Reflections on a Career in Safety, Part 1

This is Part 1 of my 'Reflections on a Career in Safety', from "Safety for Systems Engineering and Industry Practice", a lecture that I gave to the University of Adelaide in May 2021. My thanks to Dr. Kim Harvey for inviting me to do this and setting it up.



The Lecture, Part 1



Hi, everyone, my name Simon Di Nucci and I'm an engineer, I actually – it sounds cheesy - but I got into safety by accident. We'll talk about that later. I was asked to talk a little bit about career stuff, some reflections on quite a long career in safety, engineering, and other things, and then some stuff that hopefully you will find interesting and useful about safety work in industry and working for government.



Context: my Career Summary



I've got three areas to talk about, operations and support, projects and product development, and consulting.



I have been on some very big projects, Eurofighter, Future Submarine Programme, and some others that have been huge multi-billion-dollar programs, but also some quite small ones as well. They're just as interesting, sometimes more so. In the last few years, I've been working in consultancy. I have some reflections on those topics and some brief reflections on a career in safety.



Starting Out in the Air Force



So a little bit about my career to give you some context. I did 20 years in the Royal Air Force in the U.K., as you can tell from my accent, I'm not from around here. I started off fresh out of university, with a first degree in aerospace systems engineering. And then after my Air Force training, my first job was as an engineering manager on ground support equipment: in General Engineering Flight, it was called.



We had people looking after the electrical and hydraulic power rigs that the aircraft needed to be maintained on the ground. And we had painters and finishers and a couple of carpenters and a fabric worker and some metal workers and welders, that kind of stuff. So I went from a university where we were learning about all this high-tech stuff about what was yet to come in the aerospace industry. It was a bit of the opposite end to go to, a lot of heavy mechanical engineering that was quite simple.



And then after that, we had a bit of excitement because six weeks after I started, in my very first job, the Iraqis invaded Kuwait.  I didn't go off to war, thank goodness, but some of my people did. We all got ready for that: a bit of excitement.



Photo by Jacek Dylag on Unsplash



After that, I did a couple of years on a squadron, on the front line. We were maintaining and fixing the aeroplanes and looking after operations. And then from there, I went for a complete change. Actually, I did three years on a software maintenance team and that was a very different job, which I'll talk about later. I had the choice of two unpleasant postings that I really did not want, or I could go to the software maintenance team.



Into Software by accident as well!



I discovered a burning passion to do software to avoid going to these other places. And that's how I ended up there. I had three, fantastic years there and really enjoyed that. Then, I was thinking of going somewhere down south to be in the UK, to be near family, but we went further north. That's the way things happen in the military.



I got taken on as the rather grandly titled Systems and Software Specialist Officer on the Typhoon Field Team. The Eurofighter Typhoon wasn't in service at that point. (That didn't come in until 2003 when I was in my last Air Force job, actually.)  We had a big team of handpicked people who were there to try and make sure that the aircraft was supportable when it came into service.



One of the big things about the new aircraft was it had tons of software on board.  There were five million lines of code on board, which was a lot at the time, and a vast amount of data. It was a data hog; it ate vast amounts of data and it produced vast amounts of data and that all needed to be managed. It was on a scale beyond anything we'd seen before. So it was a big shock to the Air Force.



More Full-time Study



Photo by Mike from Pexels



Then after that, I was very fortunate.  (This is a picture of York, with the minister in the background.) I spent a year full-time doing the safety-critical systems engineering course at York, which was excellent.  It was a privilege to be able to have a year to do that full-time. I've watched a lot of people study part-time when they've got a job and a family, and it's really tough. So I was very, very pleased that I got to do that.



After that, I went to do another software job where this time we were in a small team and we were trying to drive software supportability into new projects coming into service, all kinds of stuff, mainly aircraft, but also other things as well.  That was almost like an internal consultancy job. The only difference was we were free, which you would think would make it easier to sell our services. But the opposite is the case.



Finally, in my last Air Force job, I was part of the engineering authority looking after the Typhoon aircraft as it came into service, which is always a fun time. We just got the plane into service. And then one of the boxes that I was responsible for malfunctioned. So the undercarriage refused to come down on the plane, which is not what you want. We did it did get down safely in the end, but then the whole fleet was grounded and we had to fix the problem. So some more excitement there. Not always of the kind that you want, but there we go. So that took me up to 2006.



At that point, I transitioned out of the Air Force and I became a consultant



So, I always regarded consultants with a bit of suspicion up until then, and now I am one. I started off with a firm called QinetiQ, which is also over here. And I was doing safety mainly with the aviation team. But again, we did all sorts, vehicles, ships, network logistics stuff, all kinds of things. And then in 2012, I joined Frazer-Nash in order to come to Australia.



So we appeared in Australia in November 2012. And we've been here in Adelaide all almost all that time. And you can't get rid of us now because we're citizens. So you're stuck with us. But it's been lovely. We love Adelaide and really enjoy, again, the varied work here.



Adelaide CBD, photo by Simon Di Nucci



Part 2 will follow next week!



New to System Safety? Then start here. There's more about The Safety Artisan here. Subscribe for free regular emails here.

#Careerinsafety #ishealthandsafetyagoodcareer #ishseagoodcareer #issafetyagoodcareer #issafetymanagementagoodcareer #Lecture #Part1 #reflections #safetycareer #safetyguideforcareerandtechnicaleducation #SystemsEngineering

Simon Di Nucci https://www.safetyartisan.com/2021/06/30/reflections-on-a-career-in-safety-part-1/

Intro to Work Health and Safety

This Intro to Work Health and Safety (WHS) video looks at Australian legislation that is relevant to System Safety.



When I moved from the UK to Australia in 2012, I had to learn a new legal framework as a safety engineer. I was delighted to find that Australia had taken the principles of UK health and safety law, and crafted a simple, elegant, and readable set of legislation.



In Australia, WHS law applies not just to the workplace, but to designers, manufacturers, importers, and suppliers of plant, substances, and structures. In other words, it covers design and product safety as well.



This short video, and the full-length version, should be helpful to system, functional, and design safety practitioners.  It looks at the three classes of 'upstream' safety duties of designers, that also apply to manufacturers, importers, suppliers those who install/commission plant substances and structures. 



Intro to Work Health and Safety: so What?



Many people think the WHS Act only applies to the management of safety in the workplace. They’re wrong – it does much more than that. In this short presentation, I am going to show you why the WHS Act is relevant to those with 'upstream' safety responsibilities such as designers.



Intro to Work Health and Safety: Topics



- The primary duty of care;



- Safety duties of designers (Section 21); and



- Similar duties apply to others, such as:



- Manufacturers (Section 23);



- Importers (Section 24);



- Suppliers (Section 25);



- Those installing, constructing or commissioning (Section 26);



- Officers (Section 27); and



- Workers (Section 28).



