Variability: for better and for worse in safety assurance

Main Article Content

Ben J.M. Ale Des N.D. Hartford David H. Slater

Abstract

Traditionally, in trying to design ―safe‖ systems, variability has been seen as a threat, because it brings with it the possibility of an unwanted outcome. Variability of hardware was thus rigorously controlled by, amongst other things, precise specifications. Variability of human behaviour was thought to be adequately managed by inter alia, regulations and protocols. This philosophy is now referred to as SAFETY I and relied on reliability to guarantee the expected system performance. In the now fashionable philosophy of SAFETY-II, on the other hand, variability is seen as unavoidable; a given in real environments and can even be an asset as, in SAFETY-II, humans are recognised as being able to cope with and often exploit the variability of technology and circumstances, to keep systems working. This reliance on the human capacity for coping, has been seen as adding a necessary element of ―resilience‖ to the system. Thus the SAFETY II concept of resilience engineering could be used as a way to promote safety by exploiting the ingenuity of humans to keep systems within the desired operating envelope. Recently the meaning of resilience has been stretched to include the ability of restoring the operational state after an excursion into the realm of inoperability. The problem is that these approaches (SAFETY I and SAFETY II), could be seen as legitimate alternatives as philosophies in the design of physical and operational systems. This stretched, almost complacent interpretation of ―resilience‖ only serves to exacerbate the problem. The mistake that is often made, is to regard either of the approaches as sufficient in themselves, to guarantee safety in today’s highly complex systems of work and decision making organisations. As Rumsfeld and Taleb have so eloquently reminded us, we can no longer justify designing solely for the known knowns and white swans. Similarly reliance on humans to cope if an unexpected situation may arise, can reduce the emphasis on preventive measures that limit the probability that the system may behave in an unsafe manner. In today’s evermore complex and less transparent systems and work places, however, we obviously need both the SAFETY I belts and the SAFETY II braces (to paraphrase Kletz); as the errors that may be introduced by over-relying on humans correctly assessing situations can be catastrophic: not just for an individual or a company, but sometimes for the wider society. So we need to formalise the human’s resilient SAFETY II abilities (to monitor, respond to, learn from and anticipate the meaning of operational variability), and incorporate them fully into the (SAFETY I) design of the system. Enlightened training and management can then, as a bonus almost, further rely on the human’s extraordinary abilities, as an additional layer of security.The problem is that these approaches (SAFETY I and SAFETY II), could be seen as legitimate alternatives as design philosophies. This stretched, almost complacent interpretation of “resilience” only serves to exacerbate the problem.


The mistake that is often made, is to regard either of the approaches as sufficient in themselves, to guarantee safety in today’s highly complex systems of work and decision making organisations. As Rumsfeld [ 1 ]and Taleb [ 2 ] have so eloquently reminded us, we can no longer justify designing solely for the known knowns and white swans. Similarly reliance on humans to cope if an unexpected situation may arise, can reduce the emphasis on preventive measures that limit the probability that the system may behave in an unsafe manner. In today’s evermore complex and less transparent systems and work places, however, we obviously need both the SAFETY I belts and the SAFETY II braces (to paraphrase Kletz [ 3 ]); as the errors that may be introduced by over-relying on humans correctly assessing situations can be catastrophic: not just for an individual or a company, but sometimes for the wider society. So we need to formalise the human’s resilient SAFETY II abilities (to monitor, respond to, learn from and anticipate the meaning of operational variability), and incorporate them fully into the (SAFETY I) design of the system. Enlightened training and management can then, as a bonus almost, further rely on the human’s extraordinary abilities, as an additional layer of security.

Keywords: SAFETY I, SAFETY II, Resilience, Precaution, variability

Article Details

How to Cite
ALE, Ben J.M.; HARTFORD, Des N.D.; SLATER, David H.. Variability: for better and for worse in safety assurance. Medical Research Archives, [S.l.], v. 8, n. 2, feb. 2020. ISSN 2375-1924. Available at: <https://esmed.org/MRA/mra/article/view/2059>. Date accessed: 27 dec. 2024. doi: https://doi.org/10.18103/mra.v8i2.2059.
Section
Research Articles

