Environmental
scoobizzle
Ch17.pdf
CHAPTER 17
A PRIMER ON SYSTEM SAFETY: SECTIONS 4.0, 4.2, 5.1.1, 5.1.2, AND APPENDIX F
Identifying and analyzing h11Z¥ds and making risk assessments as early as practicable in the design and redesign processes, and additionally as needed throughout the design processes, are the bases on which system safety is built. The goal of system safety initiatives is to attain acceptable risk levels.
Consider the following sections in Z IO as they relate to hazards, risks, risk assessments, the design process, and acceptable risks. These citations are abbreviated substantially.
• Section 4.0, "Planning": The goal is to identify and prioritize system issues (defined as hazards, risks, etc.).
• Section 4.2, "Assessment and Prioritization": The process shall assess the level of risk for identified hazards, establish priorities based on factors such as the level of risk, and identify factors related to system deficiencies that lead to hazards and risks.
• Section 5. I.I, "Risk Assessment": The organization shall establish and imple- ment a risk assessment process( es) appropriate to the nature of hazards and the level ofrisk.
' Section 5.1.2, "Hierarchy of Control": The organization shall establish a process for achieving feasible risk reduction based on a preferred order of controls.
;;;;;-- .... Sec ed Safery Management: Focusing 011 Z/0 and Serwus ln;11ry Prevent1011, ll 2~nd Edition . Fred A. Manuele. 14 John Wiley & Sons, Inc. Published 2014 by John Wiley & Sons, Inc.
325
326 A PRIMER ON SYSTEM SAFETY: SECTIONS 4.0, 4.2, 5.1.1 , 5.1.2, AND APPENDIX F
• Section 5.1.3, "Design Review": The organization shall establish a identify and take appropriate steps to prevent or otherwise control h Proce~s to
• · azards design and redesign stages. at the
• Appendix F, "Risk Assessment": The goal of the risk assessme t including the steps taken to _reduce risk, is to achieve safe working : 0~~ess, with an acceptable level of nsk hons
There is a direct relationship between system safety concepts and p . . rocesse necessary to lillplement ZlO-and the practice of safety as a whole. I beli 8
· · · f afi ·11 · h 1· eve that generalists m the practice o s ety w1 lillprove t e qua 1ty of their performan acquiring knowledge of applied system safety concepts and practices. ce by
It is not suggested that safety generlilists must become supra-specialists in sy 1 safety, although trends indicate that they will be expected to apply at least the ru::~ mentals of system safety. To influence safety generalists to acquire knowledge of an~ apply system safety concepts, in this chapter we:
• Relate the generalist's practice of safety to applied system safety concepts. • Give a history of the origin, development, and application of system safety methods. • Review several definitions of system safety. • Outline The System Safety Idea in terms applicable to the generalist's practice
of safety. • Encourage safety generalists to acquire knowledge and skills in system safety.
RELATING THE GENERALIST PRACTICE OF SAFETY TO SYSTEM SAFETY
In an American Society of Safety Engineers publication entitled "Scope and Functions of the Professional Safety Position," the following major activities are listed.
Functions of the Professional Safety Position The major areas relating to the protection of people, property, and the environ- ment are: '
A. Anticipate, identify, and evaluate hazardous conditions and practices. B. Develop hazard·control designs, methods, procedures, and programs. d C. Implement, administer, and advise others on hazard controls and haza!"
control programs. d D . Measure, audit, and evaluate the effectiveness of hazard controls an
hazard control programs. asses
A · ·fi • · encolllP d . _s~~1 cant pomt to be made is that the professional safety funcnon ro rtY, an all m1ttatives that are hazard and risk based-the protection of people, P pe
AFFECTING THE DESIGN AND REDESIGN PROCESSES 327
t According to item A , the safety professional is to "anticipate . nrnen . -& & • al " env1ro B indicates that sruety pro1ess1on s are to develop hazard control
111e .-,1 ,, Jtern , lll"S,
~:igns," . osition to anticipate hazards , one must be involved in the design 'fo t,e : ~cipate effectively in ~e desig_n process, a safety pr?fessional must be
rocess- P pect to hazard analysis and nsk ~sessment techniques. Influencing P ed with res · h d al · d · k sldll . rocess and usmg azar an ys1s an ns assessment techniques to (he design P table risk levels are fundamental in system safety. achieve ac~~pg generalists in safety will become proficient with respect to the hazard rpns1n .
Bnte . and control aspects and the design aspects of the scope and function of uficauon ·11 b th . d . iden fessional. That w1 e to eir a vantage as they give counsel to clients
a safetu~~J:acceptable risks with respect to lh:e protection of people, property, and the ioac environment.
AFFECTING THE DESIGN AND REDESIGN PROCESSES
S stem safety professionals make a great d~al of designing things right the first time yd being participants throughout the design and redesign processes. Richard A .