Intro to Work Health and Safety: Transcript



Click Here for the Transcript

Hi everyone and welcome to the Safety Artisan where you will find Professional, pragmatic And impartial Instruction on safety. Which we hope you enjoy. So today we’re talking about the Work Health and Safety (WHS) Act in Australia. Which is surprisingly relevant to what we do in Fact. Let’s see how surprising and relevant it is.Were going to look at the WHS Act. And its relevance to what we’re talking about here on the Safety Artisan. And it’s important to answer that question first, The “So what” test. Many people think that the WHS Act is only applicable To safety In the workplace. So they see it as purely an occupational health and safety Piece of legislation.



And it isn’t!



It does do that, but it does so much more as well.And in this short presentation, I’m going to show you why The WHS act is relevant. To system safety, functional safety, design safety, Whatever we want to call it.



Now I’m actually looking up some information On the work Health and Safety Act, from The Federal Register of Legislation. And, (In blue letters.) And if we go down to the bottom left-hand side of the screen. We will seeA little map of Australia with a big red tick on it. And in green, it says ‘in force latest version’. So I looked at the Website Today, the 6th of October. And this is the latest version. Which is just to make sure that We’ve got the right version. In Australia the Jurisdiction of which version of the act is in place Is complex. I’m not going to talk about that in the short session but I will in the full video version.



The Primary Duty of Care under the WHS Act



The Primary Duty of Care under the WHS Act is as follows. So a person Conducting a business or undertaking and – a Person Conducting a Business or Undertaking is usually abbreviated to PCBU. A horrible, horrible, clunky term! What it’s trying to say is whether you’re doing business or it is non-profit. Whether you work for the government. Or even if you’re self-employed. Whoever you are and whatever you do. If it’s to do with work, being paid for work. Then this applies to you.



Those people doing this stuff Are responsible For ensuring the health andsafety Of workers, who are engaged or paid by the person, by the PCBU. Workers whose activities are influenced or directed by the PCBU while they’re at work. And also the PCBU must ensure the health and safety of Other people. So in the vicinity of the workplace let’s say, or Maybe visitors.



As always the caveat on this ‘ensuring’ Health and Safety is ‘So Far As is reasonably Practicable’. Again we’re not going to be talking about So far as is reasonably practicable in this session, we’ll talk about it in the longer session; and, in fact, I think I’m probably going to do a session Just on the how to do So far as is Reasonably Practicable Because A lot of people Get it wrong. It’s quite a different concept. If you’re not used to it.



Designer Duties under the WHS Act



Moving on. We’ve jumped from Section 19 to Section 22. And we’re now talking about the duties of designers. Well, this doesn’t sound like occupational health and safety does it? So we look at the designer duties of PCBUs who design Plant, Substances, Or structures. So we’re talking industrial plant we’re not talking about commercial goods. There are otherActs that apply to stuff that you would buy in a shop. So this is industrial plant, Chemical substances and the like. And structures and those might be buildings. Or they might be ships, floating platforms, whatever they might be. Aircraft. Cars.



The First WHS Duty of a Designer



So here we have The First Duty of a designer. And there are three groups of duties. First of all, The designer Has to ensure The health and safety of People in the workplace. If they’re designing plant. If they’re designing or creating. A substance, or A structure. That is to be used, Or might reasonably be expected to be used At a workplace. This duty applies to them. So they’ve got to do whatever it takes. To ensure Health and Safety So far as is reasonably practicable.



Now, carrying on from that. We get a bit more detail. So the designer has got to ensure, so far as is reasonably practicable, that plant, substance or structure Is designed To be without risks. The risks are To the health and safety of persons, who Are At a workplace. Who might, Use it For the purpose for which it was designed, Who might Handle the substance. Who might store the plant or substance? And who might construct a structure? Or, and here’s the catch-all, who might carry out any reasonably foreseeable activity At a workplace In relation to this plant, substance, or structure.



And then if we go on to Part (e)(i) And we now get a long list of stuff. Any reasonably foreseeable activity Includes manufacture, assembly, Use, Proper storage, decommissioning, dismantling, disposal, Etc. We run out of space there. But the bottom line is that the scope of this act is cradle to grave. So from the very first time that we Design A plant, substance or structure. Right through to final disposal of said, Plant Substance and structure. The Designer has safety responsibilities. Thinking about the whole lifecycle of This stuff.



The Second WHS Duty of a Designer



Now we move on to the other Two duties that a designer has. So in subsection 3. The designer has a duty to carry out testing. That’s what it says in the guide. Actually, if you look at the words in the act it says the designer must carry out or arrange for Calculations, analysis, testing, Or examination. Whatever is necessary for the performance of the duty that We just described In Subsection 2. You recall Subsection 2, cradle to grave, from creation to final disposal. Calculations, analysis, testing or examination Might be needed. The designer has got to Carry that out Or arrange it. In order to ensure safety SFARP.



The Third WHS Duty of a Designer



And then, our Final Duty Is having done all of that work. Having designed this stuff to be safe and done all the Calculations and testing. The designer must give Adequate information to each person provided with the design. And the purpose of doing so, We’re not just providing information for the sake of it, or because we felt like it. It’s provided for a specific purpose. So each Purpose, Which the plant, substance or structure was designed. So we need all the information associated With its design purpose.We’ve got to provide the results of those calculations, analysis, testing andexamination.



And, Probably this is also equally Crucial from a hazard analysis point of view, Any conditions necessary to ensure that the plant, substance or structure Is without risk to health and safety. When it is used for the purpose for which it was designed, Or, (All the other stuff If we go back toSection 2.)



So Section 4, Does actually say this applies to Section 2(a-e). But we ran out of space on the page, so the designers got to provide all the information necessary. for people to use this stuff and for the life cycle of whatever it is from cradle to grave. Now, If we look at Section 4(a-c), We can say that’s the kind of information we generate from Hazard Analysis from safety analysis. So, yeah, Absolutely We need system safety In order to meet these duties, to satisfy these duties.



A Consistent set of Duties Across the Supply Chain



And these duties are not just on designers, because the WHS Act Is actually Very, very clever. Because it applies Much the same duties, those three duties that we heard of. The duty to ensure health and safety. The duty to test and analyze. And the duty to provide information. If we look at Sections 22, Through 26, We find that very similar duties applyTo designers.To manufacturers.To importers.To suppliers.And to those installing, constructing, Or commissioning. Substances andStructures.And the duties in these sections are all consistent. Basically, it recognizes that there is a supply chain. From design right through to installation and commissioning. And Everybody in that chain Has duties To do their part correctly, or to test what they have to. Pass on information, To the next set of stakeholders.



And then, In addition to that, If we looked in Section 27 we would see the Officers Of the PCBU, so Company directors and the like, People with, major influence, Who are able to direct operations and that kind of thing. So senior management and directors of companies and the equivalent in the public sector Have special requirements applying to them. Again, We’re going to talk about that in the Main Video, Not in this one. And then workers have Duties to Comply with reasonable instructions, That are intended to keep safe And other workers . So that if we go to Section 28 you get the kind of thing that you would expect to see in work-place safety.