References

References

1. https://en.wikipedia.org/wiki/Château_de_Sedan - tour
2. Wuste, P.&J-C Le Coze, Safert nad safety science, past, present and future, https://www.ilo.org/wcmsp5/groups/public/---ed_protect/-
--protrav/---safework/documents/genericdocument/wcms_681838.pdf
3. Wikandder Wikander, Alice Kessler-Harris, Jane E. Lewis (1995) Protecting Women. University of Illinois Press, p 193 ff;
4. NN. Verslag van de Staatscommissie tot het houden van Arbeidsenquête, ingesteld krachtens de Wet van 19 Januari 1890 (Stb. 1),
18901892 (1894
5. https://www.nationalarchives.gov.uk/education/resources/1833-factory-act/ (last visited 18-11-19)
6. Lord Robens, Safety and Health at Work. Report of the Committee. 1970–72, HMSO, Cmnd 5034
7. B.J.M. Ale, L.J. Bellamy, R.M. Cooke, L.H.J. Goossens, A.R. Hale, A.L.C. Roelen, E. Smith. (2006) Towards a causal model for air
transport safety—an ongoing research project - Safety Science 44 (2006) 657–673
8. Roelen, A. L. C., Lin, P. H., & Hale, A. R. (2011). Accident models and organisational factors in air transport: The need for multimethod models. Safety Science, 49, 5-10
9. B.J.M. Ale The Occupational Risk Model, TU-Delft/TBM RC 20060731, ISBN 90-5638-157-1, Delft, 2006
10. L. J. Bellamy, B.J.M. Ale, J.Y.Whiston, M.L. Mud, H. Baksteen, A. Hale, I.A. Papazoglou, A. Bloemhoff , J.I.H Oh. (2006) The
software tool Storybuilder and the analysis of the horrible stories of occupational accidents, Working on Safety, 12-15, September
2006
11. Ioannis A. Papazoglou and Ben J.M. Ale 2007 A logical model for quantification of occupational risk •Reliability Engineering &
System Safety, Volume 92, Issue 6, June 2007, Pages 785-803.
12. Ale, B.J.M , L.J. Bellamy, R. van der Boom,R.M. Cooke, L.H.J.Goossens, A.R. Hale, D. Kurowicka, P.H. Lin, O., Morales, A.L.C.,
Roelen, J., Cooper, J., Spouge. (2006) CATS final report, Ministry of Transport and Water management, The Hague, The Netherlands,
ISBN 10: 90 369 1724-7; ISBN 13: 978 90 369 1724-7
13. ICAO (2000), International Civil Aviation Organization, Accident/Incident Reporting Manual (ADREP), ICAO, Montreal, Canada
14. Denis Besnard, Erik Hollnagel. (2014) I want to believe: some myths about the management of industrial safety. Cognition,
Technology and Work, Springer Verlag, 2014, 16 (1), pp.13-23. <10.1007/s10111-012-0237-4>.
15. Heinrich, H., (1931), Industrial Accident Prevention a Scientific Approach, first ed. McGraw-Hill Book Company, London.
Ben J.M. Ale et al Medical Research Archives vol 8 issue 2. February 2020 Page 19 of 22
Copyright 2020 KEI Journals. All Rights Reserved http://journals.ke-i.org/index.php/mra

16. Paul Swuste, Coen van Gulijk, Walter Zwaard, (2010) Safety metaphors and theories, a review of the occupational safety literature of
the US, UK and The Netherlands, till the first part of the 20th century, Safety Science 48 (2010) 1000–1018
17. 17 https://en.wikipedia.org/wiki/Flixborough_disaster
18. Department of Employment (1975), The Flixborough disaster, report of the court of inquiry, H.M.S.O, London,. ISBN 0113610750
19. 2012 Lin, Pei-Hui; Hanea, Daniela; Ale, Ben; Sillem, Simone; Gulijk, Coen; Hudson, Patrick (2012); Integrating organisational
factors into a BBN model of risk; ; PSAM 11, Esrel 2012, Helsinki 25-29 juni 2012
20. Perrow, C. (1984) Normal accidents. In: Living with High-Risk Technologies. Princeton University Press, Princeton, NJ
21. Report to the President by the presidential commission on the space shuttle challenger accident, Washington 1986 (Rogers report)
22. B.J.M. Ale, L.J. Bellamy, R. van der Boom, J. Cooper, R.M. Cooke, L.H.J. Goossens, A.R. Hale, D. Kurowicka, O. Morales, A.L.C.
Roelen, J. Spouge, (2009) Further development of a Causal model for Air Transport Safety (CATS): Building the mathematical heart,
Reliability Engineering & System Safety, Volume 94, Issue 9, September 2009, Pages 1433-1441
23. Russell Bertrand (1946), History of western philosophy. London: George Allen & Unwin; 1946
24. Chalmers DJ. (1996) The conscious mind: in search of a fundamental theory. Oxford: Oxford University Press.
25. Arshinov Vladimir, Christian Fuchs, editors (2003), Causality, emergence, self-organisation, /http://www.selforganization.org/results/book/Emergence- Causality Self-Organisation.pdfs.
26. Goldstein Jeffrey (1999) Emergence as a construct: history and issues. Emergence 1999;1(1):49–72
27. van Gelder, Pieter (2007) Quantitative methods for flood risk management, statistical extremes and environmental risk. Faculty of
Sciences, University of Portugal, Lisbon, Portugal, February 15–17, 2007
28. Hollnagel, E., R.L. Wears, J. Braithwaite, (2015) From Safety-I to Safety-II: a white paper.
https://www.england.nhs.uk/signuptosafety/wp-content/uploads/sites/16/2015/10/safety-1-safety-2-whte-papr.pdf (last visited 18-11-
2018)
29. B.J.M. Ale, L.J. Bellamy, A.L.C. Roelen, R.M. Cooke, L.H.J.Goossens, A.R. Hale, D. Kurowicka, E. Smith (2005) Development of a
causal model for air transport safety, IMECE 2005, 79374, Proceedings of IMECE, 2005 ASME International Mechanical
Engineering Congress and Exhibition, Orlando, Florida, nov 5-11, 2005, ISBN 0-7918-3769-6
30. Nielsen, D. ((971) The Cause/Consequence Diagram Method as a Basis for Quantitative Accident Analysis. Danish Atomic Energy
Commission, Research Establishment Risø. Rapport Risø-M-1374
31. I.A. Papazoglou, O.N. Aneziris, L.J. Bellamy, B.J.M. Ale, J. Oh, (2017) Quantitative occupational risk model: Single hazard,
Reliability Engineering and System Safety 160, pp 162–173
Ben J.M. Ale et al Medical Research Archives vol 8 issue 2. February 2020 Page 20 of 22
Copyright 2020 KEI Journals. All Rights Reserved http://journals.ke-i.org/index.php/mra

