System Safety:

A systematic processes

6. Follow 1. Hazard
Through & Identification
Review

2. Risk
5. Implement
Assessment
Risk Controls

3. Analyze
4. Risk
Risk Control
Controls
Measures
Making Risk Control Decisions

6. Supervise 1. Identify
and Review the Hazards

5. Implement 2. Assess
Risk Controls the Risks

3. Analyze
Risk Control
Measures

4. Make
Control
Decisions
 Risk Control Measurement
Analysis

Identify control Determine Prioritize risk

options control effects control
measures
Making Risk Control Decisions

Select Risk Make Decision at

Control appropriate level
options
The Risk Control Macro Option List
Reject
Avoid
Delay
Transfer
Spread
Compensate
Reduce
 Macro Options
REJECT
Risk outweighs benefit
AVOID
Go around the risk, do it in a different way
DELAY
Maybe the problem will be resolved by time
If delay is an acceptable option consider if operation is needed at all
TRANSFER
Better qualified system, i.e.,Pros From Dover
The pros from Dover is an American slang term for
outside consultants who are brought into a business
to troubleshoot and solve problems.
 Macro Options (cont)
SPREAD
Modular or separate Hazardous Operations

COMPENSATE
Design parallel and redundant systems

REDUCE
Design for minimum risk
Incorporate Safety Devices
Provide Warning Devices
Develop SOPs & Train
 Providing Management Risk
Control Options
Program Manager looking for optimum combinations
Mission supportive
Some Risk Controls are incompatible
Evaluate full cost versus full benefit
Be prepared for numbers game
Some Controls reinforce one another
Win-Win option
Redundancy = Robustness
Is it needed?
Can you afford it? i.e., $$$, #s, real estate
 Decision Making Considerations
Make decisions at the right time
Dont rush Make them as late as possible without
negative impact on timeline
Make decisions at the right level
It should be established who makes the tough calls
Use RAC or TREC to quantify who, what, when
Provide Mission supportive options
Use the Macro Option list as a starting point
Be prepared to offer sound advice
What Level is The Right Level
Dont just pass the buck up to the next level
You should help address the operational realities
Decision should be made at the level that has the
best understanding of the risks, opportunity and
authority to commit resources
Be prepared to address dynamic environments
What is your span of control
 Preliminary Hazard Analysis in
system life cycle

System Concept
System Definition
System Development
PHA System Production
System Operation
 SSHA in the system life cycle

System Concept
System Definition
System Development
SSHA System Production
System Operation
 Determine Risk Control Effects

How will this effect probability?

How will this effect severity?
How will this impact other sub-systems?
Some controls support other sub-systems
Some controls may hinder other sub-systems
What are the costs vs. benefits?
Direct Costs
Indirect Costs
 Elements of a Sound Decision
Making System
Accurate information delivered to the various
levels of decision maker(s)
Concise and understandable Paper Trail
Progressive line of accountability to the top
Standardized process -- Like decisions made
consistently at Like levels
Process allows timely decision, capable of
responding to fast-pace and dynamic operations
 THE ENHANCED RISK ASSESSMENT
MATRIX
- Numeric Code is used
to prioritize hazards and Probability
determine their Frequent Likely Occasional Seldom Unlikely
acceptability using a
quantitative methodology
A B C D E

S I
E
Catastrophic 1 2 6 8 12
V
E
Critical II 3 4 7 11 15
R
III
I Moderate 5 9 10 14 16
T
Negligible IV
Y 13 17 18 19 20
Risk Levels
 Decision Making Guideline
RISK LEVEL DECISION LEVEL
Extremely High Senior Executive
High Managing Director
Medium Program Manager
Low Any person in a
leadership position
 When you have finished your
analysis and prepare to make your
decision, ask yourself the following
questions:

If I accept this risk do the total

benefits outweigh the total
costsordo the costs outweigh the
total benefit?
If events are independent, the occurrence of one event has no impact
upon the occurrence of the second event. A fire at a production facility
in Toledo has no impact upon whether a fleet vehicle will be damaged
on a highway in Arizona.

If events are dependent, then the occurrence of one event can affect
the occurrence of the second event. For example, if two buildings are
located close together, the probability of the second building having a
fire loss is greater if there is a fire at the first building.

If events are mutually exclusive, the occurrence of one event means

that the second event cannot occur. For example, if you have a small
tract of land, it may only be large enough for one business. Building a
gas station on the property precludes building a retirement home on the
land, and vice versa.
 Cost of Mishap vs. Risk Management
Mishap Costs

Risk Reduction Effort

 Cost of Hazard Mitigation

Cost of countermeasures
Mishap Costs

Risk Reduction Effort

 Balanced Risk Management

Cost of countermeasures
Mishap Costs

Risk Reduction Effort

Assets Representing Sources of
Value
Assets Representing Sources of
Value
Potential Future Events For
Risk Assessment
Observable Events
Implementing Risk Controls

6. Supervise 1. Identify
and Review the Hazards

2. Assess
5. Implement the Risks
Risk Controls

3. Analyze
4. Make
Risk Control
Control
Measures
Decisions
 Reason Model

Layers of Risk Control

Hazard
Occurrence

Defences can be Breached

Latent Unsafe
Conditions Acts
Detect and Eliminate
 Risk Control Rule of Thumbs
Use the System Safety Precedence order
Choose the most mission supportive
combinations
Use Integrated Product Teams
Look for synergistic enhancements
Man Machine Medium Mission - Management
 System Safety Precedence
A systematic approach to Hazard ID Risk Assess and Control