Copyright and Attribution



So that’s it In the short video. Just to mention that I have Shown you information From the Federal Register of Legislation. I’m entitled to do that under the Creative Commons license. And I’m making the required attribution statement. You can see it in the middle of the Screen. And for the full information on these terms on copyright and attribution, Please go to that page On my website. And you will find full details of the terms and conditions, under which this video was created. And if you want to see the full version of the introduction to the WHS Act, which is going to cover a lot more ground than this then please go to the Safety Artisan page On www.Patreon.com.



That’s the Presentation. And it just remains for me to say, Thanks very much for listening. I look forward to meeting you again. Cheers now.



The Full Version is Here…



If you want more, if you want a wider and deeper view of the WHS Act, then there’s a longer version of this video. Which you can get at my Patreon page.



I hope you enjoy it. Well that’s it for the short video, for now. Please go and have a look at the longer video to get the full picture. OK, everyone, it’s been a pleasure talking to you and I hope you found that useful. I’ll see you again soon. Goodbye.



The full-length ‘Guide to WHS’ video is here.

#atworkhealthandsafety #guidetowhsact #howdoeswhswork #howtoworkinhealthandsafety #projectworkhealthandsafetyrequirements #whatarewhsstandards #whatisthemeaningofworkhealthandsafety #whatiswhsandwhyisitimportant #whatmustemployeesdoforhealthandsafety #whatwhsmeans #whatwhsstandfor #WHS #whs2011regulations #whsdutyofcare #whshazardsandrisks #whyarewhspoliciesimportant #WorkHealthandSafety #workhealthandsafety2012 #workhealthandsafetybill #workhealthandsafetybill2011 #workhealthandsafetyemployerresponsibilities #workhealthandsafetyguidelines #workhealthandsafetyobjectives #workhealthandsafetypurpose #workhealthandsafetyquestions #workhealthandsafetystrategy

Simon Di Nucci https://www.safetyartisan.com/2023/02/01/introduction-to-australian-work-health-safety/

Functional Safety

The following is a short, but excellent, introduction to the topic of 'Functional Safety' by the United Kingdom Health and Safety Executive (UK HSE). It is equally applicable outside the UK, and the British Standards ('BS EN') are versions of international ISO/IEC standards - e.g. the Australian version ('AS/NZS') is often identical to the British standard.



My comments and explanations are shown .



"Functional safety is the part of the overall safety of plant and equipment that depends on the correct functioning of safety-related systems and other risk reduction measures such as safety instrumented systems (SIS), alarm systems and basic process control systems (BPCS).



SIS



SIS are instrumented systems that provide a significant level of risk reduction against accident hazards.  They typically consist of sensors and logic functions that detect a dangerous condition and final elements, such as valves, that are manipulated to achieve a safe state.



The general benchmark of good practice is BS EN 61508, Functional safety of electrical/electronic/programmable electronic safety related systems. BS EN 61508 has been used as the basis for application-specific standards such as:



- BS EN 61511: process industry



- BS EN 62061: machinery



- BS EN 61513: nuclear power plants



BS EN 61511, Functional safety - Safety instrumented systems for the process industry sector, is the benchmark standard for the management of functional safety in the process industries. It defines the safety lifecycle and describes how functional safety should be managed throughout that lifecycle. It sets out many engineering and management requirements, however, the key principles of the safety lifecycle are to:



- use hazard and risk assessment to identify requirements for risk reduction



- allocate risk reduction to SIS or to other risk reduction measures (including instrumented systems providing safety functions of low / undefined safety integrity)



- specify the required function, integrity and other requirements of the SIS



- design and implement the SIS to satisfy the safety requirements specification



- install, commission and validate the SIS



- operate, maintain and periodically proof-test the SIS



- manage modifications to the SIS



- decommission the SIS



BS EN 61511 also defines requirements for management processes (plan, assess, verify, monitor and audit) and for the competence of people and organisations engaged in functional safety.  An important management process is Functional Safety Assessment (FSA) which is used to make a judgement as to the functional safety and safety integrity achieved by the safety instrumented system.



Alarm Systems



Alarm systems are instrumented systems designed to notify an operator that a process is moving out of its normal operating envelope to allow them to take corrective action.  Where these systems reduce the risk of accidents, they need to be designed to good practice requirements considering both the E,C&I design and human factors issues to ensure they provide the necessary risk reduction.



In certain limited cases, alarm systems may provide significant accident risk reduction, where they also might be considered as a SIS. The general benchmark of good practice for management of alarm systems is BS EN 62682.



BPCS



BPCS are instrumented systems that provide the normal, everyday control of the process.  They typically consist of field instrumentation such as sensors and control elements like valves which are connected to a control system, interfaced, and could be operated by a plant operator.  A control system may consist of simple electronic devices like relays or complicated programmable systems like DCS (Distributed Control System) or PLCs (Programmable Logic Controllers).



BPCS are normally designed for flexible and complex operation and to maximize production rather than to prevent accidents.  However, it is often their failure that can lead to accidents, and therefore they should be designed to good practice requirements. The general benchmark of good practice for instrumentation in process control systems is BS 6739."



Copyright



The above text is reproduced under Creative Commons Licence from the UK HSE's webpage. The Safety Artisan complies with such licensing conditions in full.



Back to Home Page

#basicprocesscontrolsystem #coursesafetyengineering #engineersafety #functionalsafety #functionalsafetystandard #ineedsafety #knowledgeofsafety #learnfunctionalsafety #learnsafety #needforsafety #safetyblog #safetydo #safetyengineer #safetyengineerskills #safetyengineertraining #safetyengineeringcourse #safetyinstrumentedsystem #safetyprinciples #softwaresafety #theneedforsafety #whatisfunctionalsafety

Simon Di Nucci https://www.safetyartisan.com/2021/06/26/functional-safety/

How to Understand Safety Standards

Learn How to Understand Safety Standards with this FREE session from The Safety Artisan.



In this module, Understanding Your Standard, we’re going to ask the question: Am I Doing the Right Thing, and am I Doing it Right? Standards are commonly used for many reasons. We need to understand our chosen system safety engineering standard, in order to know: the concepts, upon which it is based; what it was designed to do, why and for whom; which kinds of risk it addresses; what kinds of evidence it produces; and it’s advantages and disadvantages.



Understand Safety Standards : You'll Learn to



- List the hazard analysis tasks that make up a program; and



- Describe the key attributes of Mil-Std-882E. 



https://youtu.be/JTcBax2nNvE

Understanding Your Standard



Topics:  Understand Safety Standards



Aim: Am I Doing the Right Thing, and am I Doing it Right?



- Standards: What and Why?



- System Safety Engineering pedigree;



- Advantages – systematic, comprehensive, etc:



- Disadvantages – cost/schedule, complexity & quantity not quality.



Transcript: Understand Safety Standards



Click here for the Transcript on Understanding Safety Standards

In Module Three, we're going to understand our Standard. The standard is the thing that we're going to use to achieve things - the tool. And that's important because tools designed to do certain things usually perform well. But they don’t always perform well on other things. So we're going to ask ‘Are we doing the right thing?’ And ‘Are we doing it right?’



What and Why?