~ephans, the author of System Safety for the 21st Century, expresses that view well.
Safety Is Productive ,
Safety is achieved by doing things right the first time, every time. If things are done right the first time, every time, we not only have a safe operation but also and extremely efficient, productive, cost-effective operation (p. 12).
Safety Requires Upstream Effort
The safety of an operation is determined long before the people, procedures, and plant and hardware come together at the work site to perform a given task (p. 13).
For products, facilities, equipment, and processes, and for their subsequent alter- ation, the time and place to avoid, eliminate, reduce, or control hazards economically and effectively is in the design or redesign processes. Participating in those processes presents opportunities for upstream involvement by. safety professionals using system safety concepts. .
~so, there has been an extended recognition that applying design and engineering solutions is the preferred course of action in operational risk management. That extended rec · · · hi h · h · 1 f ogrution denves from several sources, among w c is t e mvo vement 0
safety professionals in:
• Applied ergonomics. ,
• ~iving counsel to meet European requirements whereby risk assessments are to e made on goods l hat are to go into workplaces in EU countries.
328 A PRIMER ON SYSTEM SAFETY: SECTIONS 4.0, 4.2, 5.1.1, 5.1.2, ANO APPENOt)( I=
• Applying the re,quirements o~ guidelines and st&ndards that propose risk assessments, and presenung an ordereq sequence of me~~u or requir
hi bl . k . -~ res to be e in a hierarchy of controls to ac eve accepta e ns levels. Exam I laken . P es are • • ANSI-A.IHA ZI0-2012. Occupational Health and Safety Mana ·
Systems. 8ernenr • MIL-STD-882E-2012. Department of Defense Standard Practic fi
. e orsy Safety. ste,n • ANSI-ASSE Z590.3-201 l. Prevention Through Design: Guide/'
Addressing Occupational Hazards and Risks in Design and ;;;: (0r Processes. sign
' f' • ANSI/PMMI Bl55.l-2011. Safety Requirements for Packaging Ma h' and Packaging-Related Converting Machinery. ' c mery
• ANSI Bl 1.0-2010. Safety of Machinery-General Safety Requirements and Risk Assessments.
• BS OHSAS 18001:2007. Occupational health . {lnd safety management systems-requirements.
• Guidance On The Principles Of Safe Design For Work. Canberra, Australia: Australian Safety and Compensation Council, an entity of the Australian Government, 2006.
• Machine Safety: Prevention of Mechanical Hazards. Quebec, Canada: The Institute for research for safety and security at work and The Commission for safety and security at work in Quebec, 2009.
, • Risk Assessment. The fa1ropean Union, 2008 . • CSA 21002-12. Occupational health and safety-Hazard identification and
elimination and risk assessment and control. Toronto, Canada: Canadian Standards Association, 2012.
• EN ISO 121_00-2010. Safety of Machinery. General principles for De~ign. Risk assessment and Risk reduction. Geneva, Switzerland: International Organization for Standardization, 2010.
• Meeting the requirements for hazards analysis in OSHA's standard Proc~s~ Safety Management of Highly Hazardous Chemicals and in EPA ns management program requirements. . li~
Of all of the -foregoing references, the 2590.3 standard gets closest to app system safety. It has been referred to as "system safety light."
DEFINING SYSTEM SAFETY . . of the practice
Unfortunately, the term system safety does not convey a clear meaning . under· as it is applied. Published definitions of system safety are of some ~elp_
1 ~ 5 of the
d . h · ' nd1cau0 ..-1 stan mg t e conf;ept, but they do not comrn_unicate clearly. To give 1 . forWW'" differences in the definitions of system safety, and to move this discu~sion six sources are cited.
DEFIN ING SYSTEM SAFETY 329
In MIL-STD-882E-2012, the J?epartment of Defense Standard Practice for m Sa'ety, system safety is defined as: Syste !I'
The application of e ngineering and manageme nt pri nciples, criteria, and techniques to achie_ve ~~cep~able risk within the constraints of operational effectiveness and smtabihty, time, and cost throughout all phases of the system life-cycle. (p. 8)
In System Safety Primer, Clifton A. Ericson II gave this definition of system safety in his 2011 book:
System safety is an engineering methodology employed to intentionally design- in safety into a product or system through the identification and elimination/ mitigation of hazards. (p. 6) ·
In GEIA-STD-0010, the Standard Best P ractices f or System Safety Program Development and Execution , approved in 2008, this definition is given:
System safety is the application of engineering and management principles, criteria, and techniques to achieve mishap risk as low as reasonably practicable (to an acceptable level), within the constraints of operational effectiveness and suitability, time , and cost, throughout all phases of the system life cycle. (p. 8)
Richard A. Stephans' book System Safety for the 21st Century was published in 2004. He defines system safety as follows:
System safety: The discipline that uses systematic engineering and management techniques to aid in making systems safe throughout their life cycles. (p. 11)
System Safety and Risk Management, NIOSH Instruction Module, A Guide f or Engineering Educators was developed for the National Institute for Occupational Safety and Health by Pat L. Clemens and Rodney J. Simmons in 1998. They write as follows:
What Is System Safety? System safety has two primary characteristics: ( 1) it is a doctrine of management practice that mandates that hazards be found and risks controlled; and (2) it is a collection of ·analytical approaches with which to practice the doctrine. (p. 3)
In System Safety Engineering and Management, 2nd ed ., Harold E. Roland and Brian Moriarty asked in 1990: What is System Safety? In response to their own question, they give two meaningful comments and then establish the system safety objective .
