The Safety Artisan is on Thinkific

I'm pleased to tell you that The Safety Artisan is on Thinkific!



Thinkific is a powerful and beautifully-presented online Learning Management System.  This will complement the existing Safety Artisan website.  My first course will be 'System Safety Assessment' with ten hours of instructional videos. The new course is here.



(Please note that this is the same course as my 'Complete System Safety Analysis Bundle' of 12 videos available here.  So, if you've already bought that - thanks very much - please don't buy it again, as you already have all the material.)



https://youtu.be/w3LvPFXAaFw

What will the System Safety Assessment Course do for you?



Transcript of the Video



Read the Transcript Here:

Welcome to the System Safety Assessment course



In this course, you will gain knowledge, skills, and confidence.  You will gain knowledge of what is involved in system safety assessment.  The individual tasks and techniques you need to carry out.



But more importantly, how to put them together into a successful program and how to tailor all these different tasks keeping some, but leaving out others so that you get an efficient and effective safety program, no matter what application or what system you are working with.



So that's the knowledge and the skills



You'll also get the confidence to be able to get you started.  Now, there is no substitute for live face-to-face training and coaching.  But this format is much more accessible to you and much more reasonably priced.  So wherever you are in the world, whatever time and day you want to do your learning, you can access this course and you can gain confidence to get you started.



So if you're worried about a job interview, what you're going to say or you're worried about how to do a job and there's nobody around to help you.  Then this course will give you the confidence to get started and to be aware of the pitfalls before you begin.



So what makes me confident that I can help you?



Well, first of all, I've got 25 years of experience applying system safety.



And I've done that in the UK, in the United States, in Australia, and in the European Union.  I've seen a wide variety of legal jurisdictions that I've worked in.  Also, I've worked on a wide variety of systems.  I've worked on planes, trains, ships and submarines, software, and I.T. systems all kinds of stuff.



I've worked on some gigantic multibillion-dollar projects and some much smaller ones.  So I know how to pragmatically apply this stuff, at a reasonable scale without spending stupid amounts of money.



And in fact, as part of my job as a consultant, I spent half the time telling clients to do less and spend less and still get an effective result.  So that's where I'm coming from.



I've also got experience teaching system safety in the classroom.  I've taught hundreds of students, from various different projects.  And now I have hundreds of online students, and I'm very pleased to be able to help all of those as well.



So that's why I think that I can help you



And I hope that you will enjoy this course and get a lot out of it.  Thanks very much for considering The Safety Artisan.



What do you think of the new page?

#riskassessment #riskassessmentdefinition #riskassessmentexample #riskassessmentframework #riskassessmentinsafety #riskassessmentmatrix #riskassessmentmethodology #riskassessmentprocess #riskassessmentreport #riskassessmentsteps #safetyassessment #stepstoriskassessment

Simon Di Nucci https://www.safetyartisan.com/2022/02/23/the-safety-artisan-on-thinkific/

The Risk Matrix

In this article, I look at The Risk Matrix, a widely used technique in many industries. Risk Matrices have many applications!



In this article, I have used material from a UK Ministry of Defence guide, reproduced under the terms of the UK's Open Government Licence.



Introduction



A risk matrix is a graphical representation of the various risks associated with a project and its corresponding risk management strategies. It helps to identify and prioritize potential risks.



What is a Risk Matrix?



A safety risk matrix provides a framework for ranking or classifying safety issues according to their significance. The matrix is sometimes called a “hazard ranking matrix” or a “hazard classification matrix”, but it is strictly applied to accidents, since these have harmful outcomes, whereas hazards only have the potential for harm. The matrix can be used as a risk screening tool to help decide which issues need treatment first or which need not be considered further at this time.



Risk matrices can cover exposure to different types of loss, including harm to humans, damage to the environment, financial loss or impact on reputation. If a loss in these diverse categories can be considered in common terms (e.g. the monetary impact of all types of loss), then a single matrix can cover all such issues together and prioritize which are the most significant.



The matrix covers a “risk space” defined by the two component parts of risk, namely likelihood on one axis and consequence (or severity) on the other. Each axis must span the full range of outcomes, which are considered possible for the system of interest. Each range is divided into a number of categories or bands (typically between 3 and 8) to define the cells of the matrix.



The bands on the two axes may be defined in terms that are purely qualitative, semi-quantitative, or fully quantitative, for example:



- Qualitative:- Likelihood is (Frequent/Reasonably Probable/Remote/Extremely Remote)

- Severity is (Minor/Significant/Severe/Catastrophic)

- Semi-quantitative:- Likelihood is (e.g. likely to occur once per year on one site)

- Severity is (e.g. a single death)

- Quantitative:- Likelihood is (e.g. between 1x10-4 and 1x10-5 per year on one site)

- Severity is (e.g. between 1.0 and 10.0 Fatalities and Weighted Injuries)



Each cell of the matrix is assigned an indicator defining the relative significance of issues falling in that zone. This indicator could be:



- A risk descriptor (e.g. Low, Moderate, High, Very High)

- A risk score or index (e.g. a number from 1 to 20)

- A priority category (e.g. High, Medium or Low)

- A risk class (e.g. A, B, C or D)

- A measure of expected rate of harm or loss (e.g. 5.4 Fatalities and Weighted Injuries per year or £45,000 per year)



Where likelihood and consequence are stated quantitatively, the axes are usually considered to have logarithmic scales. Adjacent bands will typically differ by one order of magnitude. In this case, lines of constant risk run diagonally across the matrix and the risk will range by a factor of 100 across the area covered by a single cell. This illustrates that the matrix is a coarse tool, which can show large differences in risk, but does not address fine detail, such as compliance with quantitative risk requirements.