So, what are we going to do, and why are we doing it? First of all, the use of standards in safety is very common for lots of reasons. It helps us to have confidence that what we're doing is good enough. We've met a standard of performance in the absolute sense. It helps us to say, ‘We've achieved standardization or commonality in what we're doing’. And we can also use it to help us achieve a compromise. That can be a compromise across different stakeholders or across different organizations. And standardization gives us some of the other benefits as well. If we're all doing the same thing rather than we're all doing different things, it makes it easier to train staff. This is one example of how a standard helps.



However, we need to understand this tool that we're going to use. What it does, what it's designed to do, and what it is not designed to do. That's important for any standard or any tool. In safety, it's particularly important because safety is in many respects intangible. This is because we're always looking to prevent a future problem from occurring. In the present, it's a little bit abstract. It's a bit intangible. So, we need to make sure that in concept what we're doing makes sense and is coherent. That it works together. If we look at those five bullet points there, we need to understand the concept of each standard. We need to understand the basis of each one.



And they’re not all based on the same concept. Thus some of them are contradictory or incompatible. We need to understand the design of the standard. What the standard does, what the aim of the standard is, why it came into existence. And who brought it into existence. To do what for who - who's the ultimate customer here?



And for risk analysis standards, we need to understand what kind of risks it addresses. Because the way you treat a financial risk might be very different from a safety risk. In the world of finance, you might have a portfolio of products, like loans. These products might have some risks associated with them. One or two loans might go bad and you might lose money on those. But as long as the whole portfolio is making money that might be acceptable to you. You might say, ‘I'm not worried about that 10% of my loans have gone south and all gone wrong. I'm still making plenty of profit out of the other 90%’. It doesn't work that way with safety. You can't say ‘It's OK that I've killed a few people over here because all this a lot over here are still alive!’. It doesn't work like that!



Also, what kind of evidence does the standard produce? Because in safety, we are very often working in a legal framework that requires us to do certain things. It requires us to achieve a certain level of safety and prove that we have done so. So, we need certain kinds of evidence. In different jurisdictions and different industries, some evidence is acceptable. Some are not. You need to know which is for your area.



And then finally, let's think about the pros and cons of the standard, what does it do well? And what does it do not so well?



System Safety Pedigree



We're going to look at a standard called Military Standard 882E. Many decades ago, this standard developed was created by the US government and military to help them bring into service complex-cutting edge military equipment. Equipment that was always on the cutting edge. That pushed the limits of what you could achieve in performance.



That’s a lot of complexity. Lots of critical weapon systems, and so forth. And they needed something that could cope with all that complexity. It's a system safety engineering standard. It's used by engineers, but also by many other specialists. As I said, it's got a background from military systems. These days you find these principles used pretty much everywhere. So, all the approaches to System Safety that 882 introduced are in other standards. They are also in other countries.



It addresses risks to people, equipment, and the environment, as we heard earlier. And because it's an American standard, it's about system safety. It's very much about identifying requirements. What do we need to happen to get safety? To do that, it produces lots of requirements. It performs analyses in all those requirements and generates further requirements. And it produces requirements for test evidence. We then need to fulfill these requirements. It's got several important advantages and disadvantages. We're going to discuss these in the next few slides.



Comprehensive Analysis



Before we get to that, we need to look at the key feature of this standard. The strengths and weaknesses of this standard come from its comprehensive analysis. And the chart (see the slide) is meant to show how we are looking at the system from lots of different perspectives. (It’s not meant to be some arcane religious symbol!) So, we're looking at a system from 10 different perspectives, in 10 different ways.



Going around clockwise, we've got these ten different hazard analysis tasks. First of all, we start off with preliminary hazard identification. Then preliminary hazard analysis. We do some system requirements hazard analysis. So, we identify the safety requirements that the system is going to meet so that we are safe. We look at subsystem and system hazard analysis. At operating and support hazard analysis - people working with the system. Number seven, we look at health hazard analysis - Can the system cause health problems for people? Functional hazard analysis, which is all about what it does. We're thinking of sort of source software and data-driven functionality. Maybe there's no physical system, but it does stuff. It delivers benefits or risks. System of systems hazard analysis – we could have lots of different and/or complex systems interacting. And then finally, the tenth one - environmental hazard analysis.



If we use all these perspectives to examine the system, we get a comprehensive analysis of the system. From this analysis, we should be confident that we have identified everything we need to. All the hazards and all the safety requirements that we need to identify. Then we can confidently deliver an appropriate safe system. We can do this even if the system is extremely complex. The standard is designed to deal with big, complex cutting-edge systems.



Advantages #1



In fact, as we move on to advantages, that's the number one advantage of this standard. If we use it and we use all 10 of those tasks, we can cope with the largest and the most demanding programs. I spent much of my career working on the Eurofighter Typhoon. It was a multi-billion-dollar program. It cost hundreds of billions of dollars, four different nations worked together on it. We used a derivative of Mil. Standard 882 to look at safety and analyze it. And it coped. It was powerful enough to deal with that gigantic program. I spent 13 years of my life on and off on that program so I'd like to think that I know my stuff when we're talking about this.



As we've already said, it's a systematic approach to safety. Systems, safety, engineering. And we can start very early. We can start with early requirements - discovery. We don't even need a design - we know that we have a need. So we can think about those needs and analyze them.



And it can cover us right through until final disposal. And it covers all kinds of elements that you might find in a system. Remember our definition of ‘system’? It’s something that consists of hardware, software, data, human beings, etc. The standard can cope with all the elements of a system. In fact, it’s designed into the standard. It was specifically designed to look at all those different elements. Then to get different insights from those elements. It’s designed to get that comprehensive coverage. It’s really good at what it does. And it involves, not just engineers, but people from all kinds of other disciplines. Including operators, maintainers, etc, etc.



I came from a maintenance background. I was either directly or indirectly supporting operators. I was responsible for trying to help them get the best out of their system. Again, that's a very familiar world to me. And rigorous standards like this can help us to think rigorously about what we're doing. And so get results even in the presence of great complexity, which is not always a given, I must say.



So, we can be confident by applying the standard. We know that we're going to get a comprehensive and thorough analysis. This assures us that what we're doing is good.



Advantages #2



So, there's another set of advantages. I've already mentioned that we get assurance. Assurance is ‘justified confidence’. So we can have high confidence that all reasonably foreseeable hazards will be identified and analyzed. And if you're in a legal jurisdiction where you are required to hit a target, this is going to help you hit that target.



The standard was also designed for use in contracts. It’s designed to be applied to big programs. We’d define that as where we are doing the development of complex high-performance systems. So, there are a lot of risks. It's designed to cope with those risks.



Finally, the standard also includes requirements for contracting, for interfaces with other systems, for interfaces with systems engineering. This is very important for a variety of disciplines. It’s important for other engineering and technical disciplines. It’s important for non-technical disciplines and for analysis and recordkeeping. Again, all these things are important, whether it is for legal reasons or not. We need to do recordkeeping. We need to liaise with other people and consult with them. There are legal requirements for that in many countries. This standard is going to help us do all those things.



But, of course, in a standard everything has pros and cons and Mil. Standard 882 is no exception. So, let's look at some of the disadvantages.