The system safety concept is the application of special technical and mana- gerial skills to the systematic, forward-looking identification and control of
I ,
330 A PRIMER ON SYSTEM SAFETY: SECTIONS 4.0, 4.2, 5.1.1, 5.1.2, AND APPENDIX F
hazards throughout the life cycle of a project, ·program, or activity. The concept calls for safety analyses and hazard control actions, beginning with the conceptual phase of a system and continuing through the design, production, testing, use and disposal phases, until the activity is retired. (p. 8) . '
The system safety concept involves a planqed, disciplined, systematically orga- nized and before-the-fact process characterized as the identify-analy7.e-eontrol method of safety. The emphasis is placed upon an acceptable safety level designed into the system prior to actual production or operation of the system. (p. 9)
Using those definitions as a base, and with some extensions, the following outline of 'The System Safety Idea" is presented for consideration by safety generalists t.o empha- size what system safely encompasse~, relate system safety to the relative provisions in 210, and connect system safety with the scope and function of a safety professional.
THE SYSTEM SAFETY IDEA
1. System safety is hazards, risks and design based. 2. Hazards are most effectively,and.economi~ally anticipated, avoided, or controlled
in the initial design processes or, in the redesign of existing facilities, equipment, and processes.
3. Applied system safety requires a conscientious, planned, disciplined, and systematic use of special engineering and managerial tools.
4. Applying specifically developed hazard analysis and risk assessment tech- niques is a necessity in system safety applications.
5. Applied system safety begins in the conceptual design phase and continues into all subsequent design phases, production, and testing-through to the end of a system's life cycle.
6. On an anticipatory and forward-looking b~is, hazards are .to be identified and analyzed, avoided, eliminated, reduced, or controlled so that, within operational constraints, safety can practicably be designed into systems and acceptable risk levels can be attained.
7. In applied system ~afety, th~. einphasi~ is on having acceptable risk levels designesJ into systems bef01:~ actual .prodµction or operation of a system.
8. If action is needed to reduce risks to an acceptable level, the steps in the hierarchy of controls are to be taken sequentially: No lower-level step is to be taken until those above it are considered.
9. Wlien trade-offs are made in the design process, and the needs of such as ~e utility and manufacturability of the end product, weight, operability, main- tainability or cost have to be considered, the conclusion must, .nevertheless, be at an acceptable risk level.
10. System safety applications apply to all aspects of an operation, including ~a~il- ities, logistic support, storage, packaging, handling, ancl transportation enuttes.
I
11111
b
HAZARD IDENTIFICATION AND ANALYSIS AND RISK ASSESSMENT TECHNIQUES 331
11. System s~ety concepts .promote the establishment of policies and procedures that are to ~chieve an effectiv:, orderl~, and continuous risk management process for the design, development, mstallation, and maintenance, of all facilities, materials, hardware, tooling, equipment, and products, and for their eventual disposal.
12. In the system design process, consideration is to be given to the interactions among humans, machines, and the environment, and the capabilities and liini- tations of people and their penchant for unpredictable behavior.
13. An overall requirement is that acceptabl~ risk levels are to be attained, defined as follows: Acceptable risk is that risk for which the probability of a hazard- related incident or exposure occurring and the severity of harm or damage that may result are as low as reasonably practicable in the setting being ·considered.
This outline of "The System Safety Idea" encompasses most of the definitions given previously and goes beyond several. Safety generalists should ask: How closely does the system safety idea come to the results expected in applying the provisions in ZlO? Do safety professionals serve themselves well by becoming knowledgeable and skilled in system safety?
System safety begins with hazard identification and analysis and risk assessment. So do all hazards and risk-based activities, whatever they are called. This author is confident that application of system safety concepts in the business and industrial setting will result in significant reductions in injuries and illnesses, damage to prop- erty, and environmental incidents.
HAZARD IDENTIFICATION AND ANALYSIS AND RISK ASSESSMENT TECHNIQUES .
