What is safety?
“Safety is the state on which the possibility of harm to persons or of property damage is reduced to, and maintained at or below, an acceptable level through a continuing process of hazard identification and safety risk management.”
ICAO SMM 3rd Edition (Doc 9859) – 2013
“the state in which risks associated with aviation activities, related to, or in direct support of the operation of aircraft, are reduced and controlled to an acceptable level”
ICAO SMM 4th Edition (Doc 9859) – 2018
“Safety is protection from harm”
NZ SMS summit May 2018
CAA NZ SMS Booklet 2
Is it possible to achieve the following?:
- Zero accidents or serious incidents?
- Freedom from danger or risks?
- Avoidance of all errors?
- Safety through regulatory compliance?
How are controlled risks and errors acceptable in an inherently unsafe system such as aviation?
Is it the controlled acceptance and correct management of risk that allows an organisation to generate profit?
What does it mean when we say ‘…be safe…‘?
How is safety relative?
Operational Safety vs Occupational Safety?
The evolution of safety thinking
Following WWII, there were significant technological advances in aviation, including advances in Safety. However, the Human Machine Interface progress was not as rapid, nor was the Human to Human Interface. This evolved with early CRM and has become Human Factors / Non-Technical Skills knowledge.
The integration of both Technological and Human factors into Organisational Factors provides the greatest safety outcomes.
SMS and ICAO adaptation of HF have been evolving since the early 1990s. There came a recognition that both human and organisational factors contribute to an accident, incident or significant event.
The Piper Alpha disaster in 1988 and the subsequent Lord Cullen inquiry into it had a significant impact on the evolution of Systemic Safety and the development of SMS.
More recently is the recognition that safety management must not be viewed in isolation. Safety will have relationships and interactions with multiple parts of a business or organisation.
The accepted modern concept and business tool is Integrated Management Systems.
The Heinrich model
High Reliability Industry
High Reliability Industries repeatedly deliver successful, predictable results in a dynamic, technologically complex, time-constrained, and high-hazard environment. Examples of HRIs include:
- off-shore Oil and Gas
- nuclear industry
- space exploration
- heavy mining
Hallmarks of High Reliability Industries include:
- looking for low frequency/High consequence events
- carrying out deliberate actions to achieve predictable results
- maintaining a sense of ‘chronic unease’ (sometimes called ‘respectful distrust’)
- learning how to ‘fail in a safe way‘, and then asking ‘how did we contribute to this failure?“
ICAO utilised the work of Professors James Reason and Patrick Hudson (among others), to bring organisational failure and safety culture to the forefront in consideration for accident causation.
The Reason model of accident causation describes how breaches of multiple system defences can result in accidents. Professor James Reason argued that single point failures in complex systems like aviation, that are well defended by layers of defence, are rarely consequential. The defence failures (breaches) can be both active or latent.
An Active failure is a decision,regardless of the motivation; (Mistake, error, lapse, violation), that results in a defence layer being breached.
Example; maintenance crews using work-a-rounds to achieve operational efficiency when they know a procedure might be contrary to SOPs.
A Latent failure is more insidious, it lies in wait and is unknown until discovered.
Example: An organisational manual that details company procedure, that happens to be contradictory to OEM manual perhaps prohibiting such action.
The concept of an ‘organisational accident’ considers how the processes that an organisation could have reasonable control over (such as policy, planning, communication, supervision and how resources are allocated) should act as defenses against an accident. Unfortunately, when mis-managed, the same processes can lead to accidents and incidents.
Practical drift and normalisation of deviation
Practical drift occurs where a system’s baseline performance ‘drifts away’ from the design parameters. Drift could be due to a system being utilised more effectively than expected, and where performance exceeds expectation. However, it could also result in less than expected performance due to misuse, misunderstanding or a lack of appropriate training or supervision.
Practical Drift is the barely detectable movement away from baseline performance, due to external circumstances outside the design criteria of the system.
Normalisation of deviation is the intentional violation of procedure that occurs so regularly that it becomes the norm. The lack of negative outcome produces the illusion that deviation from normal procedures is acceptable. Many accidents have occurred as a consequence. The saying ‘…but we’ve been doing it this way for years…’ is often cited as a defence of the indefensible.
An absence of evidence is not evidence of absence…
Take special note of what is said at 1:15 to 1:30 for class discussion