Disadvantages #1



First of all, a full system safety program might be overkill for the system that you want to use, or that you want to analyze.  The Cold War, thank goodness, is over; generally speaking, we're not in the business of developing cutting-edge high-performance killing machines that cost billions and billions of dollars and are very, very risky. These days, we tend to reduce program risk and cost by using off-the-shelf stuff and modifying it. Whether that be for military systems, infrastructure in the chemical industry, transportation, whatever it might be. Very much these days we have a family of products and we reuse them in different ways. We mix and match to get the results that we want.



And of course, all this comprehensive analysis is not cheap and it's not quick. It may be that you've got a program that is schedule-constrained. Or you want to constrain the cost and you cannot afford the time and money to throw a full 882 program at it. So, that's a disadvantage.



The second family of problems is that these kinds of safety standards have often been applied prescriptively. The customer would often say, ‘Go away and go and do this. I'm going to tell you what to do based on what I think reduces my risk’. Or at least it covers their backside. So, contractors got used to being told to do certain things by purchasers and customers. The customers didn't understand the standards that they were applying and insisting upon. So, the customers did not understand how to tailor a safety standard to get the result that they wanted. So they asked for dumb things or things that didn't add value. And the contractors got used to working in that kind of environment. They got used to being told what to do and doing it because they wouldn't get paid if they didn't. So, you can't really blame them.



But that's not great, OK? That can result in poor behaviors. You can waste a lot of time and money doing stuff that doesn't actually add value. And everybody recognizes that it doesn't add value. So you end up bringing the whole safety program into disrepute and people treat it cynically. They treat it as a box-ticking exercise. They don't apply creativity and imagination to it. Much less determination and persistence. And that's what you need for a good effective system safety program. You need creativity. You need imagination. You need people to be persistent and dedicated to doing a good job. You need that rigor so that you can have the confidence that you're doing a good job because it's intangible.



Disadvantages #2



Let's move onto the second kind of family of disadvantages. And this is the one that I've seen the most, actually, in the real world. If you do all 10 tasks and even if you don't do all 10, you can create too many hazards. If you recall the graphic from earlier, we have 10 tasks. Each task looks at the system from a different angle. What you can get is lots and lots of duplication in hazard identification. You can have essentially the same hazards identified over and over again in each task. And there's a problem with that, in two ways.



First of all, quality suffers. We end up with a fragmented picture of hazards. We end up with lots and lots of hazards in the hazard log, but not only that. We get fragments of hazards rather than the real thing. Remember I said those tests for what a hazard really is? Very often you can get causes masquerading as hazards. Or other things that that exacerbating factors that make things worse. They're not a hazard in their own right, but they get recorded as hazards. And that problem results in people being unable to see the big picture of risk. So that undermines what we're trying to do. And as I say, we get lots of things misidentified and thrown into the pot. This also distracts people. You end up putting effort into managing things that don't make a difference to safety. They don't need to be managed. Those are the quality problems.



And then there are quantity problems. And from personal experience, having too many hazards is a problem in itself.  I've worked on large programs where we were managing 250 hazards or thereabouts. That is challenging even with a sizable, dedicated team. That is a lot of work in trying to manage that number of hazards effectively. And there's always the danger that it will slide into becoming a box-ticking exercise. Superficial at best.



I've also seen projects that have two and a half thousand hazards or even 4000 hazards in the hazard log. Now, once you get up to that level, that is completely unmanageable. People who have thousands of hazards in a hazard log and they think they're managing safety are kidding themselves. They don't understand what safety is if they think that's going to work. So, you end up with all these items in your hazard log, which become a massive administrative burden. So people end up taking shortcuts and the real hazards are lost. The real issues that you want to focus on are lost in the sea of detail that nobody will ever understand. You won’t be able to control them.



Unfortunately, Mil. Standard 882 is good at generating these grotesque numbers of hazards. If you don't know how to use the standard and don't actively manage this issue, it gets to this stage. It can go and does go, badly wrong. This is particularly true on very big programs. And you really need clarity on big projects.



Summary of Module



Let's summarize what we've done with this module. The aim was to help us understand whether we're doing the right thing and whether we've done it right. And standards are terrific for helping us to do that. They help us to ensure we're doing the right thing. That we're looking at the right things. And they help us to ensure that we're doing it rigorously and repeatedly. All the good quality things that we want. And Mil. Standard 882E that we're looking at is a system safety engineering standard. So it's designed to deal with complexity and high-performance and high-risk. And it's got a great pedigree. It's been around for a long time.



Now that gives advantages. So, we have a system safety program with this standard that helps us to deal with complexity. That can cope with big programs, with lots of risks. That's great.



The disadvantages of this standard are that if we don't know how to tailor or manage it properly, it can cost a lot of money. It can take a lot of time to give results which can cause problems for the program. And ultimately, you can accidentally ignore safety if you don't deliver on time. And it can generate complexity. And it can generate a quantity of data that is so great that it actually undermines the quality of the data. It undermines what we're trying to achieve. In that, we get a fragmented picture in which we can't see the true risks. And so we can’t manage them effectively. If we get it wrong with this standard, we can get it really wrong. And that brings us to the end of this module.



This is Module 3 of SSRAP



This is Module 3 from the System Safety Risk Assessment Program (SSRAP) Course. Risk Analysis Programs – Design a System Safety Program for any system in any application. You can access the full course here.



You can find more introductory lessons at Start Here.

#coursesafetyengineering #engineersafety #ineedsafety #knowledgeofsafety #learnsafety #MilStd882E #needforsafety #riskassessment #safetyblog #safetydo #safetyengineer #safetyengineerskills #safetyengineertraining #safetyengineeringcourse #safetyprinciples #safetystandard #softwaresafety #systemsafety #theneedforsafety #understandsafetystandards #whatarethesafetystandards

Simon Di Nucci https://www.safetyartisan.com/2021/04/16/ssrap-3-understanding-your-standard/

The 2022 Digest

This is The 2022 Digest - all the posts from The Safety Artisan last year. There have been 31 posts in all covering subjects such as:



- Risk and Safety basics;



- Tools and Techniques;



- A short series on Safety Management (to be continued);



- Design Safety;



- SFARP and Australian WHS;



- Hazard Logs (also to be continued);



- Launching my Thinkific page;



- Cyber security;



- A series on Software Safety and Standards; and



- Updates of posts on System Safety Analyses.



Here we go...