It is not surprising that many safety generalists are turned away from system safety when they encounter the number of analytical techniques that have been developed, the complexity of some of them, and the skill necessary to apply them. Earlier in this chapter it was made clear that safety generalists need not become supra-specialists in system safety. Nevertheless; the ti;ends indicate that they will be expecte~ to be skilled in applying basic syste~ sa~ety methods.
How many analytical systems ~e there? The sec'?~d ·edi_tion of the System Safety Analysis Handbook fills 626 pages and contains a compilation of 101 analysis techniques and methodologies. That handbook serves 1as a ,desk reference for the accomplished system safety professionals who may have ·toresolve·highly complex or infrequently encountered or unusual situations.
Three national standards that constitute a set should be of interest -to safety generalists who want to become familiar with system safety techniques. The American Society of Safety Engineers is the secretariat.
ANSI/ASSE Z690.l-2011. Vocabulary for Risk Mana~ement (National Adoption of ISO Guide 73:2009). This standard provides definitions of terms that, the originators hope, will be used in other standards.
I .
332 A PRIMER ON SYSTEM SAFETY: SECTIONS 4.0, 4.2, 5.1.1, 5.1.2, ANO APPENDIX F
ANSI/ ASSE 2690.2-2011. Risk Management Principles and Guide[. Adoption of ISO 31,000:2009). The intent of this standard is to pr~n~~ <National ranged primer on risk m~agement systems that could be applied i VI ea broac1.
· · Th d t ak · k · · n any hi.. organizaUon. e nee o m e ns assessments Is mtroduced in Se f ·Jpe of Risk Assessment. c Ion 5.4,
ANSI/ASSE Z 690.3-2011. Risk Assessment Techniqut;s (N_ational Ad . !EC/ISO 31,010:2009). For safety generalists who want an educati" qp~ion of
d h d d . on 1n risk assessment concepts an met o s an a ready reference, this sta d . worth acquiring. It begins with a 15-page dissertation on rI"sk assn ard is
· · essrne concepts and methods. In fiv~ pages, Appendix A provides brief comp . nt of 31 risk assessment techniques. Reviews of the 31 techniques-ov:~ons U . I Pr S h d L" · · view se, nputs, ocess, trengt s an Imitat10ns-are provided in Anne 8 • which covers 79 pages. x •
ANSI/ ASSE Z 690.3-2011 is a valuable resource. A list of the 31 risk assessment techniques f<:>llows. So~e could be applied only by experienced system safety pro- fess1onals. But knowledge of a few of them will serve a huge percentage of the needs of a safety generalist.
BOl B03 BOS B07
B09 Bll B13 B15 B17 B19 B21 B23 B25
Brainstorming Delphi Preliminary Hazard Analysis Hazard Analysis and Critical Control
Points Structure-What if Analysis Business Impact Analysis Failure Mode Effect Analysis Event Tree Analysis Cause-and-Effect Analysis 1 Decision Tree Bow Tie Analysis . Sneak Circuit Ana>y~s 1, Monte Carlo Simulation
I B27 FN Curves B29 Consequence/Probability Matrix B31 Multi-Criteria Decision Analysis
B02 Structured or Semi-Structured Interviews
B04 Checklists B06 Hazard and Operability Studies B08 Environmental Risk Assessment BIO Scenario ~alysis B 12 Root Cause Analys1s ' B 14.'' -Fault Tree Analysis B 16 Cause and Consequence Analysis B 18 Layer Protection Analysis B20 Human Reliability Analysis B22 Reliability Centered Maintenance_ B24 Markov Analysis B26 Bay~sian Statistics and Bayes Nets B28 Risk Indices B'.3b Cost Benefit An'alysis
f. . , . '
In ANSI/ ASSE 2590.3-2011, th~ Prevention through Design standard, Addeo<lulll G, comments on eight hazard analysis and risk assessment techniques:
• Preliminary Hazard Analysis • What-IfAnalysis • Checklist Analysis • ~at-If Checklist Analysis • Hazard and Operability Analysis . ., • Failure Mode and Effects Analysis
THE HAZARD ANALYSIS AND RISK ASSESSMENT PROCESS
, Fault Tree Analysis , Management Oversight and Risk Tree (MORT).
I '
It was also said in Z590.3 that:
333
As a practical matter, having knowledge of three risk assessment concepts will be sufficient to address most, but not all, risk situations. They are Preliminary Hazard Analysis and Ris~ As,sessment, the What~lf/Checklist Analysis methods, and Failur~ Mode and Effects Analysis. (p. 23)
Having knowledg~ ~d capability with re~pect to ·.the above-mentioned three standards will be sufficient t~ deal with a huge majority of the ne~ds of Zl 0. Addition.µ comments on risk assessment techniques appear later ·iµ this ch;ipter in the section "Recommended Reading."