To apply the matrix, users must have a list of the relevant safety issues (from Hazard Identification and Hazard Analysis) and estimates of the likelihood and severity of each possible accident (from Risk Estimation). The matrix is therefore a technique for Risk Evaluation, which follows on from Risk Estimation. The estimates of accident likelihood and severity may be generated by different methods, depending on the stage of the project, the information available and the significance of the safety issue being explored. For example, the estimates may come from:



- Engineering judgement by Subject Matter Experts with knowledge of similar systems

- Historical data from this or similar systems

- Detailed modelling (e.g. using Fault Tree Analysis and Event Tree Analysis or Bow-Tie Analysis)



Examples of Risk Matrices



The following example matrices show some of the variations in format, terminology and risk indicators across a range of sectors and standards.



Example 1: IEC 31010 Example risk ranking matrix. Severity on x-axis increasing left to right, likelihood on y-axis increasing bottom to top, with five “risk levels” which are linked to decision rules such as the level of management attention or the time scale by which response is needed.



IEC 31010 Risk Matrix



Example 2: Def Stan 00-56 Issue 2 Example accident risk classification table. Severity on x-axis increasing right to left, likelihood on y-axis increasing bottom to top, four risk classes identify significance and so management level for approval.



 CatastrophicCriticalMarginalNegligibleFrequentAAABProbableAABCOccasionalABCCRemoteBCCDImprobableCCDDIncredibleCDDDDef Stan 00-56 Issue 2 Example Accident Risk Classification Table



Example 3: IMO Guidelines on FSA. Example hazard risk index matrix. Severity on x-axis increasing left to right, likelihood on y-axis increasing bottom to top, risk index (RI) in each cell calculated by adding Severity Index (SI) for column and Frequency Index (FI) for a row. RI can be considered as log(risk), obtained by adding FI and SI.



FIFrequencySeverity (SI)1234MinorModerateSeriousCatastrophic7Frequent8910116 789105Reasonably probable67894 56783Remote45672 34561Extremely remote2345IMO Guideline on FSA: Risk Ranking Matrix



Example 4: ISO 17776 Offshore Sector Example risk matrix. Severity on y-axis increasing top to bottom, likelihood on x-axis increasing right to left to top, matrix areas define future action to be taken.



ISO 17776 Risk Matrix



Risk Matrix Assessment



When it Might be Used



The matrix is usually set up at an early stage of the lifecycle, defining the framework to be used for risk evaluation at subsequent stages. It should be used early in the lifecycle to provide a coarse sift of the identified safety issues so that attention can be focused on the most significant ones. This attention may involve more detailed analysis to understand complex accident sequences and to apply semi-quantitative or fully quantitative risk assessment techniques where appropriate.



Later in the lifecycle, the risk matrix may be used for determining the appropriate management level for review and acceptance of each safety issue. This ensures that the key risk drivers are brought to the attention of senior managers but they are not swamped with masses of information on less significant matters.



During the in-service stage of the lifecycle, the risk matrix technique can be applied to give an indication of significance for new safety concerns, such as those revealed by incidents or due to proposed design changes. Risk monitoring can be focused on the issues of highest significance as well as targeting resources for risk reduction.



Advantages & Disadvantages



Advantages



- Risk matrices provide a quick appreciation of the most significant issues so that attention can be focused where it will have most benefit.

- Matrices provide a visual representation which is easily understood and so aids communication with non-specialists.

- Risk matrices can cover impacts which are different in nature (e.g. harm to people, harm to the environment, material or financial loss), provided that these can be equated in common units (e.g. in money terms).



Disadvantages



- Risk matrices are good for examining different issues affecting one system or activity on the basis of their risk relative to each other. They are not effective for understanding absolute risk.

- There is no single, correct interpretation of the level at which “safety issues” should be selected for presentation on the risk matrix. This means that different analysts may choose different levels and the resulting list of prioritised issues is somewhat subjective. The apparent results may be changed by “accident splitting” (i.e. defining one safety issue as two or more different accidents, each of which will appear to have lower risk).

- Risk matrices consider safety issues one at a time and so do not help understanding the overall or aggregate risk exposure.

- When a variety of different outcomes is possible from a single issue (e.g. fire – consequences can range from no harm to multiple deaths) it can be difficult to choose which likelihood and consequence combination should be used.

- As a broad-brush technique, risk matrices should not be used for considering whether quantitative risk targets have been met or as the only technique for examining complex or high consequence issues. The matrix can, however, highlight high consequence issues so that they then receive more detailed consideration.



Risk Matrices for Project Management



In project management, we are aiming for specific outcomes, often represented as the project management triangle.



Project Management Triangle



In the center is quality (and/or safety), which is central to indicate that this cannot be compromised.  The three corners are cost, time, and scope (or requirements), and these can be traded off against each other.



This representation helps us to identify project risks by the effect that they might have on the project’s objectives.  ISO 31000 defines risk as “the effect of uncertainty on objectives”.  Again, the risk matrix allows us to identify and rank risks, identifying the biggest, most critical risks.  These risks are where we will focus most attention, looking for multiple controls, or defense-in-depth, for the most serious ones.   