The 2022 Digest: Quarter Four



- System Requirements Hazard Analysis December 20, 2022



In this 45-minute session, I’m looking at System Requirements Hazard Analysis, or SRHA, which is Task 203 in the Mil-Std-882E standard. I will explore Task 203’s aim, description, scope, and contracting requirements.  SRHA is an important and complex task, which needs to be done on several levels to be successful.  This video explains the issues … Read more



- How to do Preliminary Hazard Analysis December 13, 2022



In this 45-minute session, The Safety Artisan looks at how to do Preliminary Hazard Analysis, or PHA, which is Task 202 in Mil-Std-882E. We explore Task 202’s aim, description, scope, and contracting requirements. We also provide value-adding commentary and explain the issues with PHA – how to do it well and avoid the pitfalls. Topics: … Read more



- Functional Hazard Analysis December 6, 2022



In this full-length (40-minute) session, The Safety Artisan looks at Functional Hazard Analysis, or FHA, which is Task 208 in Mil-Std-882E. FHA analyses software, complex electronic hardware, and human interactions. We explore the aim, description, and contracting requirements of this Task, and provide extensive commentary on it. (We refer to other lessons for special techniques … Read more



- Safety Engineering Jobs in Australia November 29, 2022



Are you looking for Safety Engineering Jobs in Australia?  Thinking of moving into the profession and wondering if it’s worth it?  Already a safety engineer and thinking of moving to Australia (Poms, take note)?  Then this article is for you! Introduction The most popular online job site in Australia is seek.com.au. If we go on … Read more



- SW Safety Principles Conclusions and References November 22, 2022



SW Safety Principles Conclusions and References is the sixth and final blog post on Principles of Software Safety Assurance. In them, we look at the 4+1 principles that underlie all software safety standards. We outline common software safety assurance principles that are evident in software safety standards and best practices. You can think of these guidelines … Read more



- Software Safety Assurance and Standards November 15, 2022



This post, Software Safety Assurance and Standards, is the fifth in a series of six blog posts on Principles of Software Safety Assurance. In it, we look at the 4+1 principles that underlie all software safety standards. We outline common software safety assurance principles that are evident in software safety standards and best practices. You can … Read more



- Software Safety Assurance November 8, 2022



Software Safety Assurance is the fourth in a new series of six blog posts on Principles of Software Safety Assurance. In them, we look at the 4+1 principles that underlie all software safety standards. We outline common software safety assurance principles that are evident in software safety standards and best practices. You can think of these … Read more



- Software Safety Principle 4 October 4, 2022



Software Safety Principle 4 is the third in a new series of six blog posts on Principles of Software Safety Assurance. In it, we look at the 4+1 principles that underlie all software safety standards. We outline common software safety assurance principles that are evident in software safety standards and best practices. You can think of … Read more



The 2022 Digest: Quarter Three



- Software Safety Principles 2 and 3 September 27, 2022



Software Safety Principles 2 and 3 is the second in a new series of blog posts on Principles of Software Safety Assurance. In it, we look at the 4+1 principles that underlie all software safety standards. We outline common software safety assurance principles that are evident in software safety standards and best practices. You can think … Read more



- Principles of Software Safety Assurance September 20, 2022



This is the first in a new series of blog posts on Principles of Software Safety Assurance. In it, we look at the 4+1 principles that underlie all software safety standards. We outline common software safety assurance principles that are evident in software safety standards and best practices. You can think of these guidelines as … Read more



- Proportionality September 13, 2022



Proportionality is about committing resources to the Safety Program that are adequate – in both quality and quantity – for the required tasks. Proportionality is a concept that should be applied to determine the allocation of resource and effort to a safety and environmental argument based on its risk.  It is a difficult concept … Read more



- Australian vs. UK Safety Law September 7, 2022



This post, Blog: Australian vs. UK Safety Law compares the two approaches, based on my long experience of working on both sides. Are you a safety professional thinking of emigrating from the UK to Australia?  Well, I’ve done it, and here’s my BREXIT special guide!  In this 45-minute video, The Safety Artisan looks at the … Read more



- CISSP 2021: What’s New? August 30, 2022



In this course, ‘CISSP 2021: What’s New?’, we look at the significant changes that have been made to the CISSP Official Exam Outline (the course syllabus). Learn what’s new in the CISSP Curriculum, from May 1st, 2021 (next update in 2024) There are still Eight Domains – D1, D3 & D7 are … Read more



- System Safety Principles August 16, 2022



In this 45-minute video, I discuss System Safety Principles, as set out by the US Federal Aviation Authority in their System Safety Handbook. Although this was published in 2000, the principles still hold good (mostly) and are worth discussing. I comment on those topics where the modern practice has moved on, and those jurisdictions where … Read more



- Safety Concepts Part 2 August 2, 2022



In this 33-minute session, Safety Concepts Part 2, The Safety Artisan equips you with more Safety Concepts. We look at the basic concepts of safety, risk, and hazard in order to understand how to assess and manage them. Exploring these fundamental topics provides the foundations for all other safety topics, but it doesn’t have to … Read more



- Hazard Logs – a Brief Summary July 19, 2022



In Hazard Logs – a Brief Summary, we will give you an overview of this important safety management tool. This post serves as an introduction to longer posts and videos (e.g. Hazard Logs & Hazard Tracking Systems), which will provide you with much more content. Hazard Logs – a Brief Summary Description of Hazard Log … Read more



- Australian WHS Course July 5, 2022



In this Australian WHS Course, we show you how to practically and pragmatically implement the essential elements of Australian Work Health and Safety Legislation. In particular, we look at the so-called ‘upstream’ WHS duties. These are the elements you need to safely introduce systems and services into the Australian market. Lessons in This Course A Guide … Read more



The 2022 Digest: Quarter Two



- How to Demonstrate SFARP June 21, 2022



In this lesson, I will teach you how to demonstrate SFARP. To use the proper terminology, from the Australian WHS Act, how to eliminate or minimize risks so far as is reasonably practicable. (The Act never uses the acronym SFARP or SFAIRP, but everyone else does.) This will build upon the post So Far As … Read more



- Career Change June 7, 2022



Career change: in my lecture to the System Engineering Industry Program at the University of Adelaide, I reflect on my career changes. What can you learn from my experiences? (Hint: a lot, I hope!) I want to talk about career changes because all of you – everyone listening – have already started to make them. … Read more



- Safety Management Policy May 24, 2022



In this post on Safety Management Policy, we’re going to look at the policy requirements of a typical project management safety standard. This is the Acquisition Safety & Environmental System (ASEMS). The Ministry of Defence is the biggest acquirer of manufactured goods in the UK, and it uses ASEMS to guide hundreds of acquisition projects. … Read more



- Good Work Design May 10, 2022



Good work design can help us achieve safe outcomes by designing safety into work processes and the design of products. Adding safety as an afterthought is almost always less effective and costs more over the lifecycle of the process or product. Introduction The Australian Work Health and Safety Strategy 2012-2022 is underpinned by the principle … Read more



- SMP03 Safety Planning April 26, 2022



Safety Planning: if you fail to plan, you are planning to fail. In my experience, good safety plans don’t always result in successful safety programs; however, bad safety plans never lead to success. Safety Planning: Introduction Definitions A Safety Management Plan is defined as: “A document that defines the strategy for addressing safety and documents the Safety Management … Read more



- SMP02 Project Safety Committee April 12, 2022



Our Second Safety Management Procedure is the Project Safety Committee. Okay, so committees are not the sexiest subject, but we need to get stakeholders together to make things happen! Project Safety Committee: Introduction Definitions A Safety Committee is defined as: A group of stakeholders that exercises, oversees, reviews and endorses safety management and safety engineering activities. Def … Read more



