatively cheap, engineering controls were not used, placing an undue burden on the operator. Sadly, this is all too common in many applications. This is one of the reasons they are not naming the ride operators or trying to shame them because I’ve seen this happen in so many different places. It wouldn’t be fair to single these people out.
‘Incident-Free’ Operations?
Now we have a curious, a curious little statement in paragraph 1040. The coroner says “submissions are made that there was a 30-year history of incident-free operation of the ride”. So, what it looks like is that the ride operators, and management, trying to tell the coroner that they never had an incident on the ride in 30 years, which sounds pretty impressive, doesn’t it, at face value?
But of course, the coroner already knew or discovered later on that there had been incidents on the ride. Two previous incidents were very similar to the fatal accident. Now, on the surface, this looks bad, doesn’t it? It looks like the ride management was trying to mislead the coroner. I don’t think that’s the case because I’ve seen many organizations do poor incident reporting, poor incident recording, and poor learning from experience from incidents. It doesn’t surprise me that the senior management was not aware of incidents on their ride. Unfortunately, it’s partly human nature.
Nobody likes to dwell on their failures or think about nasty things happening, and nobody likes to go to the boss saying we need to shut down a moneymaking ride. Don’t forget, this was a very popular ride. We need to shut down a moneymaking ride to spend more money on modifications to make it safer. And then management turns around and says, “Well, nobody’s been hurt. So, what’s the problem?” And again, I’ve seen this attitude again and again, even on people operating much more sophisticated and much more dangerous equipment than this. So, whilst this does look bad- the optics are not good, as they like to say. I don’t think there’s a conspiracy going on here. I think it’s just stupid mistakes because it’s so common. Moving on.
Standards
Now the coroner goes on to talk about standards not being followed, particularly when standards get updated over time. Bearing in mind this ride was 30 years old. The coroner states “it is essential that any difference in these standards are recognized and steps taken to ensure any shortfalls with a device manufactured internationally is managed”. Now, this is a little bit of an aside, because as I’ve mentioned before, the TRRR was actually designed and manufactured in Australia. Albeit not to any standards that we would recognize these days. But most rides were not and this highlights the duties of importers. So, if you import something from abroad, you need to make sure that it complies with Australian requirements. That’s a requirement, that’s a duty under WHS law. We’ll come back to this in just a moment.
The Role Of The Regulator
We’ll skip that one because we’ve done training and competency to death. So, following on about the international standards, the coroner also has a crack at the Queensland regulator, who I won’t name, and says “the regulator draws my attention to the difficulties arising when we’re requiring all amusement devices to comply with Australian standards. This difficulty is brought about by the fact that most amusement devices are designed and manufactured overseas, predominantly based on European standards”. [Actually, WHS law generally does NOT require us to comply with Australian Standards!]
Now, in the rest of the report, the coroner has a good old crack at the regulator. The coroner sticks the boot into the regulator for being pretty useless. And sadly, that’s no surprise in Australia. So basically, the regulator said, “Oh, it’s all too difficult!” And you think, “Well, it’s your job, actually, so why haven’t you done it properly?”
But being a little bit more practical, if you work in an industry where a lot of stuff is imported and let’s face it, that’s pretty common in Australia, you’ve got two choices. You can either try and change Australian standards so that they align better to the standards of the kit where you’re getting the stuff from in your industry, or maybe the regulators could say, “Okay, this is a common problem across the industry. We will provide some guidance that tells you how to make that transition from the international standards to Australian standards and what we as the regulator consider acceptable and not acceptable”. And then that helps the industry to do the right thing and to be consistent in terms of operation and enforcement.
So, the regulator is letting people who they regulate know this is the standard that is required of you, this is what you have to do. And that’s the job of a good regulator. So, the fact that the regulator in this particular case just hadn’t bothered to do so over some decades, it would seem, doesn’t say a lot for the professionalism of the regulator. And I’m not surprised that the coroner decided to have a go at them.
Summary
So, we’ve been through just over 20 comments, I think. I mean, I had 24/25 in total, but I skipped a few because they were a bit repetitive and it’s interesting to note that there were two major comments on failure to conduct designer duties and that kind of thing. Seven on risk management, four on SFARP, although of course, all the risk management ones also affect SFARP, and five on due diligence. So, there’re almost 20 significant breaches there and I wasn’t even really trying to pick up everything the coroner said. And bearing in mind, I was only reading from the summary. I didn’t bother reading the whole report because it’s pages and pages and pages.
And the lesson that we can draw from this, friends, is not to bash the people who make mistakes, but to learn lessons for ourselves. How could we do better? And I think the lesson is everything that we need to do has been set out in the WHS Act, in the WHS regulations. Then there are codes of practice that give us guidance in particular areas and our general responsibilities and these codes of practice also guide us on to what could should be considered, SFARP, for certain hazards and risks. There’s also some fantastic guidance, documentation, and information available from Safe Work Australia. On, for example, human factors and good work design and so on.
So, there’s lots of really good, really readable information out there and it’s all free. It’s all available on that wonderful thing we call the Internet. So, there is no excuse for making basic mistakes like this and killing people. It’s not that difficult. And a lot of the safety requirements are not that onerous. You don’t have to be a rocket scientist to read them and understand them. A lot of the requirements are basic, structured, common sense.
So, the lesson from this awful accident is it doesn’t have to be this way. We can do much better than that quite easily and if we don’t and something goes wrong, then the law will be after us. It will be interesting to see- I believe that WorkSafe Queensland is now investigating to see whether they’re going to bring any prosecutions that should be said. The police investigated and didn’t bring any prosecutions against individuals. I don’t know if Queensland has a corporate manslaughter act. I wouldn’t think so based on the fact that they’ve not prosecuted anybody, but you don’t need to find an individual guilty of gross negligence, or manslaughter for four WHS to take effect.
So, I suspect that in due course, we will see the operators of the theme park probably cop a significant fine and maybe some of their directors and senior managers will be going to jail. That’s how serious these and how numerous these breaches are. You don’t need to dig very deep to see what’s gone wrong and to see the legal obligations have not been met.
Meet the Author
My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!
I’ve just passed the Certified Information Systems Security Professional (CISSP) Exam…
Get the full ‘My CISSP Exam Journey’ free video here.
I’ve just passed the Certified Information Systems Security Professional (CISSP) Exam, which was significantly updated on 1st May 2021. In this 30-minute video I will cover:
The official CISSP course and course guide;
The 8 Domains of CISSP, and how to take stock of your knowledge of them;
The official practice questions and the Study Guide;
The CISSP Exam itself; and
Lessons learned from my journey.
I wish you every success in your CISSP journey: it’s tough, but you can do it!
To get a full course on what’s new in all eight Domains of the CISSP Exam outline (for FREE!) Click Here.
Transcript: My CISSP Exam Journey
Hi, Everyone,
My name is Simon Di Nucci and I’ve just passed the new CISSP exam; for those of you who don’t know what that is, that’s the Certified Information Systems Security professional. It’s new because the exams have been around a long time, but the syllabus and the exam itself have undergone a significant change as of the 1st of May this year. I’m probably one of the first people to pass the new exam, which I have to tell you was a great relief because it was really it was a tough exam and it was tough preparing for it.
It was a big mountain to climb. I am very, very relieved to have passed. Now, I hope to share some lessons with you. When I mentioned that I passed on the cybersecurity groups on Facebook and LinkedIn, I got a huge response from people who appreciated how difficult it is to do this and also lots of questions. And whilst I can’t talk about the specifics of the exam, that’s not allowed, I can share some really useful lessons learned from my journey.
Introduction
So I’m going to be talking about what I did:
The Official Course, and the Student Guide;
How I took stock at the start of the revision process;
How I revised using the practice questions and the Study Guide;
Something about the exam itself; and
Lessons learned.
The Official Course
So let’s get on with it. My journey was that two, or three years ago, the firm that I worked for decided that they wanted me to take the CISSP exam in order to improve our credibility when doing cybersecurity and my credibility.