[ '
THE HAZARD ANALYSIS AND RISK ASSESSMENT PROCESS
Section 7 in ANSI/ASSE Z590.3 is devoted to the hazard analysis and risk assessment process. It is the core of the prevention through design standard. The following process outline is a recent work, having been approved by the American National Standards Institute on September 1, 2011. In the standard, the narrative for each subject is extensive and is recommended reading. Under management direction, the hazard analysis and risk 'assessment process follows.
1. Select a risk assessment matrix 2. Establish the analysis parameters 3. Identify the hazards 4. Consider failure modes 5. Assess the severity of consequences 6. Determine occurrence probability 7. Define initial risk 8. Select and implement hazard avoidance, elimination, reduction and control
methods 9. Assess the residual risk
10. Risk acceptance decision making l 1. Document the results 12. Follow-up on actions taken
Reaching group consensus in the risk assessment process is a highly desirable g~al. Sometimes, for what an individual considers obvious, achieving consensus is still desirable, so that buy-in is obtained for the actions taken.
334 A PRIMER ON SY5TEM SAF~: SECTIONS 4.0, 4-2, 5, 1. 1, 5.1.2, AND APPENDIX F
RISK ASSESSMENT MATRICES
It would be highly unusual for a text or standard on system safety not to includ . assessment matrices and provide examples. There are many, many van·at· e nsk . · ·· Ions f matrices, and the definitions of the terms used m them vary greatly. The matn °
d • . . x used
should be the one that management l!lll users m an organization decide is b . - . bl . b . est for them. It is strongly recommended that a smta . e matnx e c~osen because of . al
. . k d . . aki ' Its v ue m ns ec1s1on m ng. . .. A ri_sk assessment matrix_ provid~s ' fl inetl)od of catego~zi~~ c~mbinations of
probability of occurrence and seventy of h~, th_us est~bhshing nsk levels. 210 requires that priorities be established i~ thC? apph~ation of its requirements. A matrix helps in communicating with d~cisiC?n mak~rs on risk reduction actions to be taken. Also, risk assessment matrices assist in comparing al'!d prioritizing· risks and in effectively allocating mitigation resources. .
All personnel involved in the risk assessment processes must understand the definitions used for occurrence probability and severity and for risk levels in the risk assessment matrix chosen. Examples of risk assessment matrices are shown in several chapters in thHr book'. ·
THE HIERARCHY OF CONTROLS . I I • ,
It was said in the "The System Safety IC,ea" .-t~at if risk reduction was necessary after a risk assessment, the steps to follow were those in the hierarchy of controls. That subject is covered in Chapter 14 in ~s book. Decision piakers shou_ld understand that with respect to the six levels of control shown in ZlO's hierarchy of controls, the ameliorating actions described in the first, second, and third contro~ levels are more effective because they:
• Are preventive actions that eliminate or reduce risk by design, elimination, substitution, and engineering measures ·
• Rely the least on human behavior-the performance of personnel • Are less defeatable by unit managers, supervisors, or workers
Actions described in the fourth, fifth, and sixth levels are contingent actions and rely greatly on the performance of personnel for their effectiveness. Inherently, tbeY are less reliable. ·n
In applying the hierarchy of controls, the expectation is that consideration wdi b
. h · · ·11 be ma e e given to eac step m descendmg order, and that reasonable attempts WI h to avoid, eliminate, reduce, or control hazards and their associated risks ~u!e steps higher in the hierarchy before lower steps are considered. A lower step indi g hierarchy of controls is not to be chosen until practical applications of the pr~ce n a 1 1 1 1 · · · k ·tuauonS, ev~ or. eve s are considered. It 1.s understood that for many ns st ts is combination of the risk management methods shown in the hierarchy of contro necessary to achieve acceptable ris,k levels.
WHY SYSTEM SAFETY CONCEPTS HAVE NOT BEEN WIDELY ADOPTED 335
plying the hierarchy of controls, the outcome should be an acceptable risk 10 1
~p achieving that goal, the following should be taken into consideration. Jeve • n .
, Avoiding, elimina~ng, or reducing the probability of a hazard-related incident or exposure occurring.
, Reducing the severity of harm or damage that may result if an incident or exposure occurs .
• The feasibility and effectiveness of the risk reduction measures to be taken, and their costs, in relation to the amount of risk reduction to be achieved.
, All of the requirements of ZlO.
WHY SYSTEM SAFETY CONCEPTS HAVE NOT BEEN WIDELY ADOPTED
At least one other author expected a more widespread adoption of system safety con- cepts beyond the use by the military, aerospace personnel, and nuclear facility designers. He also bad to recognize that it wasn't happening. In The Loss Rate Concept In Safety Engineering, R. L. Browning wrote this:
As every loss event results from the interacti<;m,s of elements in a system, it follows that all safety is "systems safety." The safety community instinctively welcomed the systems concept when it appeared during the stagnating performance of the mid-1960s, as evidenced by the .~nsuing freshet of sym- posia and literature. J:or . a time, it was ,thought that this seemingly novel approach could reestablish the continuing improvem~nt that the public had become accustomed to; however, this anticipation has not been fulfilled.