An old saying is that “you can have a quick job, a proper job, or a cheap job; you can have two out of three, but you can’t have all three.”  Taken literally this is a little pessimistic, but it does remind us that if we set an absolute target on one of these axes, then we will likely have to trade the other two off against each other.   



This axiom also gives us some basic principles on which to identify controls.  We might desire controls that allow us to achieve all objectives at the same time, but this is often unrealistic.  Practical experience – encoded in a saying – suggests that we must be prepared to accept some trades in budget/schedule/scope.



Thus the risk matrix, in combination with some basic project management principles, enables more realistic decision-making.  (Real decisions involve saying ‘no’ to some things in order to say ’yes’ to others.)  Rather than naively thinking that we can have it all, the risk matrix supports robust early decision-making. 



This should make project success more likely – until somebody changes the objectives!



Additional Considerations



It should be noted that risk matrices from different standards and industry sectors are not always represented in the same way. The most common convention has a Cartesian representation (i.e. values increasing left to right and bottom to top on the two axes) so that risk increases from bottom left to top right, but the examples below show that several common matrices have a different format.



If risk estimates are generated by a team of Subject Matter Experts, their deliberations can be biased (consciously or unconsciously) if they know the risk matrix framework. There may be a tendency to choose likelihood and/or severity estimates that result in a lower apparent risk so that it attracts less management scrutiny.



Uncertainty of the estimates of severity and likelihood can be represented on a risk matrix by showing that risk with error bars rather than a single point. This can help understanding by senior managers.



Using common matrices for different systems does not necessarily result in risk estimates that can be compared in a meaningful way. The systems may have diverse risk exposure factors (e.g. number of people exposed, usage rate) and different numbers and types of accidents to consider.



(For more on risk management, see the FAQ.)



Do You Use a Risk Matrix in Your Work?

#3x3riskmatrixtemplateexcel #examplesofriskmatrix #howtocreateriskmatrix #riskmatrix3x3 #riskmatrix5x5 #riskmatrixapproach #riskmatrixbenefits #riskmatrixdesign #riskmatrixguide #riskmatrixhealthandsafety #riskmatrixhighmediumlow #riskmatriximage #riskmatrixinsafety #riskmatrixlowmediumhigh #riskmatrixmethod #riskmatrixmethodology #riskmatrixpowerpointtemplate #riskmatrixproject #riskmatrixrating #riskmatrixword #riskmatrices #riskmatrix #riskmatrixassessment #riskmatrixforprojectmanagement #riskmatrixinprojectmanagement #whatisariskmanagementmatrix

Simon Di Nucci https://www.safetyartisan.com/2022/01/26/the-risk-matrix/

Risk: Averse, Adverse, or Appetite?

You heard me right. Risk: Averse, Adverse, or Appetite? Which would you choose? Do we even have a choice? Read on ...



We often hear that we live in a risk-averse society.  By that, I mean that we don't want to take risks, or that we’re too timid.  I don't think that's the whole story.



In reality, we need to deal with several concepts.  Let's start by looking at risk:



- Aversity;

- Adversity;

- Appetite; and then

- Perception.



Risk Adverse versus Risk Averse



These terms are often used incorrectly, so here's a useful comparison:



Many people are confused when faced with the choice between adverse and averse.  While these two adjectives have many similarities, they are not used interchangeably. If you want to describe a negative reaction to something (such as a harmful side effect from medication) or dangerous meteorological conditions (such as a snowstorm), adverse is the correct choice. You would not say that you had an ‘averse’ reaction to medication or that there was ‘averse’ weather. In short, adverse tends to be used to describe effects, conditions, and results; while averse refers to feelings and inclinations.”Merriam-Webster Dictionary



Risk Adverse



A Formal Definition of Adverse



Again, the Merriam-Webster Dictionary sails to the rescue:



- 1: acting against or in a contrary direction: - HOSTILE,

- hindered by adverse winds

- 2a: opposed to one's interests, - an adverse verdict,

- heard testimony adverse to their position,

- especially: UNFAVORABLE,

- adverse criticism

- b: causing harm: HARMFUL, adverse drug effects

- 3: archaic: opposite in position”



This is all very well, but we need something that we can use, like a...



...Practical Definition of Risk Adverse



The Law Insider website provides a very useful definition of ‘Risk Adverse’.   



“Adverse Risk means any risk of an adverse effect on the Development, procurement or maintenance of Regulatory Approval, Manufacture or Commercialization of a Product.”Law Insider



It’s useful because it is so pertinent to safety.  Let me explain. Often, we want to develop a product or service, but there are:



- Development risks – often called Project Management risks, as a development is often the focus of a project.  Remember that the ISO 31000 defines risk as “the effect of uncertainty on objectives”.  By definition, a project has specific objectives (e.g., budget, schedule, and quality). 

- Procurement risks – when acquiring a new product or service and enterprise may also acquire development risks, for the new or upgraded thing.  There are also risks associated with contractual acceptance, fielding the product, etc.

- In many industries and domains, regulatory approval may be needed.  This may require qualification, certification, or accreditation (or a combination thereof).

- Commercialization risks include making a product commercially viable, positioning it in the market, and gaining user and/or public acceptance.     



Each one of these topics is a massive subject, about which countless books have been written.  Law Insider’s definition is very powerful!



Risk Averse



So, risk aversion is about feelings and inclinations.  This is such a familiar topic, that perhaps we don’t bother to explore it. Later on in this post, we will explore Risk Aversion by looking at Risk Perception.



Before we do that, let’s look at the opposite of Risk Aversion.