I was sent on a five-day course which was very intense and it was the official book.is the official ISC2 course. And that was several hundred slides a day for five days. It was very intense. And as you can see, the guy that you get with a pretty hefty eight hundred pages of closely packed and high-quality material. I was taught by someone who was clearly a very experienced expert in the field.
It was a good quality course. It cost about $3,700 (Australian). I think that’s about $2,500 (US). In terms of the investment, I think it was worth it because it covered a lot of ground and I was very rusty on a lot of this stuff. It was it was a useful ‘crammer’ to get back into this stuff. As I said, [the Study Guide is] 800 pages long. I’ve done a lot of revising!
Practical Things
Let’s put that to one side. The course was very good, but of course, it takes some time out of your schedule to do it. You need the money and the support from your workplace to be able to do that. There are now online courses, which I haven’t been on, I can’t say how good they are, but they are cheaper and they’re spread out. I think you do a day or two per week for a period of several weeks.
And I think that’s got to be really good because you’re going to have more time to consolidate this huge amount of information in your head. No disrespect to the face-to-face course. It was very good. I think the online courses could be even better and a lot more accessible. That was the course. Now, I did that in November twenty nineteen and I intended to do some revision and then take the exam probably in early.
In March, April 2020, global events got in the way of that and all the exam centers were closed down. I couldn’t do that. Basically, I sort of forgot about it for a period of months. And then at the tail end of 2020, as things began to improve here in Australia at least, we’ve been very lucky here, exam centers reopened and I thought, well, I really should get back and, you know, try and schedule the exam and do some revision and get on with it.
Exam Preparation
So I did. And starting in the January of this year, I got my management agreement that I would spend one day a week working from home, revising, and that’s what I did. Given that I took the exam in the middle of May, that’s probably 18 full days of revision going through the material and I needed it. Originally, I was going to take the exam, I think, in early April, but I realized at the end of March that I was not ready and I needed more time.
So I put the exam date back to the middle of May. And it was only after I’d done that that it was announced that the syllabus of the exam was changing quite significantly. That was a, you know, extra work then. And fortunately. They. They brought out the official guide to the new exam, and I realized that quite a lot of material to learn. I went through and for example, there are eight domains in CISSP.
And for example, here’s domain number two, asset security. In the pink, I have highlighted all the new things that are in the 1st of May Edition syllabus that were not in the 2018 syllabus. and I went through all of these things and there are quite a few in almost every domain except the first one. There are significant changes. I had to do a lot of extra revision because the syllabus had changed, but nevertheless, it was doable.
To get regular updates from The Safety Artisan, Click Here. For more introductory lessons Start Here.
In this 40-minute video, ‘Introduction to Human Factors’, I am very pleased to welcome Peter Benda to The Safety Artisan.
Peter is a colleague and Human Factors specialist, who has 23 years’ experience in applying Human Factors to large projects in all kinds of domains. In this session we look at some fundamentals: what does Human Factors engineering aim to achieve? Why do it? And what sort of tools and techniques are useful?
This is The Safety Artisan, so we also discuss some real-world examples of how erroneous human actions can contribute to accidents. (See this post for a fuller example of that.) And, of course, how Human Factors discipline can help to prevent them.
In ‘Introduction to Human Factors’, Peter explains these vital terms to us!
Topics
Introducing Peter;
The Joint Optimization Of Human-Machine Systems;
So why do it (HF)?
Introduction to Human Factors;
Definitions of Human Factors;
The Long Arm of Human Factors;
What is Human Factors Integration? and
More HF sessions to come…
Introduction to Human Factors: Transcript
Introduction
Simon: Hello, everyone, and welcome to the Safety Artisan: Home of Safety Engineering Training. I’m Simon and I’m your host, as always. But today we are going to be joined by a guest, a Human Factors specialist, a colleague, and a friend of mine called Peter Benda. Now, Peter started as one of us, an ordinary engineer, but unusually, perhaps for an engineer, he decided he didn’t like engineering without people in it. He liked the social aspects and the human aspects and so he began to specialize in that area. And today, after twenty-three years in the business, and first degree and a master’s degree in engineering with a Human Factors speciality. He’s going to join us and share his expertise with us.
So that’s how you got into it then, Peter. For those of us who aren’t really familiar with Human Factors, how would you describe it to a beginner?
Peter: Well, I would say it’s The Joint Optimization Of Human-Machine Systems. So it’s really focusing on designing systems, perhaps help holistically would be a term that could be used, where we’re looking at optimizing the human element as well as the machine element. And the interaction between the two. So that’s really the key to Human Factors. And, of course, there are many dimensions from there; environmental, organizational, job factors, human and individual characteristics. All of these influence behaviour at work and health and safety. Another way to think about it is the application of scientific information concerning humans to the design of systems. Systems are for human use, which I think most systems are.
Simon: Indeed. Otherwise, why would humans build them?
Peter: That’s right. Generally speaking, sure.
Simon: So, given that this is a thing that people do then. Perhaps we’re not so good at including the human unless we think about it specifically?
Peter: I think that’s fairly accurate. I would say that if you look across industries, and industries are perhaps better at integrating Human Factors, considerations or Human Factors into the design lifecycle, that they have had to do so because of the accidents that have occurred in the past. You could probably say this about safety engineering as well, right?
Simon: And this is true, yes.
Peter: In a sense, you do it because you have to because the implications of not doing it are quite significant. However, I would say the upshot, if you look at some of the evidence –and you see this also across software design and non-safety critical industries or systems –that taking into account human considerations early in the design process typically ends up in better system performance. You might have more usable systems, for example. Apple would be an example of a company that puts a lot of focus into human-computer interaction and optimizing the interface between humans and their technologies and ensuring that you can walk up and use it fairly easily. Now as time goes on, one can argue how out how well Apple is doing something like that, but they were certainly very well known for taking that approach.
Simon: And reaped the benefits accordingly and became, I think, they were the world’s number one company for a while.
Peter: That’s right. That’s right.
Simon: So, thinking about the, “So why do it?” What is one of the benefits of doing Human Factors well?
Peter: Multiple benefits, I would say. Clearly, safety and safety-critical systems, like health and safety; Performance, so system performance; Efficiency and so forth. Job satisfaction and that has repercussions that go back into, broadly speaking, that society. If you have meaningful work that has other repercussions and that’s sort of the angle I originally came into all of this from. But, you know, you could be looking at just the safety and efficiency aspects.
Simon: You mentioned meaningful work: is that what attracted you to it?
Peter: Absolutely. Absolutely. Yes. Yes, like I said I had a keen interest in the sociology of work and looking at work organization. Then, for my master’s degree, I looked at lean production, which is the Toyota approach to producing vehicles. I looked at multiskilled teams and multiskilling and job satisfaction. Then looking at stress indicators and so forth versus mass production systems. So that’s really the angle I came into this. If you look at it, mass production lines where a person is doing the same job over and over, it’s quite repetitive and very narrow, versus the more Japanese style lean production. There are certainly repercussions, both socially and individually, from a psychological health perspective.
Simon: So, you get happy workers and more contented workers –
Peter: – And better quality, yeah.
Simon: And again, you mentioned Toyota. Another giant company that’s presumably grown partly through applying these principles.
Peter: Well, they’re famous for quality, aren’t they? Famous for reliable, high-quality cars that go on forever. I mean, when I moved from Canada to Australia, Toyota has a very, very strong history here with the Land Cruiser, and the high locks, and so forth.
Simon: All very well-known brands here. Household names.
Peter: Are known to be bombproof and can outlast any other vehicle. And the lean production system certainly has, I would say, quite a bit of responsibility for the production of these high-quality cars.
Simon: So, we’ve spoken about how you got into it and “What is it?” and “Why do it?” I suppose, as we’ve said, what it is in very general terms but I suspect a lot of people listening will want to know to define what it is, what Human Factors is, based on doing it. On how you do it. It’s a long, long time since I did my Human Factors training. Just one module in my masters, so could you take me through what Human Factors involves these days in broad terms.