Now, some three decades later, although systems techniques continue to find application and development in exotic programs (mi!;isil~s. aerospace, nuclear power) and in the academic community, they are seldom met in the domain of traditional industrial and general safety. (p. 12)
Although there were countless seminars· and a proliferation of papers on system safety, the generalist in the practice of safety seldom adopted system safety concepts.
response to his owQ question-Why this rejection?-Browning expressed the view that system safety literature and seminars on system safety may have turned off generalist safety professionals because of the "exotica" they usually presented. I believe that to be so. En ~evert_heless, Browning went on to build The Loss Rate Concept In Safety
gmeenng on system safety concepts. He also gave this encouragement:
We have found through practical experience that industrial and general safety c~ be engineered at a level considerably below that required by the exotics, using the mathematical capabilities possessed by average technically minded persons, together with readily available input data. (p. 13)
336 A PRIMER ON SYSTEM SAFETY: SECTIONS 4.0, 4.2, 5.1.1, 5.1.2, AND APPENDIX F
There is a reality in Browning_' s ob'servatioris: S~stem safety _literature at the . he wrote ·his book- was loaded with governmental Jargon, and_ 1t easily repeUecttitne uninitiated. It made more of the highly complex hazard analysis and risk asse the techniques requiring extensive knowledge of mathematics and probability s~ment than it did of concepts and purposes. · - , eory
Some system safety literature did, and still does, give the appearance of ex t' 1 • o tea That is changing. Texts on system safety that are tru Y pnmers and slanted toward h ·
h . t e
neop yte have been wntten. · · ,
PROMOTING THE USE OF SYSTEM SAFETY CONCEPTS
With the hope of generating further interest by generali_s~ safety professionals in system safety concepts, it is suggested that they concentrate oh those basics through which gains can be made in an occupational, environmental, or product design setting and avoid being repulsed by the more exotic hazard and risk assessment metho- dologies. Ted Ferry said it well in the Preface he wrote for Richard Stephans' book System Safety for the 21st Century:
Professional credentials or experience in "system safety" are not required to appreciate the potential value 'of the systems approa:cli and system safety tech- niques to general safety' and health practice. (p. xiii) ·
To paraphrase Browning:All hazards-related incidents result from interactions of . r '
elements in a system. Therefore, all safety is system safety. Therein lies an important idea In Safety Management, John V. Grimaldi'and ·RolHn H. Simonds wrote:
A reference to system analysis may merely imply an orderly examination of an established system or subsystem. (p. 287)
Applying system safety as "an orderly examination of an established system or subsystem" to identify, analyze, avoid, eliminate, reduce, or control hazards can be successful in the less complex situations without using elaborate analytical methods.
Repeating for emphasis: Applying the fund~entals of system safety can meet a ' ' · t rest
huge percentage of the provisions of ZlO. For safety generalists who take an in~ in system safety concepts, the following reading list is offered, from which selecuons can be made. '
RECOMMENDED READING
Clift · E · ' b k · h · · This paper-on ncson s oo 1s w at the title says it is a System Safety Pnmer. b'ect back, published in 2011, is only a 140-page read, 'yet it covers the system safety su
1
very well as a primer. It is easy to read and is recommended.
RECOMMENDED READING 337
,n Safety for the 21st Century is an update by Richard Stephans of System 5Yst;ooo by Joe Stephenson. Stephans followed the advice given to "keep it as
Safe~ ,, The book begins with a history of system safe ty. Then the author pruner. . a •nto system safety program planning and management and system safety
moalves_st techniques. About half of the book is devoted to those techniques. an ys1 Stephans says:
'fhis book is specifically written for:
• safety professionals, including people in industrial and occupational safety, system safety, environm~ntal safety, industrial hygiene, health; occupational medicine, fire protecti~n, reliability, maintainability, and quality assurance
• Engineers, especially design engineers and architects • Managers and planners • Students and faculty in safety, engineering, and management (p. xv)
' A safety generalist w1;mld find this book to be a valuable source and not too difficult to read.
Basic Guide to System Safety was written by Jeffrey W. Vincoli. These two sen- tences are taken from the Preface: "It should be noted from the beginning that it is not the intention of the Basic Guide to System Safety to provide any level of expertise beyond that of novice. Those practitioners who desire complete knowledge of the subject will not be satisfied with the information contained on these pages."