Risk Appetite



“Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its objectives, before action is deemed necessary to reduce the risk. It represents a balance between the potential benefits of innovation and the threats, that change inevitably brings. The ISO 31000 risk management standard refers to risk appetite as the "Amount and type of risk that an organization is prepared to pursue, retain or take". This concept helps guide an organization's approach to risk and risk management.”Wikipedia



Risk appetite is a really interesting concept.  The definition is that risk appetite is the level of risk that a person or organization is prepared to accept in pursuit of objectives. 



Why is Risk Useful?



Risk is necessary because we need to take risks to do almost anything. Every time we breathe in, every time we eat or drink something, we’re taking a risk.



It's the same for businesses, enterprises, and nations.  If we keep on doing the same old thing again and again, eventually someone else will come along and outcompete us.  Ironically, the risk is that we fail to adapt and cease to exist – Darwinian selection. 



A great example of this is the Kodak corporation.  For years Kodak dominated the photography market.  However, they failed to see the promise of digital photography and didn't take advantage of it. They were overtaken by rivals, and in the end, this mighty corporation went out of business.



So to ensure the survival of an entity, we must accept change, we must take risks. This seems to be true of populations, businesses – even software programs seem to illustrate this kind of evolutionary development .



Quantifying Risk and Appetite



In some areas of business, it's easy to define risk appetite.  Financial corporations can easily define how much loss they are prepared to accept.  They can accept that a certain percentage of turnover or profit will be lost to fraud or error. 



A more sophisticated business might quantify the benefit of taking risks.  For example, lending more money might result in greater profits.  If a business understands the relationship between risk and opportunity, it can exploit it.



Too Big to Fail



A few years ago we saw the downside of that thinking.  Organizations thought they were too big to fail or too clever – they couldn't go wrong.  Some high-profile failures lead to a domino effect, whereby many institutions effectively collapsed.  This was the Global Financial Crisis. 



As a result, the regulation of lenders was tightened up.  Banks and similar bodies were forced to keep higher reserves of cash and assets in order to survive miscalculations of risk.



How Much Risk is Enough?



So, how can we determine an appropriate risk appetite, without over-reaching ourselves?



This is a particularly difficult judgment when considering safety. Now we are not trading $ for $, we are trading dollars for injury and even death.  This is a much more difficult ethical problem.  There are various ways of making this judgment, for example in Australia we can refer to Safe Work Australia's guidance. 



In this article, we will consider what leads us to a distorted perception of risk. 



Risk Perception



Some researchers claim that there are three factors that cause us to look at risk and misunderstand it.



“Psychometric research identified a broad domain of characteristics that may be condensed into three high order factors: 1) the degree to which a risk is understood, 2) the degree to which it evokes a feeling of dread, and 3) the number of people exposed to the risk. A dread risk elicits visceral feelings of terror, uncontrollable, catastrophe, inequality, and uncontrolled. An unknown risk is new and unknown to science. The more a person dreads an activity, the higher its perceived risk and the more that person wants the risk reduced.”Wikipedia



I have observed that people are ready to take more risks when they think they are in control.  For example, we’re more willing to take risks when driving, rather than in trains or planes where someone else is in control. 



It's interesting to recall that our risk of death per journey is the same in a car as it is in a plane.  Moreover, we are three times more likely to be injured in a car crash than in an air crash.  Yet, people worry about flying, but they don't think about the car journey to get to the airport. 



Therefore, if we are to think rationally about risk, we must address those three factors of risk perception – and control. 



Three Risk Perception Factors



First, we must understand risk.  Risk assessment helps us to do this and can help us make objective decisions.



Second, we must recognize feelings of dread, for example, fear of radiation.  We must strive to understand the mechanisms that give rise to risks so that we can understand how to treat or control them. This should give us confidence, which will counteract dread.



(Also, we might explicitly identify the benefits of the risky activity.  This should help us to deal with dread rationally.) 



Third, we must estimate the number of people exposed to the risk.  Accidents with multiple casualties cause Societal Concern and get a lot of media attention, whereas the constant background of individual casualties in car accidents goes largely unreported.



Let’s Look at Control 



We often have the illusion that we are in control, and that this will prevent accidents.



The night I had my most serious car accident, I was hit by a drug/ drunk driver.  I had not lost control of my vehicle and I had done nothing wrong.  However, when the other car turned into my path, I could not avoid the collision. 



We need to give people a realistic view of how much they really control. 



If we can give people control, without real adverse effects, then so much the better.  Either that or take away control completely and make sure that users know this.



Many fatalities have resulted from users misunderstanding how much control they had – for example over ‘self-driving’ cars.  



Outrage 



All these factors are challenging to deal with.  Moreover, there are a number of agents using social media to stoke and exploit public outrage. This is done for various purposes, which may have nothing to do with actual levels of risk (i.e. it not be a genuine societal concern).



Perhaps we can learn from those who manage outrage for enterprises that need it?  



They work to actively and regularly present a rational view of risks and benefits.  This is intended to counter the sensationalist reporting that will arise from time to time.  Think of it as a regular vaccine of rationality against periodic outbreaks of emotional outrage.   



Risk: Averse, Adverse, or Appetite? Conclusion



Of course, there are no guaranteed solutions or magic answers to these questions.



We will always have a subjective and visceral reaction to danger.  This is a good thing, essential even.  It's a very important survival skill, and we should be afraid of things that can hurt us.



Yet, to live without risk at all is simply not possible – we will all die of something.  Will we achieve something meaningful before that dread day comes?



