System Safety Principles: A Multidisciplinary Engineering Perspective

Abstract System safety is of particular importance for many industries. Broadly speaking, it refers to the state or objective of striving to sustainably ensure accident prevention through actions on multiple safety levers (technical, organizational, and regulatory). While complementary to risk analysis, it is distinct in one important way: risk analysis is anticipatory rationality examining the possibility of adverse events (or accident scenarios), and the tools of risk analysis support and in some cases quantify various aspects of this analysis effort. The end-objective of risk analysis is to help identify and prioritize risks, inform risk management, and support risk communication. These tools however do not provide design or operational guidelines and principles for eliminating or mitigating risks. Such considerations fall within the purview of system safety. In this work, we propose a set of five safety principles, which are domain-independent, technologically agnostic, and broadly applicable across industries. While there is a proliferation of detailed safety measures (tactics) in specific areas and industries, a synthesis of high-level safety principles or strategies that are independent of any particular instantiation, and from which specific safety measures can be derived or related to, has pedagogical value and fulfills an important role in safety training and education. Such synthesis effort also supports creativity and technical ingenuity in the workforce for deriving specific safety measures, and for implementing these principles and handling specific local or new risks. Our set of safety principles includes: (1) the fail-safe principle; (2) the safety margins principle; (3) the un-graduated response principle (under which we subsume the traditional “inherently safe design” principle); (4) the defense-in-depth principle; and (5) the observability-in-depth principle. We carefully examine each principle and provide examples that illustrate their use and implementation. We relate these principles to the notions of hazard level, accident sequence, and conditional probabilities of further hazard escalation or advancement of an accident sequence. These principles are a useful addition to the intellectual toolkit of engineers, decision-makers, and anyone interested in safety issues, and they provide helpful guidelines during system design and risk management efforts.

[1]  Efstathios Bakolas,et al.  Highlights from the literature on accident causation and system safety: Review of major ideas, recent contributions, and challenges , 2010, Reliab. Eng. Syst. Saf..

[2]  Trevor A. Kletz,et al.  "WHAT YOU DON′T HAVE,CAN′T LEAK"ないものは もれない--本質的に安全な化学プラントを考える , 1978 .

[3]  C. Runyan Introduction: back to the future--revisiting Haddon's conceptualization of injury epidemiology and prevention. , 2003, Epidemiologic reviews.

[4]  Stephen N. Luko,et al.  Risk Management Principles and Guidelines , 2013 .

[5]  Karl E. Weick,et al.  Managing the unexpected: resilient performance in an age of uncertainty, second edition , 2007 .

[6]  Efstathios Bakolas,et al.  Augmenting defense-in-depth with the concepts of observability and diagnosability from Control Theory and Discrete Event Systems , 2011, Reliab. Eng. Syst. Saf..

[7]  E R Christophersen,et al.  Injury control. , 1989, The American psychologist.

[8]  Raghunathan Rengaswamy,et al.  A review of process fault detection and diagnosis: Part III: Process history based methods , 2003, Comput. Chem. Eng..

[9]  N. Pletneva COMMENTARY ON THE INTERNATIONAL STANDARD ISO 31000–2009 “RISK MANAGEMENT. PRINCIPLES AND GUIDELINES” , 2014 .

[10]  Joseph H. Saleh,et al.  Observability-in-Depth: Safety Strategy to Complement Defense-in-Depth for Dynamic Real-Time Allocation of Defensive Resources , 2013 .

[11]  Christos G. Cassandras,et al.  Introduction to Discrete Event Systems , 1999, The Kluwer International Series on Discrete Event Dynamic Systems.

[12]  M. Elisabeth Paté-Cornell,et al.  Uncertainties in risk analysis: Six levels of treatment , 1996 .

[13]  Loïc Brevault,et al.  Accident precursors, near misses, and warning signs: Critical review and formal definitions within the framework of Discrete Event Systems , 2013, Reliab. Eng. Syst. Saf..

[14]  Andrew Hopkins,et al.  Was Three Mile Island a ‘Normal Accident’? , 2001 .

[15]  Jens Rasmussen,et al.  Risk management in a dynamic society: a modelling problem , 1997 .

[16]  Sven Ove Hansson,et al.  Principles of engineering safety: Risk and uncertainty reduction , 2008, Reliab. Eng. Syst. Saf..

[17]  Efstathios Bakolas,et al.  Texas City refinery accident: Case study in breakdown of defense-in-depth and violation of the safety–diagnosability principle in design , 2014 .

[18]  Raghunathan Rengaswamy,et al.  A review of process fault detection and diagnosis: Part II: Qualitative models and search strategies , 2003, Comput. Chem. Eng..

[19]  Joseph H. Saleh,et al.  Safety in the mining industry and the unfinished legacy of mining accidents: Safety levers and defense-in-depth for addressing mining hazards , 2011 .

[20]  Faisal Khan,et al.  How to make inherent safety practice a reality , 2008 .

[21]  S. Kaplan,et al.  On The Quantitative Definition of Risk , 1981 .

[22]  James T. Reason,et al.  Managing the risks of organizational accidents , 1997 .

[23]  D. G. Clark,et al.  Inherently Safer Chemical Processes: A Life Cycle Approach , 1997 .

[24]  I. Svedung,et al.  Graphic representation of accident scenarios: mapping system structure and the causation of accidents , 2002 .

[25]  Nancy G. Leveson,et al.  A new accident model for engineering safer systems , 2004 .

[26]  Roy Billinton,et al.  Reliability Evaluation of Engineering Systems , 1983 .

[27]  Joseph H. Saleh,et al.  On the value of redundancy subject to common-cause failures: Toward the resolution of an on-going debate , 2009, Reliab. Eng. Syst. Saf..

[28]  Raghunathan Rengaswamy,et al.  A review of process fault detection and diagnosis: Part I: Quantitative model-based methods , 2003, Comput. Chem. Eng..

[29]  Daniel A. Crowl,et al.  Inherently safer chemical processes : a life cycle approach , 1997 .

[30]  Trevor Kletz Process Plants: A Handbook for Inherently Safer Design , 1998 .

[31]  George E Apostolakis,et al.  How Useful Is Quantitative Risk Assessment? , 2004, Risk analysis : an official publication of the Society for Risk Analysis.

[32]  Paul Amyotte,et al.  An inherent safety–based incident investigation methodology , 2004 .

[33]  Christos G. Cassandras,et al.  Introduction to Discrete Event Systems, Second Edition , 2008 .

[34]  W. Haddon Advances in the epidemiology of injuries as a basis for public policy. , 1980, Public health reports.