Vincoli also says·: "The primary foc'ils pf this text shall be the advantages of utilizing system safety concepts and techn,iques as they apply to tht: general safety arena. In fact the industrial workplace can be viewed as a natural extension of the past growth experience (?f the system safety discipline ." (p. 5) Vin~oli ful- filled his purpose. He has written a basic book on system s.afety that willr serve"the novice well ' . ,.
MIL-STD-882E, Standard Practice for System Safety, issued by the Department of D~fense, serves well as a primer. It is available on the Internet and can ~e downloaded without charge at http://www.system-safety.org/. Click on 882E in the right-hand column.
1 The Federal Aviation Adntinistration's System Safety Handbook is also ~m the
ntemet as a free download. This is really a training manual. There, are 17 chapters ~;d lO appendices~all individually dow~loadable as a separate PDF file. Enter
ederal Aviation Administration System Safety.Handbook" into a search.Engine, or go ~h http://www.faa.gov/library/manuaWaviation/dsk_management/ss_handbook/. go d Loss Rate Concept in Safety Engineering, by R. L. Browning, is a small but ap 0
1 °0k that I have referred· to several times . Browning believes that one can int Y sy~tem safety concepts in an industrial setting without necessarily delving
thro exhotic mathematics. He builds on "The Energy Cause Concept", and works oug q 1. . ua 1tat1ve and quantitative analytical systems.
r
338 A PRIMER ON SYSTEM SAFETY: SECTIONS 4.0, 4.2, 5.1.1, 5. 1. 2 , AND APPENDIX F
System Safety Engineering and Management, 2nd ed., by Harold E. Roland Brian Moriarty is a good but more involved book. It provides an extensive revie and
· th d f 1· . w of the concepts of system safety and therr me o s o app ication. An overview f . . f al al.al Oa system safety program is given. The descnptions o sever an yt1c techniques valuable. For the application of some of them, quite a bit of knowledge about ma:~ ematics is necessary.
PROGRESS REVIEW
For an assessment of how system safe~y principle~ relate _to the requireme~ts for an occupational risk management system, readers are _asked to relate the prpvisions in 210 with what authors in system safety are writing.
Clifton Ericson in System Safety P~mer:
A known and acceptable level of safety can be achieved when the system safety process is continuously and unconditionally applied. (p . 2)
Relative safeness is calculated by the metric of risk. Risk is the estimated value of a potential event, based on the event's gain or loss and the event's likelihood of occurrence. Thus, how safe something is becomes a function of the amount of risk involved. (p. 3) ·
1
Since 100% freedom from hazards and risk is not possible, safety is more effectively defined as freedom from unacceptable risk. (p. 4)
System safety is a form of preemptive forensic engineering, whereby potential mis- haps are identified, evaluated and controlled before they occur. Potential mishaps and their causal factors are · anticipated during the design stage, and then design safety features are incorporated into the design to control the occurrence of the potential mishaps-safety is intentionally designed-in and mishaps are designed- out. This proactive approach to safety involves hazard analysis, risk assessment, risk mitig_ation through design and testing to verify design results. (p. 7)
Jeffrey ViJ,1coli in Basic Guide to Syi tem Safety:
The process of system safety revolves around a desire to ensure that jobs or tasks are performed in the safest manner possible,' fr~ from unacceptable ~sk or ~arm or daD;J-age. This forward-looking process occurs within a working en~1~~nment w~ere p~ople, operati~g procedures, equipment/hardware, and fac11It1es all. are mtegr~l factors that ~ay or may not affect the safe and success- ful completion of the Job of task. (p. i2) ·
The Hazard Risk Matrix incorporates the elements of the Hazard Se:verity ta?le and the Hazard Probability . table to. provide an effective tool for approx.iJnaung accepta~le and unacceptable levels or degrees of risk. Obviously, from a sySteIIlS standpomt, use of such a matrix facilitates the risk .assessment process. (p. 12)
b
REFERENCES 339
Richard Stephans in System Safety in the 21st Century:
The first and most effective way to control identified hazards is to eliminate them through design or redesign changes. (p. 14)
Design and build safety into a system rather than modifying the system later in the acquisition process when any changes are increasingly more expensive. (p. 22)
CONCLUSION
The principal intent in this chapter is to establish that fundamental system safety concepts can be applied by generalists in the practice of safety to meet the provisions in Zl0, outline ''The System Safety Idea," and encourage generalists who have not adopted system safety concepts to begin the inquiry and education to do so.
I sincerely believe that generalists in the practice of safety can learn from system safety successes and be more effective in their work through adopting system safety concepts. Their application in the occupational, environmental, and product safety settings would result in significant reductions in incidents having adverse effects.
In summation: The entirety of purpose of those responsible for safety, regardless of their titles, is to manage their endeavors with respect to hazards so that the risks deriving from those hazards are acceptable.
Note: The substance of this chapter appears in the fourth edition of my book On the Practice of Safety. It has been modified significantly to relate particularly to the provisions in ZlO.