To do anything requires us to take risks.  As individuals, as a society, we need to take risks to enjoy the benefits that result.  “Great empires are not maintained by timidity” as a Roman historian once said.  



As in so many things, we are looking for a balance. 



How much risk-aversion do you need to survive, versus how much risk appetite to thrive?



(For more on risk management, see the FAQ.)



https://www.merriam-webster.com/dictionary/averse#



https://www.merriam-webster.com/dictionary/adverse



https://www.lawinsider.com/dictionary/adverse-risk



https://en.wikipedia.org/wiki/Risk_appetite



Les Hatton & Greg Warr, Conservation of Information in Proteins, Software, Music, Texts, the Universe and Chocolate Boxes, Heiland Lecture, Colorado School of Mines, 06 Mar 2018.



https://en.wikipedia.org/wiki/Risk_perception



https://www.goodreads.com/quotes/313217-great-empires-are-not-maintained-by-timidity

#meaningofriskappetite #oppositetoriskaverse #riskadverse #riskappetite #riskaverseandriskseeking #riskaversedef #riskaversedefine #riskaversiondefine #riskaversionmeaning #whatisriskaversemean

Simon Di Nucci https://www.safetyartisan.com/2022/01/12/risk-averse-adverse-or-appetite/

Due Diligence and Safety

In this article, I'm looking at Due Diligence and Safety in the USA, UK, and Australia. Why? Because Due Diligence is the root of so much that we should be doing in Safety.



Let's start with the definitions of due diligence in the way that it applies to safety (because due diligence is a concept that has many different applications in business.)



Due Diligence in the United States of America



Definition of Due Diligence



1law : the care that a reasonable person exercises to avoid harm to other persons or their property … Doing your due diligence: “… in this sense, it is synonymous with another legal term, ordinary care.”

Merriam-Webster Dictionary



That’s the definition from a popular US dictionary.



Workplace Safety in the USA



In the USA, the Federal Occupational Safety and Health Agency, (OSHA), governs health and safety in the workplace.  As the USA is a federal state, what the OSH Act or Agency covers is complex, as follows:



- The Agency covers most private sector employers in all 50 US states, either directly through the federal agency or through an OSHA-approved state plan – 22 states have such a plan;



- Workers at state and local government agencies are not covered by the Agency, but have OSH Act protections if they work in those states that have an OSHA-approved state program;



- The Agency protects workers of all federal agencies;



- The Act does not cover the self-employed, immediate family members of farm employers; and



- The Act does not cover workplace hazards regulated by another federal agency (for example, the Mine Safety and Health Administration, the Department of Energy, or Coast Guard).  



Are you confused?  I am!



Product Safety in the USA



To add to my confusion the US Consumer Product Safety Commission (CPSA) regulates the safety of some consumer products. It does so under thirteen different federal laws.  These acts regulate, for example, child safety, flammable fabrics, art supplies, poisons, and refrigerators.  I can't see any coherent pattern to what the CPSA regulates.



However, the US Federal Government tends not to manage product safety.  It is more often addressed via state legislation, which varies from state to state.  



Product safety is also dealt with through civil liability: victims sue you if your product hurts someone.  In other words “Product liability is the area of law in which manufacturers, distributors, suppliers, retailers, and others who make products available to the public are held responsible for the injuries those products cause.”



There are different theories of liability, one of them being ‘strict liability.  “In criminal and civil law, strict liability is a standard of liability under which a person is legally responsible for the consequences flowing from an activity even in the absence of fault or criminal intent on the part of the defendant.” 



Back to Due Diligence



Now we circle back to due diligence: “due diligence is the only available defense to a crime that is one of strict liability … Once the criminal offence is proven, the defendant must prove on balance that they did everything possible to prevent the act from happening.”



(I also note from that Wikipedia article that “It is not enough that they took the normal standard of care in their industry – they must show that they took every reasonable precaution.”  We now seem to be heading towards our old friend ‘reasonably practicable’ – but that’s another article!)



There is a big difference in the way that the USA manages workplace and product health and safety.  Due Diligence may be a useful concept in all these settings. However, I'm finding it very difficult to say what it means when applied to safety.



Due Diligence Around the World



It was also challenging to pin down due diligence and safety in the United Kingdom (and still is).



In 2007, the UK’s Health and Safety Executive (the national regulator, much like OSHA in the USA) published a useful study into Due Diligence.  This report looked at “whether the law in nine different countries imposes health and safety duties upon boardroom directors (and other senior managers)”.



Due Diligence in Nine Different Countries



It concluded that “seven out of nine countries contain safety legislation that imposes positive safety obligations upon either directors or senior managers of companies. These are: Germany, France, Italy, Sweden, Japan, Canada (four out of fourteen jurisdictions) and Australia (two out of nine jurisdictions).”



Thus, the criminal law in these countries imposes safety obligations on directors or senior managers.  



Interestingly, the Report found that exercising “due diligence to prevent the commission of the offence” was often found to be a viable defense for company directors and senior managers in many jurisdictions.



Due Diligence in the United Kingdom



The report observed that, in 2007, “It is fair to say that the legislative framework for regulating occupational health and safety (OHS) in Great Britain appears unusual in not imposing positive duties on directors. The majority of the nine countries studied do have this kind of legislation.” 



The UK brought the Corporate Manslaughter and Corporate Homicide Act into force in 2007 – the same year as this Report.  The UK introduced this because of several failures to prosecute company directors after high-profile fatal accidents.  Before 2007, courts had to find individuals guilty of gross negligence manslaughter to hold them accountable. Such prosecutions often failed.