Peter: Sure, I actually have a few slides that might be useful –
Simon: – Oh terrific! –
Peter: – maybe I should present that. So, let me see how well I can share this. And of course, sometimes the problem is I’ll make sure that – maybe screen two is the best way to share it. Can you see that OK?
Understanding System Safety Engineering: A Holistic Approach to Ensuring Safety. To know that we first need to understand what Systems Engineering is…
Section 1: The Basics of Systems Engineering
It starts with needs and concepts, which may be quite abstract, and progressively breaks these down into concrete, specific requirements. We also determine how those requirements will be verified.
Section 2: The Transformative Process
We then transform those requirements into a logical architecture and then into a design. Then the design is translated into physical and functional components that can be developed or bought. Through all these transformations, the requirements are decomposed and flow down. Thus, we see how each component, or Configurable Item, contributes to meeting the requirements for the overall System.
Section 3: The Practice of System Safety Engineering
Finally, we must put the components together – integrate them – perhaps testing as we go to make sure that they work together. We can then verify the completed system, and support customer validation.
That’s the theory (albeit very briefly, I went on a week-long course just to learn the basics). In my experience, the practice of System Safety Engineering involves five things, it:
Deals with the whole system, including software, data, people, and environment;
Uses a systematic (rigorous) process;
Concentrates on requirements (to cope with complexity);
Considers safety early in the system life cycle; and
Handles complexity cost-effectively and efficiently.
Understanding System Safety Engineering: A Holistic Approach to Ensuring Safety
Understanding System Safety Engineering: A Holistic Approach to Ensuring Safety – watch the Lesson Here.
What is system safety or system safety engineering? Well, as the name suggests, system safety is engineering safety in a systems-engineering context. Okay. So it’s safety that’s deliberately sat within a systems-engineering framework.
That drives everything about how we consider safety. Like systems engineering in general, it follows systems theory. But I’m not going to talk about systems theory now. That’s a huge subject.
I’m not actually an expert in [the theory], but I’m going to talk about three practical things that I’ve observed from doing system safety for 25 years or so.
Section 5: Considering the Whole System
First of all, we consider the system holistically. So it’s not just the technical stuff. It’s not just the hardware. It’s the software as well if there’s any software in the system.
It’s the operating environment around the system and what we’re doing with it, the functions that we’re asking it to do, all the applications that we’re putting it to, and we include the people who are using it. We include all the data that’s being used, all of the documentation, everything. So we are looking at the system as a whole in accordance with systems theory. That’s the first point.
Section 6: A Systematic Process
The second point is that it is systematic from a process point of view.
We’re following a rigorous process whereby maybe we start with some sort of high-level requirements, and we think about in safety terms what could go wrong. And we think about all of our safety obligations, what we must do. And then we decompose that, break down the problem piece by piece, systematically down to a component level. And then we consider all of the components, and then we systematically integrate it all back together.
And what I’m kind of indicating is the V model, where we start at the top left-hand corner with our requirements. And then from our requirements, we think about, well, how are we going to demonstrate that we’ve met those requirements at the end of the process? And then we carry on going down the decomposing into more detail but also thinking about how we’re going to verify and validate that we’ve done what we needed to do at every stage when we integrate and come back up the other side.
So that’s the systematic part of the process.
Section 7: Requirements and Safety
And then Thirdly, which are kind of hinted up already, is a big thing about requirements.
In systems engineering, we are talking about complex stuff. It’s hard to understand. It’s not a toaster. It’s not a simple commodity item, where we can just go, well, I want a toaster and everybody knows what a toaster does or should do and what it shouldn’t do. We want to want it to toast bread and other things, but we don’t want it to electrocute people.
You know what a toaster is. You don’t need to articulate the requirements of a toaster. But if it’s something more complicated, like a ship or a power station or a complex piece of information technology, you want to develop a big software system to do something, then that’s very complicated, and you need to consider the requirements in a systematic fashion, starting at the top level, thinking about big picture stuff, what’s the system and its boundaries, what does it interact with? What do we want it to do?
Then we need to go to a lot of effort to rigorously decompose that and come up with requirements, which you then verify and validate at the end of the project – or preferably before to avoid surprises. That’s a big part of systems engineering, as we’re dealing with complexity, and systems safety evolved to fit in with systems engineering. It uses all of those concepts, all of those are powerful levers to help us engineer safety into a system rather than just adding it on at the very end.
Section 8: Think Safety from the Start
I guess that’s the fourth big point. We start to think about safety right at the beginning, at the top left-hand corner of the V, not just at the end, and then add it on and hope everything will be all right, because that doesn’t usually work. And that’s a very, usually a very expensive and ineffective way to do things.
So that’s another point that system safety engineering. We are engineering safety into the system early because that is a more cost-effective way of doing it.
Summary
To summarise system safety engineering, remember:
It’s systematic in terms of the way we think about the system and all of its parts;
It’s systematic in terms of the process, the way we approach the task and break down the tasks rigorously and put them back together; and
It borrows from systems engineering and systems theory in the way we consider requirements.
Those three things are system safety engineering. For more on system safety try the FAQ post and the system safety assessment page.
Understanding System Safety Engineering: A Holistic Approach to Ensuring Safety
Software Safety Principles Conclusions and References is the sixth and final blog post on Principles of Software Safety Assurance. In them, we look at the 4+1 principles that underlie all software safety standards. (The previous post in the series is here.)
Read on to Benefit From…
The conclusions of this paper are brief and readable, but very valuable. It’s important for us – as professionals and team players – to be able to express these things to managers and other stakeholders clearly. Talking to non-specialists is something that most technical people could do better.
The references include links to the standards covered by the paper. Unsurprisingly, these are some of the most popular and widely used processes in software engineering. The other links take us to the key case studies that support the conclusions.
Content
We outline common software safety assurance principles that are evident in software safety standards and best practices. You can think of these guidelines as the unchanging foundation of any software safety argument because they hold true across projects and domains.
The principles serve as a guide for cross-sector certification and aid in maintaining comprehension of the “big picture” of software safety issues while evaluating and negotiating the specifics of individual standards.
Conclusion
These six blog posts have presented the 4+1 model of foundational principles of software safety assurance. The principles strongly connect to elements of current software safety assurance standards and they act as a common benchmark against which standards can be measured.
Through the examples provided, it’s also clear that, although these concepts can be stated clearly, they haven’t always been put into practice. There may still be difficulties with their application by current standards. Particularly, there is still a great deal of research and discussion going on about the management of confidence with respect to software safety assurance (Principle 4+1).
[My own, informal, observations agree with this last point. Some standards apply Principle 4+1 more rigorously, but as a result, they are more expensive. As a result, they are less popular and less used.]
Standards and References
[1] RTCA/EUROCAE, Software Considerations in Airborne Systems and Equipment Certification, DO-178C/ED-12C, 2011.
[2] CENELEC, EN-50128:2011 – Railway applications – Communication, signaling and processing systems – Software for railway control and protection systems, 2011.
[3] ISO-26262 Road vehicles – Functional safety, FDIS, International Organization for Standardization (ISO), 2011
[4] IEC-61508 – Functional Safety of Electrical / Electronic / Programmable Electronic Safety-Related Systems. International Electrotechnical Commission (IEC), 1998
[5] FDA, Examples of Reported Infusion Pump Problems, Accessed on 27 September 2012,
[9] JPL Special Review Board, “Report on the Loss of the Mars Polar Lander and Deep Space 2 Missions”, Jet Propulsion Laboratory”, March 2000.
[10] Australian Transport Safety Bureau. In-Flight Upset Event 240Km North-West of Perth, WA, Boeing Company 777-2000, 9M-MRG. Aviation Occurrence Report 200503722, 2007.
[11] H. Wolpe, General Accounting Office Report on Patriot Missile Software Problem, February 4, 1992, Accessed on 1st October 2012, Available at: http://www.fas.org/spp/starwars/gao/im92026.htm
[13] D.M. Hunns and N. Wainwright, Software-based protection for Sizewell B: the regulator’s perspective. Nuclear Engineering International, September 1991.