32. Hollnagel, E, (2012) FRAM, The Functional Resonance Analysis Method, CRC Press, ISBN 9781351935968.
33. Marca, D., C. McGowan (1987), Structured Analysis and Design Technique, McGraw-Hill, 1987, ISBN 0-07-040235-3
34. https://www.theguardian.com/cities/2019/feb/26/what-caused-the-genoa-morandi-bridge-collapse-and-the-end-of-an-italian-nationalmyth (last visited 18-11-2019
35. Hollnagel, Erik, (2010) How Resilient Is Your Organisation? An Introduction to the Resilience Analysis Grid (RAG). Sustainable
Transformation: Building a Resilient Organization, May 2010, Toronto, Canada. hal-00613986
36. Clausewitz, Carl von, (1992) On War, translated by Howard, Princeton university press, 1992, ISBN 0691018545
37. Deming, W. E. (1982), Quality, productivity and competitive position, Massachusetts Institute of Technology, Cambridge, ISBN
0911379002
38. Juran, J. M. and Gryna, F. M. (Eds.) (1988), Quality control handbook, (4th. ed.), McGraw-Hill, New York ISBN-10: 9780070331761
39. https://en.wikipedia.org/wiki/Martinair_Flight_495 (last visited 19-11-2019)
40. http://www.hse.gov.uk/comah/sragtech/casebeek75.htm (last visited 06-01-2019)
41. http//en.wikipedia.org/wiki/Flixborough_disaster (last visisted 06-01-2019)
42. https://nl.wikipedia.org/wiki/Deepwater_Horizon (last visited 06-01-2019)
43. Rasmussen, J (1997) Risk management in a dynamic society, Safety Science vol 27 no 2/3 pp 183-213
44. Thucydides, (431) http://www.historywiz.com/primarysources/funeraloration.htm
45. https://www.goodreads.com/quotes/595263-it-is-only-by-being-bold-that-you-get-anywhere
46. R.B. Jongejan, B.J.M. Ale, H.J. Pasman (2006) The precautionary principle and industrial safety regulation, I
47. Hollnagel, Erik, J. Leonhardt, T. Licu, Steven Shorrock (2014) From Safety-I to Safety-II, A white paper,
https://www.skybrary.aero/bookshelf/books/2437.pdf (Last visited 05-02-2020)
48. Ale, B.J.M., D.N.D. Hartford, D.H. Slater (2002), Resilience of Faith, Paper to be held at the ESREL 2020/PSAM 15 conference ,
Venice, Italy, 21-26 june, 2020
49. Gulijk, C van, M.B. Vroom, J.M. Binnekade, R.J. Tepaske, D.A. Dongelmans, M.J. Kurk, M. Gans, C.V. Schippper, F. Koornneef,
B.J.M. Ale, (2009) Management van Patientveiligheid, TU-Delft, april 2009, ISBN 978-90-9023877-7
Ben J.M. Ale et al Medical Research Archives vol 8 issue 2. February 2020 Page 21 of 22
Copyright 2020 KEI Journals. All Rights Reserved http://journals.ke-i.org/index.php/mra