Whether the Due Diligence Report had any influence on the 2007 Act is hard to say. This Report is still the best result on the UK HSE's website for 'due diligence' so not much seems to have changed.



Safety Law in Australia



Now Australia has an interesting mix of approaches derived from those in the USA and UK.



Australia is a Federation



Australia, like the USA, is a federal state.  Responsibility for health and safety generally resides with the states and territories.  The federal government only controls health and safety in federal workplaces or on federal land.  In Australia, we have a similar jurisdictional model to the USA, with all the complexity that can introduce.



US practices also influence Australian industry and commerce.  Safety requirements are often met by meeting specifications. (Whereas the UK uses a 'safety by intent’ approach - another article I must write).  Thus, Australian safety practice often relies on certification against standards, as in the US. 



Australian Work Health and Safety Law



In Australia, we have adopted our own version of the UK Health and Safety at Work Act, 1974.  The Australian government introduced a much-refined version of UK law in 2011, some 37 years after the UK Act.



To achieve standardization across Australia, the Federal Government agreed with state and territory governments to introduce a model-based approach.



Safe Work Australia developed the Model WHS Act, Regulations, and Codes of Practice, collaboratively. Then the states and territories all agreed to adopt these centrally-developed articles of legislation.



States and territories were free to modify the Models as they saw fit. In general, the different jurisdictions have changed little, although Victoria has chosen not to implement WHS at all (thanks, Victoria, for being team players).



Unlike in the USA, Australian Work Health and Safety (WHS) legislation covers both workplaces and non-consumer goods. (Consumer goods are covered by other laws.)



This criminal law sets standards that manufacturers, designers, importers, and users must achieve when engineering, installing, commissioning equipment, and running it within a workplace.



Safety Due Diligence in Australia



In Australia, we are fortunate that the Work Health and Safety Act introduces a very specific and practical definition of what Due diligence is when applied to safety duties.



The Act says that Officers (company directors and senior managers) have additional duties.  Officers must exercise ‘due diligence. Under Division 4—Duty of officers, workers and other persons, Section 27  Duty of officers:



             (1)  If a person conducting a business or undertaking has a duty or obligation under this Act, an officer of the person conducting the business or undertaking must exercise due diligence to ensure that the person conducting the business or undertaking complies with that duty or obligation. 

Australian WHS Act, 2011



We’re now talking about what is due diligence in the context of health and safety. I need to be precise about that. The term 'due diligence' appears in other Australian laws and can have different meanings. In this post, the definition of due diligence applies to WHS duties only.



We’ve got to do six things, in sub-paragraphs (a) to (f), to demonstrate due diligence. 



What does Due Diligence Mean (a & b)?



(5)  In this section, due diligence includes taking reasonable steps:



                     (a)  to acquire and keep up‑to‑date knowledge of work health and safety matters; and



                     (b)  to gain an understanding of the nature of the operations of the business or undertaking of the person conducting the business or undertaking and generally of the hazards and risks associated with those operations; and

Section 27



Officers must acquire and keep up to date with knowledge of work health and safety matters obligations and so forth.



Secondly, officers must gain an understanding of the nature of their business's operations and the risks they control.  If you’re a company director you need to know what the operation does.



You cannot hide behind “I didn’t know” because it’s a legal requirement for you to do so.  There's no pleading ignorance because ignorance is, in fact, illegal and you’ve got to have a general understanding of the hazards and risks associated with those operations.  



We don’t necessarily have to be up on all the specifics of everything going on in your organization, but you should know what your organization does. However, we should be aware of the general costs and risks associated with that kind of business.



What does Due Diligence Mean (c, d, e & f)?



                     (c)  to ensure that the person conducting the business or undertaking has available for use, and uses, appropriate resources and processes to eliminate or minimise risks to health and safety from work carried out as part of the conduct of the business or undertaking; and

Section 27



Now, thirdly, we are moving on. Basically, sub-paragraphs C, D, E, and F refer to appropriate resources and processes.  Officers have got to ensure that PCBUs have available and use appropriate resources and processes in order to control risks.  That says you’ve got to provide those resources and processes and there is supervision.



Maybe you put in a Safety Management System that ensures people actually do use the stuff they should, to keep themselves safe.  And that’s very relevant because often people don’t like wearing, for example, Personal Protective Equipment (PPE) because it’s uncomfortable or slows you down, so the temptation is to take it off.



What does Due Diligence Mean (d)?



                     (d)  to ensure that the person conducting the business or undertaking has appropriate processes for receiving and considering information regarding incidents, hazards and risks and responding in a timely way to that information; and

Section 27



Moving on to part D, we’re still on the appropriate processes. We must have appropriate processes for receiving and considering information on incidents, hazards, and risks.  Again, we’ve got to keep up to date. What's going on in our own plants and maybe similar plants in the industry? We need a process to respond in a timely way to that information.



If we discover that there is a new incident or hazard that you didn’t previously know about. We need to respond and react to that quickly enough to make a difference to the health and safety of workers.  That works together with sub-paragraph B, doesn’t it?  In parts A and B we need to keep up to date on the risks and what’s going on in the business. Also, in part A, we need to ensure that the PCBU has processes for compliance with any duty or obligation and follows them again to provide that stuff.



In the system safety world, often the designers will need to provide the raw material that becomes those processes. Or maybe if we’re selling a product, it comes with an instruction manual of all the processes needed.