[14] R.D. Hawkins, T.P. Kelly, A Framework for Determining the Sufficiency of Software Safety Assurance. IET System Safety Conference, 2012.
[15] SAE. ARP 4754 – Guidelines for Development of Civil Aircraft and Systems. 1996.
Software Safety Principles: End of the Series
This blog post series was derived from ‘The Principles of Software Safety Assurance’, by RD Hawkins, I Habli & TP Kelly, University of York. The original paper is available for free here. I was privileged to be taught safety engineering by Tim Kelly, and others, at the University of York. I am pleased to share their valuable work in a more accessible format.
Meet the Author
My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!
Principles of Software Safety Training
Learn more about this subject in my course ‘Principles of Safe Software’ here.
My course on Udemy, ‘Principles of Software Safety Standards’ is a cut-down version of the full Principles Course. Nevertheless, it still scores 4.42 out of 5.00 and attracts comments like:
“It gives me an idea of standards as to how they are developed and the downward pyramid model of it.” 4* Niveditha V.
“This was really good course for starting the software safety standareds, comparing and reviewing strengths and weakness of them. Loved the how he try to fit each standared with4+1 principles. Highly recommend to anyone that want get into software safety.” 4.5* Amila R.
“The information provides a good overview. Perfect for someone like me who has worked with the standards but did not necessarily understand how the framework works.” 5* Mahesh Koonath V.
“Really good overview of key software standards and their strengths and weaknesses against the 4+1 Safety Principles.” 4.5*Ann H.
In this 45-minute video, I discuss System Safety Principles, as set out by the US Federal Aviation Authority in their System Safety Handbook. Although this was published in 2000, the principles still hold good (mostly) and are worth discussing. I comment on those topics where the modern practice has moved on, and those jurisdictions where the US approach does not sit well.
This is the ten-minute preview of the full, 45-minute video.
Hello and welcome to The Safety Artisan where you will find professional pragmatic and impartial educational products. I’m Simon and it’s the 3rd of November 2019. Tonight I’m going to be looking at a short introduction to System Safety Principles.
Introduction
On to system safety principles; in the full video we look at all principles from the U.S. Federal Aviation Authority’s System Safety Handbook but in this little four- or five-minute video – whatever it turns out to be – we’ll take a quick look just to let you know what it’s about.
Topics for this Session
These are the subjects in the full session. Really a fundamental statement; we talk about planning; talk about the management authority (which is the body that is responsible for bringing into existence -in this case- some kind of aircraft or air traffic control system, something like that, something that the FAA would be the regulator for in the US).
We talk about safety precedents. In other words, what’s the most effective safety control to use. Safety requirements; system analyses – which are highlighted because that’s just the sample I’m going to talk about, tonight; assumptions and safety criteria; emphasis and results – which is really about how much work you put in where and why; management authority responsibilities; a little aside of a specialist area – software hazard analysis; And finally, what you need for an effective System Safety Program.
Now, it’s worth mentioning that this is not an uncritical look at the FAA handbook. It is 19 years old now so the principles are still good, but some of it’s a bit long in the tooth. And there are some areas where, particularly on software, things have moved on. And there are some areas where the FAA approach to system safety is very much predicated on an American approach to how these things are done.
Systems Analysis
So, without further ado, let’s talk about system analysis. There are two points that the Handbook makes. First of all, these analyses are basic tools for systematically developing design specifications. Let’s unpack that statement. So, the analyses are tools- they’re just tools. You’ve still got to manage safety. You’ve still got to estimate risk and make decisions- that’s absolutely key. The system analyses are tools to help you do that. They won’t make decisions for you. They won’t exercise authority for you or manage things for you. They’re just tools.
Secondly, the whole point is to apply them systematically. So, coverage is important here- making sure that we’ve covered the entire system. And also doing things in a thorough and orderly fashion. That’s the systematic bit about it.
And then finally, it’s about developing design specifications. Now, this is where the American emphasis comes in. But before we talk about that, it’s fundamental to note that really we need to work out what our safety requirements are.
What are we Trying to Achieve?
What are we trying to achieve here with safety? And why? These are really important concepts because if you don’t know what you’re trying to achieve then it will be very difficult to get there and to demonstrate that you’ve got there – which is kind of the point of safety. Putting effort into getting the requirements right is very important because without doing that first step all your other work could be invalid. In my experience of 20-plus years in the business, if you don’t have a precise grasp of what you’re trying to achieve then you’re going to waste a lot of time and money, probably.
So, onto the second bullet point. Now the handbook says that the ultimate measure of safety is not the scope of analysis but in satisfying requirements. So, the first part – very good. We’re not doing analysis for the sake of it. That’s not the measure of safety – that we’ve analyzed something to death or that we’ve expended vast amounts of dollars on doing this work but that we’ve worked out the requirements and the analysis has helped us to meet them. That is the key point.
Safety in Different Jurisdictions
This is where it can go slightly pear-shaped in that this emphasis on requirements (almost to the exclusion of anything else) is a very U.S.-centric way of doing things. So, very much in the US, the emphasis is you meet the spec, you certify that you’ve met spec and therefore we’re safe. But of course what if the spec is wrong? Or what if it’s just plain inappropriate for a new use of an existing system or whatever it might be?
In other jurisdictions, notably the U.K. (and as you can tell from my accent that’s where I’m from, I’ve got a lot of experience doing safety work in the U.K. but also Australia where I now live and work) it’s not about meeting requirements. Well, it is but let me explain. In the UK and Australia, English law works on the idea of intent.
So, we aim to make something safe: not whether it has that it’s necessarily met requirements or not, that doesn’t really matter so much, but is the risk actually reduced to an acceptable level? There are tests for deciding what is acceptable. Have you complied with the law? The law outside the US can take a very different approach to “it’s all about the specification”.
Not Just the Specification
Of course, those legal requirements and that requirement to reduce risk to an acceptable level, are, in themselves, requirements. But in Australian or British legal jurisdiction, you need to think about those legal requirements as well. They must be part of your requirements set.
So, just having a specification for a technical piece of cake that ignores the requirements of the law, which include not only design requirements but the thing is actually safe in service and can be safely introduced, used, disposed of, etc. If you don’t take those things into account you may not meet all your obligations under that system of law.
So, there’s an important point to understanding and using American standards and an American approach to system safety out of the assumed context. And that’s true of all standards and all approaches but it’s a point I bring out in the main video quite forcefully because it’s very important to understand.
Good work design can help us achieve safe outcomes by designing safety into work processes and the design of products. Adding safety as an afterthought is almost always less effective and costs more over the lifecycle of the process or product.
Introduction
The Australian Work Health and Safety Strategy 2012-2022 is underpinned by the principle that well-designed healthy and safe work will allow workers to have more productive lives. This can be more efficiently achieved if hazards and risks are eliminated through good design.
This handbook contains ten principles that demonstrate how to achieve the good design of work and work processes. Each is general in nature so they can be successfully applied to any workplace, business, or industry.
The ten principles for good work design are
structured into three sections:
Why good work design is important;
What should be considered in good work design; and
How good work is designed.
These principles are shown in the diagram in Figure 1.
Figure 1. Good work design principles.
This handbook complements a range of
existing resources available to businesses and work health and safety
professionals including guidance for the safe design of plant and structures
see the Safe Work Australia Website.
Scope of the Handbook
This handbook provides information on how to apply good work design principles to work and work processes to protect workers and others who may be affected by the work.
It describes how design can be used to set up the workplace, working environment, and work tasks to protect the health and safety of workers, taking into account their range of abilities and vulnerabilities, so far as reasonably practicable.
The handbook does not aim to provide advice on managing situations where individual workers may have special requirements such as those with a disability or on a return to work program following an injury or illness.
Who Should Use this Handbook?
This handbook should be used by those with
a role in designing work and work processes, including:
Persons conducting a business or undertaking (PCBUs) with a primary duty of care under the model Work Health and Safety (WHS) laws.