- SMP01 Project Safety Initiation April 5, 2022



In ‘Project Safety Initiation’ we look at what you need to do to get your safety project or program started. Introduction Definitions A stakeholder is anyone who will be affected by the introduction of the system and who needs to be consulted or informed about the development and fielding of the system, and anyone who contributes to … Read more



The 2022 Digest: Quarter One



- So Far As Is Reasonably Practicable March 29, 2022



‘So Far As Is Reasonably Practicable’ is a phrase that gets used a lot, but what does it mean? How do you demonstrate it? Well, in Australia we do it like this … and you can learn from this wherever you operate! Attribution This post uses text from ‘How to Determine what is Reasonably Practicable … Read more



- Safety Assessment Techniques Overview March 22, 2022



In Safety Assessment Techniques Overview we will look at how different analysis techniques can be woven together. How does one analysis feed into another? What do we need to get sufficient coverage to be confident that we’ve done enough? Learning Objectives: Safety Assessment Techniques Overview You will be able to: List and ‘sequence’ the five … Read more



- Failure Mode Effects Analysis March 8, 2022



TL;DR This article on Failure Mode Effects Analysis explains this powerful and commonly-used family of techniques. It covers: A description of the technique, including its purpose; When it might be used; Advantages, disadvantages and limitations; Sources of additional information; A simple example of an FMEA/FMECA; and Additional comments. I’ve added some ‘top tips’ of my … Read more



- The Safety Artisan is on Thinkific February 22, 2022



I’m pleased to tell you that The Safety Artisan is on Thinkific! Thinkific is a powerful and beautifully-presented online Learning Management System.  This will complement the existing Safety Artisan website.   My first course will be ‘System Safety Assessment‘ with ten hours of instructional videos. The new course is here. (Please note that this is the same … Read more



- What is System Safety Engineering? February 8, 2022



What is System Safety Engineering? System Safety Engineering does five things: Deals with the whole system, including software, data, people, and environment; Uses a systematic (rigorous) process; Concentrates on requirements (to cope with complexity); Considers safety early in the system life cycle; and Handles complexity cost-effectively and efficiently. System Safety Engineering: Transcript What is system … Read more



- The Risk Matrix January 26, 2022



In this article, I look at The Risk Matrix, a widely used technique in many industries. Risk Matrices have many applications! In this article, I have used material from a UK Ministry of Defence guide, reproduced under the terms of the UK’s Open Government Licence. Introduction A risk matrix is a graphical representation of the … Read more



- Risk: Averse, Adverse, or Appetite? January 12, 2022



You heard me right. Risk: Averse, Adverse, or Appetite? Which would you choose? Do we even have a choice? Read on … We often hear that we live in a risk-averse society.  By that, I mean that we don’t want to take risks, or that we’re too timid.  I don’t think that’s the whole story. … Read more



Thanks for Your Support in 2022!



Creating The 2022 Digest has reminded me just how much content I have produced this year. If you would like to get content emailed to you every two weeks, plus big discounts on courses then subscribe here!

#coursesafetyengineering #Cybersecurity #DesignSafety #engineersafety #HazardLogs #ineedsafety #knowledgeofsafety #LaunchingmyThinkificpage #learnsafety #Needforsafety #RiskandSafetybasics #safetyblog #safetydo #safetyengineer #safetyengineerskills #safetyengineertraining #safetyengineeringcourse #SafetyPrinciples #seriesonSafetyManagement #seriesonSoftwareSafetyandStandardsSystemSafetyAnalyses #SFARPandAustralianWHS #SoftwareSafety #theneedforsafety #toolsandtechniques

Simon Di Nucci https://www.safetyartisan.com/2023/01/04/the-2022-digest/

Why Call it The Safety Artisan?

Why did I call my business The Safety Artisan?



artisan/ˈɑːtɪzan,ɑːtɪˈzan/Learn to pronounce noun



A worker in a skilled trade, especially one that involves making things by hand. "street markets where local artisans display handwoven textiles, painted ceramics, and leather goods"



https://youtu.be/-qOAP0AxDHM

Why Call it The Safety 'Artisan'?



Why The Safety 'Artisan'?



Hi, everyone. When I was choosing a name for my business, I thought of quite a lot of alternatives, but I settled on The Safety Artisan for three reasons. First, I liked the meaning of the word, the idea of an individual person pursuing their craft and trying to do it to the very best of their abilities.



Second, I liked the application because I've worked on a lot of very large, even multi-billion-dollar projects; but we're still knowledge workers. We're still individuals who have to be competent at what we do in order to deliver a safe result for people.



And third, I liked the idea, the image of the cottage industry, the artisan working at home as I am now, and delivering goods and services that other people can use wherever they are. And indeed, you might be home or you might be on your mobile phone listening to this.



So I liked all three of those things. I thought, yes, that's what I'm about. That's what I believe in and want to do. And if that sounds good to you, too, then please check out The Safety Artisan, where I provide #safety #engineering #training.



Meet the Author



Learn safety engineering with me, an industry professional with 25 years of experience, I have:



•Worked on aircraft, ships, submarines, ATMS, trains, and software;



•Tiny programs to some of the biggest (Eurofighter, Future Submarine);



•In the UK and Australia, on US and European programs;



•Taught safety to hundreds of people in the classroom, and thousands online;



•Presented on safety topics at several international conferences.



Learn more about me here.

#careersafeonline #courseforsafetyengineer #issafetyagoodcareer #issafetyengineeringagoodcareer #jobsforsafetyengineer #saferoles #safetycareqbs #safetycareer #safetyengineer #safetyengineercourse #safetyengineerjobs #safetyengineerrequirements #safetyengineersalary #safetyhealthjob #safetyisjob1 #safetyjob #safetyofficerjobrole #safetyofficerrole #safetyrole #safetytechjobs #whatisapublicsafetycareer #whatsafetymeanstoyou #whysafetymatters

Simon Di Nucci https://www.safetyartisan.com/2021/03/26/why-call-it-the-safety-artisan/

System Safety Risk Assessment

Learn about System Safety Risk Assessment with The Safety Artisan.



In this module, we're going to look at how we deal with the complexity of the real world. We do a formal risk analysis because real-world scenarios are complex. The Analysis helps us to understand what we need to do to keep people safe. Usually, we have some moral and legal obligation to do it as well. We need to do it well to protect people and prevent harm to people.



You Will Learn to:



- Explain what a system safety approach is and does; and



- Define what a risk analysis program is; 



https://youtu.be/l3MLQQH7lxY

System Safety Risk Analysis.



Topics: System Safety Risk Assessment



Aim: How do we deal with real-world complexity?



- What is System Safety?



- The Need for Process;



- A Realistic, Useful, Powerful process:



- Context, Communication & Consultation; and



- Monitoring & Review, Risk Treatment.



- Required Risk Reduction.



Transcript: System Safety Risk Assessment



Click here for the Transcript on System Safety Risk Assessment

In this module, on System Safety Risk Assessment, we're going to look at how we deal with the complexity of the real world. We do a formal risk analysis because real-world scenarios are complex. The Analysis helps us to understand what we need to do to keep people safe. Usually, we have some moral and legal obligation to do it as well. We need to do it well to protect people and prevent harm to people.