What does Due Diligence Mean (e-f)?



                     (e)  to ensure that the person conducting the business or undertaking has, and implements, processes for complying with any duty or obligation of the person conducting the business or undertaking under this Act; and



                      (f)  to verify the provision and use of the resources and processes referred to in paragraphs (c) to (e).



Examples:  For the purposes of paragraph (e), the duties or obligations under this Act of a person conducting a business or undertaking may include:



(a)    reporting notifiable incidents;



(b)    consulting with workers;



(c)    ensuring compliance with notices issued under this Act;



(d)    ensuring the provision of training and instruction to workers about work health and safety;



(e)    ensuring that health and safety representatives receive their entitlements to training.

Section 27



Finally, the officers must verify the provision and use of these resources and processes (in Parts C, D, and E).  Thus, we’ve got a simple six-point program that comprises due diligence, but it’s quite demanding. There’s no shirking this stuff or pretending you didn’t know.  I suspect it’s designed to hang Company directors who neglect and harm their workers.



What Due Diligence is All About



Let’s face it, this is all good common-sense stuff. We should be doing this anyway.



These requirements are only the minimum required for all businesses and undertakings in Australia. In any kind of high-risk industry, we should have a Safety Management System that does all of this and more.



Conclusion



Well, we’ve looked at due diligence as it applies to safety in many different countries.  We’ve concentrated on the USA, the UK, and Australia. But Germany, France, Italy, Sweden, Japan, Canada got an honorable mention as well.



The combinations of due diligence with criminal law, civil law, and safety are very confusing in the USA. It is largely non-existent in the UK. 



Only Australia has spelled out in law what due diligence means for safety.  You may not work in Australia, but I suggest that the clarity and practicality of the WHS Act definition on ‘due diligence’ are useful for safety practitioners everywhere.  



What does Due Diligence mean for Safety Practices where You are?



Merriam-Webster online dictionary.



https://en.wikipedia.org/wiki/Occupational_Safety_and_Health_Administration



https://www.cpsc.gov/Regulations-Laws--Standards/Statutes



https://en.wikipedia.org/wiki/Product_liability#Strict_liability



https://en.wikipedia.org/wiki/Strict_liability



https://en.wikipedia.org/wiki/Due_diligence



https://www.hse.gov.uk/research/rrpdf/rr535.pdf

#conductaduediligence #doaduediligence #doduediligencemeaning #doourdiligence #doingyourduediligence #performaduediligence #vaccinationinaustralia #whatdoes'duediligence'mean #whatduediligencemeans #whatisduediligencemean #whatisthemeaningofduediligence

Simon Di Nucci https://www.safetyartisan.com/2021/12/29/due-diligence-and-safety/

Learn How to Perform System Safety Analysis

In this 'super post', we will Learn How to Perform System Safety Analysis. I will show you thirteen lessons that explain each of the ten analysis tasks, the analysis process, and how to combine those tasks into a program!



Follow the links to sample and buy lessons on individual tasks. You can get discount deals on a bundle of three tasks, or all twelve (+bonus)!



Introduction



Military Standard 882, or Mil-Std-882 for short, is one of the most widely used system-safety standards. As the name implies, this standard is used on US military systems, but it has found its way, sometimes in disguise, into many other programs around the world. It’s been around for a long time and is now in its fifth incarnation: 882E.



Unfortunately, 882 has also been widely misunderstood and misapplied. This is probably not the fault of the standard and is just another facet of its popularity. The truth is that any standard can be applied blindly – no standard is a substitute for competent decision-making.



In this series of posts, we will: provide awareness of this standard; explain how to use it; and discuss how to manage, tailor, and implement it. Links to each training session and to each section of the standard are provided in the following sections.



Mil-Std-882E Training Sessions



System Safety Process, full post here



Photo by Bonneval Sebastien on Unsplash



In this full-length (50 minutes) video, you will learn to:



- Know the system safety process according to Mil-Std-882E;



- List and order the eight elements;



- Understand how they are applied;



- Skilfully apply system safety using realistic processes; and



- Feel more confident dealing with multiple standards.



In System Safety Process, we look a the general requirements of Mil-Std-882E. We cover the Applicability of the 882E tasks; the General requirements; the Process with eight elements; and the application of process theory to the real world.



Design Your System Safety Analysis Program



Photo by Christina Morillo from Pexels



Learn how to Design a System Safety Program for any system in any application.



Learning Objectives. At the end of this course, you will be able to:



- Define what a risk analysis program is;



- List the hazard analysis tasks that make up a program;



- Select tasks to meet your needs; and



- Design a tailored risk analysis program for any application.



This lesson is also available as part of the twelve+one-lesson bundle (see the bottom of this post).



Analysis: 200-series Tasks



Preliminary Hazard Identification, Task 201



Identify Hazards.



In this video, we find out how to create a Preliminary Hazard List, the first step in safety assessment. We look at three classic complementary techniques to identify hazards and their pros and cons. This includes all the content from Task 201, and also practical insights from my 25 years of experience with Mil-Std-882.



You can buy the full video, plus lots of bonus material, here. There are 19 bite-size lessons, with two hours of video content.



Preliminary Hazard Analysis, Task 202



See More Clearly.



In this 45-minute session, The Safety Artisan looks at Preliminary Hazard Analysis, or PHA, which is Task 202 in Mil-Std-882E. We explore Task 202’s aim, description, scope, and contracting requirements. We also provide value-adding commentary and explain the issues with PHA – how to do it well and avoid the pitfalls.