PCBUs who have specific design duties relating to the design of plant, substances, and structures including the buildings in which people work.
People responsible for designing organizational structures, staffing rosters, and systems of work.
Professionals who provide expert advice to organizations on work health and safety matters.
Good work design optimizes work health and safety, human performance, job satisfaction, and business success.
Information:Experts who provide advice on the design of work may include: engineers, architects, ergonomists, information, and computer technology professionals, occupational hygienists, organizational psychologists, human resource professionals, occupational therapists, and physiotherapists.
What is ‘Good Work’?
‘Good work’ is healthy and safe work where the hazards and risks are eliminated or minimized so far as is reasonably practicable. Good work is also where the work design optimizes human performance, job satisfaction, and productivity.
Good work contains positive work elements that
can:
protect workers from harm to their health, safety, and welfare;
improve worker health and wellbeing; and
improve business success through higher worker productivity.
What is Good Work Design?
The most effective design process begins at the earliest opportunity during the conceptual and planning phases. At this early stage there is the greatest chance of finding ways to design-out hazards, incorporate effective risk control measures, and design-in efficiencies.
Effective design of good work considers:
The work:
how work is performed, including the physical, mental and emotional demands of the tasks and activities
the task duration, frequency, complexity, and
the context and systems of work.
The physical working
environment:
the plant, equipment, materials, and substances used, and
the vehicles, buildings, and structures that are workplaces.
The workers:
physical, emotional, and mental capacities and needs.
Effective design of good work can radically transform the workplace in ways that benefit the business, workers, clients, and others in the supply chain.
Failure to consider how work is designed can result in poor risk management and lost opportunities to innovate and improve the effectiveness and efficiency of work.
I suspect that many of us have seen badly-designed work, which results in workarounds or waste, or both. A little fore-thought can prevent this.
Top Tip
The principles for good work design
support duty holders to meet their obligations under the WHS laws and also help
them to achieve better business practice generally.
For the purposes of this handbook, a work designer is anyone who makes decisions about the design or redesign of work. This may be driven by the desire to improve productivity as well as the health and safety of people who will be doing the work
The WHY Principles
Why is good work design important?
Principle 1: Good
work design gives the highest level of protection so far as is reasonably
practicable
All workers have a right to the highest practicable level of protection against harm to their health, safety, and welfare.
The primary purpose of the WHS laws is to protect persons from work-related harm so far as is reasonably practicable.
Harm relates to the possibility that death, injury, illness, or disease may result from exposure to a hazard in the short or long term.
Eliminating or minimizing hazards at the source before risks are introduced in the workplace is a very effective way of providing the highest level of protection.
Principle 1 refers to the legal duties under the WHS laws. These laws provide the framework to protect the health, safety, and welfare of workers and others who might be affected by the work. During the work design, process workers and others should be given the highest level of protection against harm that is reasonably practicable.
Prevention of workplace
injury and illness
Well-designed work can prevent work-related deaths, injuries, and illnesses. The potential risk of harm from hazards in a workplace should be eliminated through good work design.
Only if that is not reasonably practicable, then the design process should minimize hazards and risks through the selection and use of appropriate control measures.
New hazards may inadvertently be created when changing work processes. If the good work design principles are systematically applied, potential hazards and risks arising from these changes can be eliminated or minimized.
Information: Reducing the speed of an inappropriately fast process line will not only reduce production errors, but can also diminish the likelihood of a musculoskeletal injury and mental stress.
Principle 2: Good
work design enhances health and wellbeing
Health is a “state of complete physical, mental, and social wellbeing, not merely the absence of disease or infirmity” (World Health Organisation).
Designing good work can help improve health over the longer term by improving workers’ musculoskeletal condition, cardiovascular functioning, and mental health.
Good work design optimizes worker function and improves participation enabling workers to have more productive working lives.
Health
benefits
An effective design aims to prevent harm, but it can also positively enhance the health and wellbeing of workers, for example, satisfying work and positive social interactions can help improve people’s physical and mental health.
As a general guide, the healthiest workers have been found to be three times more productive than the least healthy. It, therefore, makes good business sense for work design to support people’s health and wellbeing.
Information: Recent research has shown long periods of sitting (regardless of exercise regime) can lead to an increased risk of preventable musculoskeletal disorders and chronic diseases such as diabetes. In an office environment, prolonged sitting can be reduced by allowing people to alternate between sitting or standing whilst working.
Principle 3: Good
work design enhances business success and productivity
Good work design prevents deaths, injuries, and illnesses and their associated costs, improves worker motivation and engagement, and in the long-term improves business productivity.
Well-designed work fosters innovation, quality, and efficiencies through effective and continuous improvement.
Well-designed work helps manage risks to business sustainability and profitability by making work processes more efficient and effective and by improving product and service quality.
Cost savings and productivity improvements
Designing-out problems before they arise is generally cheaper than
making changes after the resulting event, for example by avoiding expensive
retrofitting of workplace controls.
Good work design can have direct and tangible cost savings by
decreasing disruption to work processes and the costs from workplace injuries
and illnesses.
Good work design can also lead to productivity improvements and
business sustainability by:
allowing organizations to adjust to changing business needs and streamline work processes by reducing wastage, training, and supervision costs
improving opportunities for creativity and innovation to solve production issues, reduce errors and improve service and product quality, and
making better use of workers’ skills resulting in more engaged and motivated staff willing to contribute greater additional effort.
Figure 1, The WHY Principles
The WHAT Principles
What should be considered by those with design
responsibilities?
Principle 4: Good work design addresses physical, biomechanical, cognitive, and psychosocial characteristics of work, together with the needs and capabilities of the people involved
Good work design addresses the different hazards associated with work e.g. chemical, biological, and plant hazards, hazardous manual tasks, and aspects of work that can impact mental health.
Work characteristics should be systematically considered when work is designed, redesigned or the hazards and risks are assessed.
These work characteristics should be considered in combination and one characteristic should not be considered in isolation.
Good work design creates jobs and tasks that accommodate the abilities and vulnerabilities of workers so far as reasonably practicable.
All tasks have key characteristics with associated hazards and risks, as shown in Figure 2 below:
Figure 2 – Key characteristics of work.
Hazards and risks associated with tasks are identified and
controlled during good work design processes and they should be considered in
combination with all hazards and risks in the workplace. This highlights that
it is the combination that is important for good work design.
Workers can also be exposed to a number of different hazards from a single task. For example, meat boning is a common task in a meat-processing workplace. This task has a range of potential hazards and risks that need to be managed, e.g. physical, chemical, biological, biomechanical, and psychosocial. Good work design means the hazards and risks arising from this task are considered both individually and collectively to ensure the best control solutions are identified and applied.
Good work design can prevent unintended consequences which might arise if task control measures are implemented in isolation from other job considerations. For example, automation of a process may improve production speed and reduce musculoskeletal injuries but increase the risk of hearing loss if effective noise control measures are not also considered.
Workers have different needs and capabilities; good work design
takes these into account. This includes designing to accommodate them given the
normal range of human cognitive, biomechanical and psychological
characteristics of the work.
Information: The Australian workforce is changing. It is typically older with higher educational levels, more inclusive of people with disabilities, and more socially and ethnically diverse. Good work design accommodates and embraces worker diversity. It will also help a business become an employer of choice, able to attract and retain an experienced workforce.
Principle 5: Good work design considers the business needs, context, and work environment.
Good work design is ‘fit for purpose’ and should reflect the needs of the organization including owners, managers, workers, and clients.
Every workplace is different so approaches need to be context-specific. What is good for one situation cannot be assumed to be good for another, so off-the-shelf solutions may not always suit every situation.
The work environment is broad and includes: the physical structures, plant and technology, work layout, organizational design and culture, human resource systems, work health and safety processes, and information/control systems.
The business organizational structure and culture, decision-making processes, work environment, and how resources and people are allocated to the work will, directly and indirectly, impact on work design and how well and safely the work is done.