What is System Safety?



To start with, here’s a little definition of system safety. System safety is the application of engineering and management principles, criteria, and techniques to achieve acceptable risk within a wider context. This wider context is operational effectiveness - We want our system to do something. That's why we're buying it or making it. The system has got to be suitable for its use. We've got some time and cost constraints and we've got a life cycle. We can imagine we are developing something from concept, from cradle to grave.



And what are we developing? We're developing a system. An organization of hardware, (or software) material, facilities, people, data and services. All these pieces will perform a designated function within the system. The system will work within a stated or defined operating environment. It will work with the intention to produce specified results.



We've got three things there. We've got a system. We've got the operating environment within which it works- or designed to work. And we have the thing that it's supposed to produce; its function or its application. Why did we buy it, or make, it in the first place? What's it supposed to do? What benefits is it supposed to bring humankind? What does it mean in the context of the big picture?



That's what a system is. I'm not going to elaborate on systems theory or anything like that. That's a whole big subject on its own. But we're talking about something complex. We're not talking about a toaster. It's not consumer goods. It's something complicated that operates in the real world. And as I say, we need to understand those three things - system, environment, purpose - to work out Safety.



We Need A Process



We've sorted our context. How is all this going to happen? We need a process. In the standard that we're going to look at in the next module, we have an eight-element process. As you can see there, we start with documenting our approach. Then we identify and document hazards. We document everything according to the standard so forget that.



We assess risk. We plan how we're going to mitigate the risk. We identify risk mitigation measures or controls as there are often known. Then we apply those controls to reduce risk. We verify and confirm that the risk reduction that we have achieved, or that we believe we will achieve. And then we got to get somebody to accept that risk. In other words, to say that it is an acceptable level of risk. That we can put up with this level of risk in exchange for the benefits that the system is going to give us. Finally, we need to manage risk through the entire lifecycle of the system until we finally get rid of it.



The key point about this is whatever process we follow, we need to approach it with rigor. We stick to a systematic process. We take a structured and rigorous approach to looking at our system.



And as you can see there from the arrows, every step in the eight-element sequence flows into the next step. Each step supports and enables the following steps. We document the results as we go. However, even this example is a little bit too simple.



A More Realistic Process



So, let's get a more realistic process. What we've got here are the same things we’ve had before. We've established the context at the beginning. Next, there’s risk assessment. Risk assessment consists of risk identification, risk analysis, and risk evaluation. It asks ‘Where are we?’ in relation to a yardstick or framework that categorizes risk. The category determines whether a risk is acceptable or not.



After determining whether the risk is acceptable or not, we may need to apply some risk treatment. Risk Treatment will reduce the risk further. By then we should have the risk down to an acceptable level.



So, that's the straight-through process, once through. In the real world, we may have to go around this path several times. Having treated the risk over a period of time, we need to monitor and review it. We need to make sure that the risk turns out, in reality, to be what we estimated it to be. Or at least no worse. If it turns out to be better- Well, that's great!



And on that monitoring and review cycle, maybe we even need to go back because the context has changed. These changes could include using the system to do something it was not designed to do. Or modifying the system to operate in a wider variety of environments. Whatever it might be, the context has changed. So, we need to look again at the risk assessment and go round that loop again.



And while we're doing all that, we need to communicate with other people. These other people include end-users, stakeholders, other people who have safety responsibilities. We need to communicate with the people who we have to work with. And we have to consult people. We may have to consult workers. We may have to consult the public, people that we put at risk, other duty holders who hold a duty to manage risk. That's our cycle. That's more realistic. In my experience as a safety engineer, this is much more realistic. A once-through process often doesn't cut it.



Required Risk Reduction



We're doing all this to drive risk down to an acceptable level. Well, what do we mean by that? Well, there are several different ways that we can do this, and I've got to illustrate it here. On the left-hand side of the slide, we have what's usually known as the ALARP triangle. It’s this thing that looks a bit like a carrot where the width of the triangle indicates the amount of risk. So, at the top of the triangle, we've got lots of risks. And if you're in the UK or Australia where I live, this is the way it's done. So there will be some level of risk that is intolerable. Then if the risk isn't intolerable, we can only tolerate it or accept it if it is ALARP or SFARP. And ALARP means that we've reduced the risk as low as reasonably practicable. And SFARP means so far as is reasonably practicable. Essentially, they’re the same thing - reasonably practical.



We must ensure that we have applied all reasonably practicable risk reduction measures. And once we've done so, if we're in this tolerable or acceptable region, then we can live with the risk. The law allows us to do that.



That's how it's done in the UK and Australia. But in other jurisdictions, like the USA, you might need to use a different approach. A risk matrix approach as we can see on the right-hand side of this slide. This particular risk matrix is from the standard we're about to look at. And we could take that and say, ‘We've determined what the risk is. There is no absolute limit on how much risk we can accept. But the higher the risk, the more senior level of sign-off from management we need’. In effect, you are prioritizing the risk. So you only bring the worst risks to the attention of senior management. You are asking  ‘Will you accept this? Or are you prepared to spend the money? Or will you restrict the operational system to reduce the risk?’. This is good because it makes people with authority consider risks. They are responsible and need to make meaningful decisions.



In short, different approaches are legal in different jurisdictions.



Summary of Module



In Module Two, we've asked ourselves, ‘How can we deal with real-world complexity?’. And one way that's developed to do that is System Safety. System Safety is where we take a systematic approach to safety. This approach applies to both the system itself - the product - and the process of System Safety.



We address product and process. We need that rigorous process to give us confidence that what we've done is good enough. We have a realistic, useful and powerful process that enables us to put things in context. It helps us to communicate with everyone we need to, to consult with those that we have a duty to consult with. And also, we put around the basic risk process, this monitoring and review. And of course, we analyze risk to reduce it to acceptable levels. So we've got to treat the risk or reduce it or control it in some way to get it to those acceptable levels. In the end, it's all about getting that required risk reduction to work. That reduction makes the risk acceptable to expose human beings to, for the benefit that it will give us.



This is Module 2 of SSRAP



This is Module 2 from the System Safety Risk Assessment Program (SSRAP) Course. Risk Analysis Programs – Design a System Safety Program for any system in any application. You can access the full course here.



You can find more introductory lessons at Start Here.

#howtoriskassessment #howtoriskassessmentanalysis #learnriskassessment #learnriskassessmentanalysis #riskassess #riskassessment #riskassessmentanalysistechnique #riskassessmentanalysistraining #riskassessmentanalysistutorial #riskassessmenteducation #riskassessmentequation #riskassessmentguide #riskassessmentkeypoints #riskassessmentoutline #riskassessmentquestionstoask #riskassessmentskills #riskassessmenttechnique #riskassessmenttraining #riskassessmenttutorial #riskassessmentvideo #riskmanagement31000pdf

Simon Di Nucci https://www.safetyartisan.com/2021/03/13/ssrap-module-2-system-safety-risk-analysis/