50. C. van Gulijk, B.J.M. Ale, D. Dongelmans, M. Vroom, Experience from chemical industry for controlling patient safety, Proceedings
of the European Safety and Reliability Conference, ESREL 2011 18-22 September 2011 - Troyes France, Advances in Safety,
Reliability and Risk Management – Bérenguer, Grall & Guedes Soares (eds), Taylor & Francis Group, London, ISBN 978-0-415-
68379-1
51. https://www.medischcontact.nl/nieuws/laatste-nieuws/artikel/veilig-opereren-vraagt-om-eenduidige-regels.htm
52. Bauer H., Honselmann K.C.(2017) Minimum Volume Standards in Surgery - Are We There Yet, Visceral Medicine, Visc Med
2017;33:106-116
53. https://heelkunde.nl/sites/heelkunde.nl/files/NVvH-publieksversie-normen.pdf
54. Hollnagel (2006), Resilience Engineering, Ashgate, ISBN 978-0-7546-4904-5p12
55. https://en.wikipedia.org/wiki/Tenerife_airport_disaster
56. Peter Hughes, David Shipp, Miguel Figueres-Esteban, Coen van Gulijk, (2018) From free-text to structured safety management:
Introduction of a semi-automated classification method of railway hazard reports to elements on a bow-tie diagram, Safety Science
110 (2018) 11–19
57. Rawia Ahmed Hassan E.L. Rashidy, , Peter Hughes, Miguel Figueres-Esteban, Chris Harrison, Coen Van Gulijk (2018), A big data
modelling approach with graph databases for SPAD risk, Safety Science 110 (2018) 75–79
58. Ale, Ben, Coen van Gulijk, Anca Hanea, Daniela Hanea, Patrick Hudson, Pei-Hui Lin, Simone Sillem (2014) Towards BBN based
risk modelling of process plants, Safety Science 69 (2014) 48–56.
59. Gulijk, C. van, Ale, B.J.M., Ababei, D., Steenhoek, M.(2014) Comparison of risk profiles for chemical process plants using
PLATYPUS Safety and Reliability: Methodology and Applications - Proceedings of the European Safety and Reliability Conference,
ESREL 2014 2015, Pages 1363-1368 European Safety and Reliability Conference, ESREL 2014; Wroclaw; Poland; 14 September
2014 through 18 September 2014; Code 107147
60. C. van Gulijk, D.H. Hanea, K.Q. Almeida, M. Steenhoek & B.J.M. Ale, Dan Ababei (2013) Left-hand side BBN model for process
safety, Safety, Reliability and Risk Analysis: Beyond the Horizon – Steenbergen et al. (Eds) pp 1867-1873, Taylor & Francis Group,
London, ISBN 978-1-138-00123-7
61. Ale, B.J.M. D.N.D. Hartford, D.H. Slater, (2018) The practical value of life: priceless or a CBA calculation? Medical Research
Archives, vol. 6, issue 3 ISSN: 2375-1924
62. Ale, B.J.M., D.N.D. Hartford, D.H. Slater, (2019) Is there a statistical value of a life, Chemical Engineering Transactions vol 75,
ISBN 978-88-95608-72-3
Ben J.M. Ale et al Medical Research Archives vol 8 issue 2. February 2020 Page 22 of 22
Copyright 2020 KEI Journals. All Rights Reserved http://journals.ke-i.org/index.php/mra

63. Hollnagel, Erik (2009) The ETTO Principle: Efficiency-Thoroughness Trade-Off Paperback – CRC Press, Taylot and Francis. ISBN
978-0-7546-7587-2
64. B. Ale, T. Aven, R. Jongejan, (2010) Review and discussion of basic concepts and principles in integrated risk management, in
Reliability, Risk and Safety: Theory and Applications – Briš, Guedes Soares & Martorell (eds)© 2010 Taylor & Francis Group,
London, ISBN 978-0-415-55509-8-
65. Taleb, N.N. (2007) The black swan: The impact of the highly improbable. London: Penguin, ISBN 978-1400063512
66. http://functionalresonance.com/brief-introduction-to-fram/index.html (last visited 27-11-2018
67. Kletz, T.A. (1980) Benefits and Risks, Their assessment in relation to human needs, Endeavour, New Series Volume 4, No. 2,
Pergamon Press, Oxford, England
68. B.J.M. Ale, D.N.D. Hartford, D.H. Slater (2019), Variability; Threat or Asset, IChemE symposium series no 166, HAZARDS 29
69. B.J.M. Ale, D.N.D. Hartford, D.H. Slater (2019) Variability; Asset or Curse, ESREL 2019 29th European Safety and Reliability
Conference Hannover, Germany, 22 - 26 September 2019