The work environment includes the physical structures, plant, and technology. Planning for relocations, refurbishments, or when introducing new engineering systems are ideal opportunities for businesses to improve their work designs and avoid foreseeable risks.
These are amongst the most common work
changes a business undertakes yet good design during these processes is often
quite poorly considered and implemented. An effective design following the
processes described in this handbook can yield significant business benefits.
Information: Off-the-shelf solutions can be explored for some common tasks, however usually design solutions need to be tailored to suit a particular workplace.
Good work design is most effective when it
addresses the specific business needs of the individual workplace or business.
Typically work design solutions will differ between small and large businesses.
However, all businesses must eliminate or minimize their work health and safety risks so far as reasonably practicable. The specific strategies and controls will vary depending on the circumstances.
The table on the next page demonstrates
how to step through the good work design process for small and large
businesses.
Good design steps
In a large business that is downsizing
In a small business that is undergoing a refit
Management commitment
Senior management make their commitment to good work design explicit ahead of downsizing and may hire external expertise.
The owner tells workers about their commitment to designing-out hazards during the upcoming refit of the store layout to help improve safety and efficiency.
Consult
The consequences of downsizing and how these can be managed are discussed in senior management and WHS committee meetings with appropriate representation from affected work areas.
The owner holds meetings with their workers to identify possible issues ahead of the refit.
Identify
A comprehensive workload audit is undertaken to clarify opportunities for improvements.
The owner discusses the proposed refit with the architect and builder and gets ideas for dealing with issues raised by workers.
Assess
A cost-benefit analysis is undertaken to assess the work design options to manage the downsizing.
The owner, architect, and builder jointly discuss the proposed refit and any worker issues directly with workers.
Control
A change management plan is developed and implemented to appropriately structure teams and improve systems of work. Training is provided to support the new work arrangements.
The building refit occurs. Workers are given training and supervision to become familiar with a new layout and safe equipment use.
Review
The work redesign process is reviewed against the project aims by senior managers.
The owner checks with the workers that the refit has improved working conditions and efficiency and there are no new issues.
Improve
Following consultation, refinement of the redesign is undertaken if required.
Minor adjustments to the fit-out are made if required.
Table 1 – steps in good work design for large and small businesses
Principle 6: Good
work design is applied along the supply chain and across the operational
lifecycle.
Good work design should be applied along the supply chain in the design, manufacture, distribution, use and disposal of goods and the supply of services.
Work design is relevant at all stages of the operational life cycle, from start-up, routine operations, maintenance, downsizing and cessation of business operations.
New initiatives, technologies, and changes in organizations have implications for work design and should be considered.
Information: Supply chains are often made up of complex commercial or business relationships and contracts designed to provide goods or services. These are often designed to provide goods or services to a large, dominant business in a supply chain. The human and operational costs of poor design by a business can be passed up or down the supply chain.
Businesses in the supply chain can have
significant influence over their supply chain partners’ work health and safety
through the way they design the work.
Businesses may create risks and so they
need to be active in working with their supply chains and networks to solve
work health and safety problems and share practical solutions for example, for
common design and manufacturing problems.
Health and safety risks can be created at
any point along the supply chain, for example, loading and unloading causing
time pressure for the transport business.
There can be a flow-on effect where the
health and safety and business ‘costs’ of poor design may be passed down the
supply chain. These can be prevented if businesses work with their supply chain
partners to understand how contractual arrangements affect health and safety.
Procurement and contract officers can also positively influence their own organization and others’ work health and safety throughout the supply chain through the good design of contracts.
When designing contractual arrangements
businesses could consider ways to support good work design safety outcomes by:
setting clear health and safety expectations for their supply chain partners, for example through the use of codes of conduct or quality standards
conducting walk-through inspections, monitoring, and comprehensive auditing of supply chain partners to check adherence to these codes and standards
building the capability of their own procurement staff to understand the impacts of contractual arrangements on their suppliers, and
consulting with their supply chain partners on the design of good work practices.
Information: The road transport industry is an example of the application of how this principle can help improve drivers’ health and safety and address issues arising from supply chain arrangements. For example, the National Heavy Vehicle Laws ‘chain of responsibility’ requires all participants in the road transport supply chain to take responsibility for driver work health and safety. Contracts must be designed to allow drivers to work reasonable hours, take sufficient breaks from driving and not have to speed to meet deadlines.
The design of products will strongly impact both health and safety and business productivity throughout their lifecycles. At every stage, there are opportunities to eliminate or minimize risks through good work design. The common product lifecycle stages are illustrated in Figure 3 below.
Figure 3 – common product lifecycle
Information: For more information on the design of structures and plant see ‘Safe design of structures’ and Managing the risks of plant in the workplace and other design guidance on the Safe Work Australia website.
The good work design principles are also
relevant at all stages of the business life cycle. Some of these stages present
particularly serious and complex work health and safety challenges such as
during the rapid expansion or contraction of businesses. Systematic application
of good work design principles during these times can achieve positive work
health and safety outcomes.
New technology is often a key driver of change in work design. It has the potential to improve the quality of outputs, efficiency, and safety of workers, however introducing new technology could also introduce new hazards and unforeseen risks. Good work design considers the impact of the new initiatives and technologies before they are introduced into the workplace and monitors their impact over time.
Information: When designing a machine for safe use, how the maintenance will be undertaken in the future should be considered.
In most workplaces, information and communication technology (ICT) systems are an integral part of all business operations. In practice, these are often the main drivers of work changes but are commonly overlooked as sources of workplace risks. Opportunities to improve health and safety should always be considered when new ICT systems are planned and introduced.
Figure 4, The ICT Triad
The HOW Principles
Principle 7: Engage decision-makers and leaders
Work design or redesign is most effective when there is a high level of visible commitment, practical support, and engagement by decision-makers.
Demonstrating the long-term benefits of investing in good work design helps engage decision-makers and leaders.
Practical support for good work design includes the allocation of appropriate time and resources to undertake effective work design or redesign processes.
Information: Leaders are the key decision-makers or those who influence the key decision-makers. Leaders can be the owners of a business, directors of boards, and senior executives.
Leaders can support good work design by
ensuring the principles are appropriately included or applied, for example in:
key organizational policies and procedures
proposals and contracts for workplace change or design
managers’ responsibilities and as key performance indicators
business management systems and audit reports
organizational communications such as a standing item on leadership meeting agendas, and
the provision of sufficient human and financial resources.
Good work design, especially for complex issues will require adequate time and resources to consider and appropriately manage organizational and/or technological change. Like all business changes, research shows that leader commitment to upfront planning helps ensure better outcomes.
Managers and work health and safety
advisors can help this process by providing their leaders with appropriate and
timely information. This could include for example:
identifying design options that support both business outcomes and work health and safety objectives
assessing the risks and providing short and long term cost-benefit analysis of the recommended controls to manage these risks, and
identifying what decisions need to be taken, when and by whom to effectively design and implement the agreed changes.
Principle 8:
Actively involve the people who do the work, including those in the supply
chain and networks
Persons conducting a business or undertaking (PCBUs) must consult with their workers and others likely to be affected by work in accordance with the work health and safety laws.
Supply chain stakeholders should be consulted as they have local expertise about the work and can help improve work design for upstream and downstream participants.
Consultation should promote the sharing of relevant information and provide opportunities for workers to express their views, raise issues, and contribute to decision-making where possible.
Effective consultation and cooperation of all involved with open lines of communication will ultimately give the best outcomes. Consulting with those who do the work not only makes good sense, it is required under the WHS laws.
Information: Under the model WHS laws (s47), a business owner must, so far as is reasonably practicable, consult with ‘workers who carry out work for the business or undertaking who are, or are likely to be, directly affected by a matter relating to work health or safety.’ This can include a work design issue.
If more than one person has a duty in relation to the same matter, ‘each person with the duty must, so far as is reasonably practicable, consult, co-operate and co-ordinate activities with all other persons who have a duty in relation to the same matter’ (model WHS laws s46).