REFERENCES
ANSI/AIHA 210-2012. Occupational Health and Safety Management Systems. Des Plaines, IL: American Society of Safety Engineers, 2012. Also at https://www.asse.org/cartpage. php?link=210_2005&utm_source=ASSE+Members&utm_campaign=3677c44444-210_ Standard_Announcement_9 _17 _129 _l 3_2012&utm_medium=email.
• • I
ANSI/ ASSE 2590.3-2011. Prevention through Design: Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Procttsse~. Des Plaines, IL: American _Society of Safety Engineers, 2011.
ANSI/ASSE 2690.1-2011. 'Vocabulary for Risk Management. Des Plaines, IL: American Society of Safety Engineers, 2011.
ANSIIASSE 2690.2-2011. Risk Management Principles and Guidelines. Des Plaines, IL: American Society of Safety Engineers, 2011.
ANSIJASSE 2690.3. Risk Assessment Techniques. Des Plaines, IL: American Society of Safety Engineers, 2011.
ANSI B 11.0-2010. Safety of Machinery-General Safety Requirements and Risk Assessments. Leesburg, VA: Bl 1 Standards, Inc., 2010.
ANSIIPMMI Bl55.1-2011. American National Standard for Safety Requirements for Packaging Machinery and Packaging-Related Converting Machinery. Arlington, VA: Packaging Machinery Manufacturers Institute, 2011.
340 A PRIMER ON SYSTEM SAFETY: SECTIONS 4.0, 4.2, 5.1.1 , 5.1.2, AND APPENDIX F
Browning, R. L. The Loss Rate Concept In Safety Engineering. New York: Marcel Dekker 1980. '
BS OHSAS 18001 :2007: Occupational health and safety management systems-Requirements. London: BSI Group, 2007.
Clements, P.L. and Rodney J . Simmons. System Safety and Risk Management, NIOSH Instructional Module, A Guide for Engineering Educators. Cincinnati, OH: National Institute for Occupational Safety and Health, 1998.
CSA Z1002-12. Occupational health and safety-Hazard identification and elimination and risk assessment and control. Toronto, Canada: Canadian Standards Association, 2012.
EN ISO 12100-2010. Safety of Machinery-General principles for Design. Risk assessment and Risk reduction. G 6neva, Switzerland: International Organization for Standardization, 2010.
Environmental Management Systems: An Implementation Guide for Small and Medium- Sized Organizations, 2nd ed. Access at http://www.fedcenter.gov/_kd/ltems/actions. cfm?action=Show&item_id=598&destination=Showltem. Copyright is held by NSF International Strategic ij.egistrations,. Ltd., Ann Arpor, MI.
Ericson, Clifton A. II. System Safety Primer. Self-published, 2011. Available through Internet bookseUers. , ,
Federal Aviation Administration System Safety [Jandbook. Enter the title into a search engine, or access at http://www.faa.gov/library/manuals/aviation/risk_management/ss_handbook/.
GEIA-STD-0010-2008. Standard Best Practices for System Safety Program Development and - Execution. Arlington, YA: Information Technology A_ssociation of America, 2008.
Grimaldi, John V. and Rollin H. .Simonds. Safety Management. Homewood, IL: Irwin, 1989. Guidance On The Principles Of Safe Design For Work. Canberra, Australia: Australian Safety
and Compensation Council, an entity of the Australian government, 2006. Machine Safety: Prevention of mechanical hazards. (2009). Quebec, Canada: The Institute for
research for safety and security at work and The Commission for safety and security at work in Quebec, 2009. Also at www.irsst.qe.ca.en/home.htrnl.
MIL-STD-882E. Department of Defenses $tandard P~actice System Safety, 2012. It is 'available on the Internet and can be downloaded at http://www.system-safety.org/. Click on 882B in the right-hand column.'
OSHA's Rule for Process Safety Management of Highly ·Hazardous Chemicals, 29 CFR 1910.119. Washington, DC, OSHA, 1992.
Risk Assessment. The Europelin Union, 2008. http://osha.europa.eW:en/topics/riskassessment. Roland, Harold E. and Brian ~foriarty. System Safety Engineering and Management, 2nd ed.
Hoboken, NJ: Wiley, 1990. ' i · • "Scope and Funqtions of the Professional Safety Position" brochu;e. Des Plaines, IL. American
Society of Safety Engineers, 1998. ' Stephans, Richard A. System Safety in the 21st Century. Hoboken, NJ: Wiley, 2004, . d System Safety Analysis Handbook (for which Warner Talso and Richard A. Stephans provide
stewardship). Unionville, VA: Internatipnal System Safety Society, 1999. Vincoli, Jeffrey W. Basic Guide to System Safety. Hoboken, NJ: Wiley, 1993.