System Requirements Hazard Analysis, Task 203



Law, Regulations, Codes of Practice, Guidance, Standards & Recognised Good Practice.



In this 45-minute session, The Safety Artisan looks at Safety Requirements Hazard Analysis, or SRHA, which is Task 203 in the Mil-Std-882E standard. We explore Task 203’s aim, description, scope, and contracting requirements. SRHA is an important and complex task, which needs to be done on several levels to be successful. This video explains the issues and discusses how to perform SRHA well.



Bundle Offer #1



Click here to buy these three essential tasks - and bonus material - together:



- Preliminary Hazard Identification (T201),



- Preliminary Hazard Analysis (T202), and



- Safety Requirements Hazard Analysis (T203).



Sub-system Hazard Analysis, Task 204



Breaking it down to the constituent parts.



In this video lesson, The Safety Artisan looks at Sub-System Hazard Analysis, or SSHA, which is Task 204 in Mil-Std-882E. We explore Task 204’s aim, description, scope, and contracting requirements. We also provide value-adding commentary and explain the issues with SSHA – how to do it well and avoid the pitfalls.



System Hazard Analysis, Task 205



Putting the pieces of the puzzle together.



In this 45-minute session, The Safety Artisan looks at System Hazard Analysis, or SHA, which is Task 205 in Mil-Std-882E. We explore Task 205’s aim, description, scope, and contracting requirements. We also provide value-adding commentary, which explains SHA – how to use it to complement Sub-System Hazard Analysis (SSHA, Task 204) to get the maximum benefits for your System Safety Program.



Operating and Support Hazard Analysis, Task 206



Operate it, maintain it, supply it, dispose of it.



In this full-length session, The Safety Artisan looks at Operating & Support Hazard Analysis, or O&SHA, which is Task 206 in Mil-Std-882E. We explore Task 205’s aim, description, scope, and contracting requirements. We also provide value-adding commentary, which explains O&SHA: how to use it with other tasks; how to apply it effectively on different products; and some of the pitfalls to avoid. We refer to other lessons for specific tools and techniques, such as Human Factors analysis methods.



Health Hazard Analysis, Task 207



Hazards to human health are many and various.



In this full-length (55-minute) session, The Safety Artisan looks at Health Hazard Analysis, or HHA, which is Task 207 in Mil-Std-882E. We explore the aim, description, and contracting requirements of this complex Task, which covers: physical, chemical & biological hazards; Hazardous Materials (HAZMAT); ergonomics, aka Human Factors; the Operational Environment; and non/ionizing radiation. We outline how to implement Task 207 in compliance with Australian WHS. 



Bundle Offer #2



Click here to buy these two tasks - and bonus material - together:



- Operating & Support Hazard Analysis (T206), and



- Health Hazard Analysis (T207).



Functional Hazard Analysis, Task 208



Components where systemic failure dominates random failure.



In this full-length (40-minute) session, The Safety Artisan looks at Functional Hazard Analysis, or FHA, which is Task 208 in Mil-Std-882E. FHA analyses software, complex electronic hardware, and human interactions. We explore the aim, description, and contracting requirements of this Task, and provide extensive commentary on it. 



Bundle Offer #3



Click here to buy these two tasks, and bonus material, together:



- Preliminary Hazard Identification (T201), and



- Functional Hazard Analysis (T209).



System-Of-Systems Hazard Analysis, Task 209



Existing systems are often combined to create a new capability.



In this full-length (38-minute) session, The Safety Artisan looks at Systems-of-Systems Hazard Analysis, or SoSHA, which is Task 209 in Mil-Std-882E. SoSHA analyses collections of systems, which are often put together to create a new capability, which is enabled by human brokering between the different systems. We explore the aim, description, and contracting requirements of this Task, and an extended example to illustrate SoSHA. (We refer to other lessons for special techniques for Human Factors analysis.)



Course Bundle Offer #4



Click here to buy these three essential tasks together:



- Sub-system Hazard Analysis (T204),



- System Hazard Analysis (T205), and



- System of System Hazard Analysis (T209).



Environmental Hazard Analysis, Task 210



Environmental requirements in the USA, UK, and Australia.



This is the full, one-hour session on Environmental Hazard Analysis (EHA), which is Task 210 in Mil-Std-882E. We explore the aim, task description, and contracting requirements of this Task, but this is only half the video. We then look at environmental requirements in the USA, UK, and Australia, before examining how to apply EHA in detail under the Australian/international regime. This uses my practical experience of applying EHA. 



The Package Deal



Click here for a bumper deal on all twelve+one lessons:



- System Safety Process;



- Design your System Safety Program; and



- All ten System Safety Analysis tasks.

#Milstd882Technique #Milstd882Training #Milstd882tutorial #Milstd882Video #Milstd882eTechnique #Milstd882eTraining #Milstd882etutorial #Milstd882eVideo #SafetystandardTechnique #SafetystandardTraining #Safetystandardtutorial #SafetystandardVideo #SubsystemhazardanalysisTechnique #SubsystemhazardanalysisTraining #Subsystemhazardanalysistutorial #SubsystemhazardanalysisVideo #SystemsafetyengineeringTechnique #systemsafetyengineeringtraining #Systemsafetyengineeringtutorial #SystemsafetyengineeringVideo

Simon Di Nucci https://www.safetyartisan.com/2021/10/20/learn-how-to-perform-system-safety-analysis/