Workers have knowledge about their own job and often have suggestions on how to solve a specific problem. Discussing design options with them will help promote their ownership of the changes. See Code of practice on consultation.
Businesses that operate as part of a supply chain should consider whether the work design and changes to the work design might negatively impact on upstream or downstream businesses. The supply chain partners will often have solutions to logistics problems that can benefit all parties.
Principle 9:
Identify hazards, assess and control risks, and seek continuous improvement
A systematic risk management approach should be applied in every workplace.
Designing good work is part of the business process and not a one-off event.
Sustainability in the long-term requires that designs or redesigns are continually monitored and adjusted to adapt to changes in the workplace so as to ensure feedback is provided and that new information is used to improve the design.
Good work design should systematically apply the risk management approach to workplace hazards and risks. See Principle 4 for more details.
Typically good work design will involve ongoing discussions with all stakeholders to keep refining the design options. Each stage in the good work design process should have decision points for review of options and to consult further if these are not acceptable. This allows for flexibility to quickly respond to unanticipated and adverse outcomes.
Figure 5 outlines how the risk management
steps can be applied in the design process
Continuous improvements in work health and safety can in part be achieved if the good work design principles are applied at business start-ups and whenever major organizational changes are contemplated. To be most effective, consideration of health and safety issues should be integrated into normal business risk management.
Figure 5 – Steps in the good work design process
Principle 10: Learn
from experts, evidence, and experience
Continuous improvement in work design and hence work health and safety requires ongoing collaboration between the various experts involved in the work design process.
Various people with specific skills and expertise may need to be consulted in the design stage to fill any knowledge gaps. It is important to recognize the strengths and limitations of a single expert’s knowledge.
Near misses, injuries and illnesses are important sources of information about poor design.
Most work design processes will require collaboration and cooperation between internal and sometimes external experts. Internal advice can be sought from workers, line managers, technical support and maintenance staff, engineers, ICT systems designers, work health and safety advisors, and human resource personnel.
Depending on the design issue, external experts may be required such as architects, engineers, ergonomists, occupational hygienists, and psychologists.
Information: If you provide advice on work design options it is important to know and work within the limitations of your discipline’s knowledge and expertise. Where required make sure you seek advice and collaborate with other appropriate design experts.
For complex and high-risk projects, ideally, a core group of the same people should remain involved during both the design and implementation phases with other experts brought in as necessary.
The type of expert will always depend on the circumstances. When assessing the suitability of an expert consider their qualifications, skills, relevant knowledge, technical expertise, industry experience, reputation, communication skills, and membership of professional associations.
Information: Is the consultant suitably qualified? A suitably qualified person has the knowledge, skills, and experience to provide advice on a specific design issue. You can usually check with the professional association to see if the consultant is certified or otherwise recognized by them to provide work design advice.
The decision to design or redesign work should be based on sound evidence. Typically this evidence will come from many sources such as both proactive and reactive indicators, information about new technology, or the business decisions to downsize, expand or restructure or to meet the requirements of supply chain partners.
Proactive and reactive indicators can also be used to monitor the effectiveness and efficiency of the design solution.
Information: Proactive indicators provide early information about the work system that can be used to prevent accidents or harm. These might include for example: key process variables such as temperature or workplace systems indicators such as the number of safety audits and inspections undertaken.
Reactive indicators are usually based on incidents that have already occurred. Examples include the number and type of near misses and worker injury and illness rates.
Useful
information about common work design problems and solutions can also often be
obtained from:
work health and safety
regulators
industry associations and
unions
trade magazines and suppliers,
and
specific research papers.
Figure 6, Sources of Work Design Information
Good Work Design: Summary
The ten principles of good work design can be
applied to help support better work health and safety outcomes and business
productivity. They are deliberately high level and should be broadly applicable
across the range of Australian businesses and workplaces. Just as every
workplace is unique, so is the way each principle can be applied in practice.
When considering these principles in any work design also ensure you take into account your local jurisdictional work health and safety requirements.
My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!
I have made some changes to the text to improve the layout and correct minor problems with Figure numbering in the original document. ‘Top Tips’ are my own, based on my 10+ years of experience working in system safety under Austalian WHS.
Testimonials from 20+ years in the industry. Hear what some clients and ex-colleagues have to say about The Safety Artisan.
General Testimonials
The way you teach this subject makes it comprehensible and part of an integral whole. It seems like your approach is rare (and valuable) in the world of System Safety.
Thomas Anthony Director, Aviation Safety and Security Program Viterbi School of Engineering University of Southern California
“Hi Simon, I would just like to say that the content you have been putting out recently is absolutely amazing and I enjoy reading and listening through it.”
James Moodie
“Simon, Love the even-handed approach you’ve adopted and also the tongue-in-cheek comments.”
Paul Bird, Former Manager Safety Engineering, BAES Australia
“Explanation about the military standard was very interesting, because for the first time somebody talked about possible disadvantages.”
Henri Van Buren, reviewing “System Safety Risk Analysis Programs”
“Valuable information, Clear explanations, Engaging delivery, Helpful practice activities, Accurate course description, Knowledgeable instructor.”
Manuel Louie B. Santos, reviewing “Risk Management 101”
“Understanding safety law can be difficult and, at times, confronting. Thankfully, Simon has a knack of bringing clarity to complex legal requirements, using real work examples to help understanding. I highly recommend Simon to any director or manager wanting to understand their legal obligations and ensure a safe workplace.”
Jonathan Carroll, Senior Leadership, Pacific National
“Simon, You are and always will be the master at explaining the way Safety management works in real life. It is great to see your broad and vast experience being available through this medium and The Safety Artisan website. I will definitely be dropping in to seek your trusted guidance.”
Kevin Payne, Systems Safety Consultant at QinetiQ
Testimonials from Udemy Courses
Principles of Software Safety Standards (scores 4.42 out of 5.00)
Performance by course attribute:
Are you learning valuable information? 97% said YES!
Are the explanations of concepts clear? 100% said YES!
Is the instructor’s delivery engaging? 95% said YES!
Are there enough opportunities to apply what you are learning? 86% said YES!
Is the course delivering on your expectations? 94% said YES!
Is the instructor knowledgeable about the topic? 97% said YES!
Get your discount here (please use this link, otherwise Udemy take 67% of the price).
How to Design a System Safety Program (scores 4.29 out of 5.00)
Performance by course attribute:
Are you learning valuable information? 100% said YES!
Are the explanations of concepts clear? 100% said YES!
Is the instructor’s delivery engaging? 100% said YES!
Are there enough opportunities to apply what you are learning? 100% said YES!
Is the course delivering on your expectations? 75% said YES!
Is the instructor knowledgeable about the topic? 100% said YES!
Get your discount here (please use this link, otherwise Udemy take 67% of the price).
How to Prepare for the CISSP Exam (scores 4.61 out of 5.00)
Performance by course attribute:
Are you learning valuable information? 100% said YES!
Are the explanations of concepts clear? 100% said YES!
Is the instructor’s delivery engaging? 100% said YES!
Are there enough opportunities to apply what you are learning? 100% said YES!
Is the course delivering on your expectations? 100% said YES!
Is the instructor knowledgeable about the topic? 100% said YES!
In my first post, I talked about the fundamental lessons under the start here topic. Even if you are experienced in safety, you may find that things are done very differently in another industry or country – I did.
Now for Something Completely Different
Hi everyone and welcome, to The Safety Artisan. I’m your host, Simon. In this post, I want to talk about how you can connect with me, The Safety Artisan, and get more out of the website.
There are three ways you can do this.
Sign Up for Free Monthly Email Updates
First of all, you can sign up for free monthly emails. In these, I share with subscribers what has recently been released on the website, and what is coming up in the near future.
You will never miss a topic or a subject that you might be interested in!
Subscribe to The Safety Artisan Mailing List and get your Free Gift!
If you sign up, you will also get a free digital download and a discount offer on a bundle of courses. So what are you waiting for?