Design to minimize hazards

Robust & Redundant systems, assemblies,
components, etc
Install physical barriers
Isolate known threatening conditions or environments
Use Warning devices
Alerts to prevent or reduce unwanted event
Develop Procedures and Training
Most commonly used & abused hazard control
 Hazard Reduction Precedence
Design to
eliminate
hazard
Design to
reduce
hazard
no
Eliminated
?
Provide
Safety
yes no
Reduced Devices
yes Provide
?
Warning
Provide no Devices
hazard risk Provided Provide special
yes ? procedures, or
assessment
package for no training
management Provided
yes ?
Accept
Conclude Provided no hazard or
hazard yes ? dispose of
analysis the System
 Implementing Risk Controls

Clear Establish Provide

Implementation Accountability Support
Plan
 Risk Controls MUST be an
Integrated Effort
Risk controls should be integrated within
plans, processes, and operations which they
support
Risk controls should compete for resources
e.g. (time/money/people) relative to their
significance to the mission
Risk controls should be compatible with the
system (System safety management &
engineering)
 Why Integration?
Compels a balance of mission needs
Force Multiplies the knowledge of designers,
experience of manufacturers and operators
Standardizes references (common language)
Reduces unforeseen needs
Eliminates redundancy
Strengthens accountability throughout the
organizational chart
Bottom Line: Reduces $$$$ and work effort
 Clarify Implementation
Fully involve operational personnel
Provide specific task-oriented guidance
Test your intervening strategies (Verify &
Validate)
Coordinate Coordinate Coordinate
Use System Safety Working Groups (SSWGs)
to proliferate throughout the organization
 Validation Vs. Verification

The distinction between the two

terms is largely to do with the
role of specifications. Validation
is the process of checking
whether the specification captures
the customer's needs, while
verification is the process of
checking that the system meets
the specification.
How Implementation Breaks Down
Operators dislike it
Management dislikes it
Wrong control selected for right reason
Too costly (cost vs. benefit)
Out weighed by other priorities (mission need)
It is misunderstood (poorly defined problem
statement)
Cant establish a need (Poor performance metrics)
Cant prove the accident about to happen
 Buy-In Continuum

USER OWNERSHIP STRONGEST

CO-OWNERSHIP
TEAM MEMBER
INPUT
COORDINATION
COMMENT AND FEEDBACK
BLIND ALLEGIANCE WEAKEST
 Top Down Commitment

The Bosses commitment is second to no safety

program
Signed policies and directives by CEO
Genuine management support
Sustained and consistent behavior throughout org chart
Resources match verbal commitment
Accountability reflected in performance reports
Follow up and review (self assessments)
 Leadership
Use the power of command and the
influence of organizational leaders
Use motivation models
Create positive incentives
Insure vertical accountability throughout the
organization
 THE WELL SUPPORTED RISK
CONTROL
THE WELL
SUPPORTED
CONTROL

A POLICY A TRAINING
PILLAR PACKAGE

A MEASUREMENT A MOTIVATIONAL
PACKAGE PACKAGE
COMMAND TOOL KIT
JOB AIDS
SUPPORT PACKAGE
PACKAGE
SUPERVISE AND REVIEW

6. Supervise
and Review
1. Identify
the Hazards

5. Implement 2. Assess
Risk Controls the Risks

3. Analyze
4. Make
Risk Control
Control
Measures
Decisions
 Supervise and Review

Supervise Review Feedback

 Supervision

Nothing new herejust like

any supervisory process

Insure controls are effective

and in place

Monitor progress through

schedules

Correct ineffective control

measures
 Quality Management Tools
Performance metrics are a challenge
Cant prove the accident that didnt happen
Find Q & Q methods to measure control
effectiveness e.g. (Resources expended)
Data Information Knowledge
Trend and Analyze
Pareto Charts
Bell Curve
Use Quantitative Analysis (Rates
and Numbers) when:

You have statistically significant data base

You need to Drill Down to find root
causes
You seek to proactively prove future risk
based on historical data
 Support trends and analyses with scientific
understandings of accident root causal factors

Critical behaviors & attitudes (Man)

Critical conditions (Medium)
Critical mechanics (Machine)
Critical oversight (Management)
Critical tasking (Mission)
 Developing Meaningful
Performance Metrics
Locate or collect supportive data
Be careful what you ask for
Select critical indicators
Establish practical performance measures
Keep them simple
Trend and Analyze
Use what you collect
 Performance Feedback
Are costs within budget
Are cost vs. benefit trends favorable
Are benefits exceeding costs
Are indirect and direct costs included in the
assessments
 Factors for Consideration
Lessons learned input to databases
Avoid repeating history and expensive lessons
re-learned
Cross-tell between units, departments and
divisions (potentially all interested parties)
Feedback throughout the organization (CEO
to new hire)
 Questions?

6. Supervise
and Review
1. Identify
the Hazards

5. Implement 2. Assess
Risk Controls the Risks

3. Analyze
4. Make
Risk Control
Control
Measures
Decisions