Follow on YouTube or Social Media
Second, you can follow the safety Artisan on YouTube or on social media. If you sign up on my YouTube Channel and tick for notifications, you will be reminded every time I issue a new video lesson.
I’m also on Twitter, Instagram, Facebook, Google My Business, Tumblr, Pinterest, and Vkontakte. Phew!
On LinkedIn, you can see my full resume/CV and find my most popular articles.
Just Get in Touch
Third, you can directly get in touch with me by commenting on a post – ask a question! There is no such thing as a ‘dumb’ question, only dumb accidents.
You can also ask general questions by filling in the form on the Connect Page. (This is better than sending me a Direct Message on social media, as I get a lot of spam.)
There are a lot of different topics that I could cover. It is surprisingly difficult to find out what people really like to hear about. So, if there’s something that you want to learn about then just ask. I will bump the topic up on my ‘to do’ list.
That’s All, folks!
Well, that’s it from me, I hope you enjoy The Safety Artisan website and get as much as you can out of it. See you soon!
How to Get the Most from #3: What subjects do you want?
Our website uses cookies to provide you with the best experience. By continuing to use our website, you agree to our use of cookies. For more information, read our Privacy Policy on the "About" Page.
So, how do we identify and analyze functional hazards? I’ve seen a lot of projects and programs. We’re great at doing the physical hazards, but not so good at the functional hazards. So, when I talk about physical and functional hazards, the physical stuff, I think we’re probably all very familiar with them. They’re all… Read more: Identify and Analyze Functional Hazards
So today, we’re talking about the Foundations of System Safety assessment. And as it says, it’s a free webinar from The Safety Artisan, and it’s one of a series. So, before we go on, I’ll just introduce myself. Why should you bother to listen to me? Well, in 25 years of experience in system safety,… Read more: Foundations of System Safety
TL;DR This article on Failure Mode Effects Analysis explains this powerful and commonly used family of techniques. You can access this webinar (and all the others) here. I have used FMEA and related techniques on many programs and it can produce powerful results quickly and cheaply. Recently, I’ve seen some criticism of FEMA on social… Read more: Failure Mode Effects Analysis
In my webinar ‘Five Ways to Identify Hazards’ I look at a mix of techniques. We need these diverse techniques to assure us (give justified confidence) that we have identified the full range of hazards associated with a system. To do this I draw on my 25 years of experience (see ‘Meet the Author‘, below)… Read more: Five Ways to Identify Hazards
In this post, ‘Exploring Causal Analysis: Techniques and Insights’, I provide a quick summary of my recent webinar. You can see a short video introduction below, or access the full webinar at my Safety Engineering Academy. Introduction: Causal analysis is a vital aspect of system safety engineering, offering insights into the root causes of issues… Read more: Exploring Causal Analysis: Techniques and Insights
In this post ‘Full Function Hazard Logs: A Deep Dive into Relational Databases’, I explore some things we can do with a hazard log built upon a database. In my 25-year career in safety engineering, I’ve seen many hazard logs and hazard tracking systems. Most of them were hosted in Microsoft Excel, but there were… Read more: Full Function Hazard Logs: A Deep Dive into Relational Databases
In this 45-minute session, I look at System Hazard Analysis with Mil-Std-882E. SHA is Task 205 in the Standard. I explore Task 205’s aim, description, scope, and contracting requirements. I also provide commentary, based on working with this Standard since 1996, which explains SHA. How to use it to complement Sub-System Hazard Analysis (SSHA, Task… Read more: System Hazard Analysis with Mil-Std-882E
In this video, I look at Functional Hazard Analysis with Mil-Std-882E (FHA, which is Task 208 in Mil-Std-882E). FHA analyses software, complex electronic hardware, and human interactions. I explore the aim, description, and contracting requirements of this Task, and provide extensive commentary on it. (I refer to other lessons for special techniques for software safety… Read more: Functional Hazard Analysis with Mil-Std-882E
In this 45-minute session, I look at how to do a Preliminary Hazard Analysis with Mil-Std-882E. Preliminary Hazard Analysis, or PHA, is Task 202 in the Standard. I explore Task 202’s aim, description, scope, and contracting requirements. There’s value-adding commentary, and I explain the issues with PHA – how to do it well and avoid… Read more: How to do Preliminary Hazard Analysis with Mil-Std-882E
Safety Engineering Academy Webinars are on vital topics. I run them live every month, and you can get them all at the Safety Engineering Academy here. They draw on my practical experience of these tools and techniques, from my 25-year-plus career. I have personally used all of these techniques, and I have seen them used… Read more: Safety Engineering Academy Webinars
What are the Challenges of Online Learning? In my previous article, I looked at ‘Five Key Dimensions of Online Learning’, which explored what makes it popular. But there’s a downside too – things that put students off. What are they, and can they be fixed? “Top reasons cited by students who do not intend to… Read more: Challenges of Online Learning
In this video lesson, I look at Sub-System Hazard Analysis with Mil-Std-882E (SSHA, which is Task 204). I teach the mechanics of the task, but not just that. I’m using my long experience with this Standard to teach a pragmatic approach to getting the work done. Task 204 is one of three tasks that integrate… Read more: Sub-System Hazard Analysis with Mil-Std-882E
Get your free Preliminary Hazard Identification & Analysis, PHIA Guide here! Introduction Hazard Identification is sometimes defined as: “The process of identifying and listing the hazards and accidents associated with a system.” Hazard Analysis is sometimes defined as: “The process of describing in detail the hazards and accidents associated with a system and defining accident… Read more: Preliminary Hazard Identification & Analysis Guide
In this article ‘Five Key Dimensions of Online Learning’, I discuss the learning dimensions and attributes that students are looking for. How do I know what students are looking for? Fortunately “McKinsey surveyed more than 7,000 students in 17 countries to find out which elements of online higher education they value most.”[1] Unfortunately, McKinsey didn’t… Read more: Five Key Dimensions of Online Learning
“What Have Hazard Logs Ever Done for Us? Well, there’s the aqueduct…” Monty Python’s Flying Circus may not be an obvious connection to hazard management, but it works! Hazard Logs – or Hazard Tracking Systems (HTS), which is a better term – are underappreciated but vital tools. In this webinar on hazard logs, one of… Read more: What Have Hazard Logs Ever Done for Us?
The 2023 Digest brings you all The Safety Artisan’s blog posts from last year. I hope that you find this a useful resource! (The final post in the list is the 2022 Digest, which lists another 31 posts.) That’s the 2023 Digest – look out for much more in 2024! My name’s Simon Di Nucci.… Read more: The 2023 Digest
This is the first in a new series of blog posts on Principles of Software Safety Assurance. In it, we look at the 4+1 principles that underlie all software safety standards. We outline common software safety assurance principles that are evident in software safety standards and best practices. You can think of these guidelines as… Read more: Principles of Software Safety Assurance
Lessons Learned: in this 30-minute video, we learn lessons from an accident in 2016 that killed four people on the Thunder River Rapids Ride in Queensland. The coroner’s report was issued this year, and we go through the summary of that report. In it we find failings in WHS Duties, Due Diligence, risk management, and… Read more: Lessons Learned from a Fatal Accident
Understanding System Safety Engineering: A Quick Guide, takes you through some key points of this complex subject. Introduction System safety engineering plays a crucial role in ensuring the safety of complex systems. In this post, we will explore the fundamental concepts of system safety engineering and its importance in the realm of systems engineering. System… Read more: Understanding System Safety Engineering: A Quick Guide
Introduction In System Safety FAQs I will deal with the most commonly searched-for online queries. This post is also the basis for the First in a new series of monthly webinars I’m running. I will also be answering your questions: leave them in the comments at the bottom of this post! What is System Safety?… Read more: System Safety FAQ
Here is a video about my CISSP exam journey. Get the full ‘My CISSP Exam Journey’ free video here. I’ve just passed the Certified Information Systems Security Professional (CISSP) Exam, which was significantly updated on 1st May 2021. In this 30-minute video I will cover: I wish you every success in your CISSP journey: it’s… Read more: My CISSP Exam Journey
