By: C.O. Miller
[Editor’s note: this opinion piece originally appeared in Vol 29 No 4 (Q4 1993) of Hazard Prevention (now Journal of System Safety). The text has not been modified except for formatting changes, images, and hyperlinks]
The following is an excerpt from a letter of concern to me from one of the more distinguished members of our society. Mr: C.O. Miller was a member of the original “Aerospace Systems Safety Society.” In 1963, he was elected President of the society; in 1967, he was named a “Lifetime Honorary Member” in 1974; a “Fellow” in 1980; and is currently listed as an Emeritus Member. He has served as a member of the Board of Directors, or on important society committees almost continuously for the past 30 years. He has been actively involved in System Safety for the past 40 years (which is about 10 years longer than the term has been in existence). As a concerned member of the system safety community, Mr. Miller has shared a few of the concerns that he has about the practice of system safety. I share his concerns about these issues and suggest that we work as a group to find adequate solutions to the problems identified in this editorial. – CPH
Let me list and describe briefly the concerns I have about the practice of system safety:
Continued Confusion Between System Safety and System Safety Engineering…
System Safety is a lifecycle concept with operations and disposal being significant phases beyond engineering, tests, manufacturing and initial deployment. Application of operational system safety tasks and feedback loops between all of these phases are essential to the effectiveness of the concept, if not in the system in question then on future systems. Still, in HP articles and editorials we see continued interchangeable references to system safety and system safety engineering. Some courses (texts) and seminars labeled “system safety” are hardly more than exercises in hazard analyses or risk management. Government agencies with significant operational roles (e.g., the FAA) don’t really understand what system safety means. Too many non-government endeavors have been exposed only to limited application of the full scope of system safety processes.
The System Safety Society needs to broaden its influence in various industries, which IS basic to gaining more members and which is, perhaps, even basic to survival as a professional group. I don’t believe this can be accomplished by trying to change the orientation of prospective members. We should sell them on the contribution they can make to the Society in their language. That’s basic salesmanship. If people in the operational world (a group that is not well represented in the Society’s membership) see the term “engineering” in the title of or synonymous with the actual title of the Society, they are not going to be interested since an overwhelming number of them are not engineers and they know only the narrow definition of the word “engineering.” Also, many other professionals (physicians, lawyers, scientists of one kind or another, managers, pilots, et al) do not look too kindly at engineers and, frankly, would be insulted to be mistaken for one. (It is like when I was in the Marines and people called me soldier!)
Lack of Definition and attention to Operational Phases in MIL-STD-882…
DOD continues to resist or limit inclusion of the supplier’s role in operations and their own operational commands’ role in the entire system safety process. Since MIL-STD-882 IS looked upon as the model of system safety thinking by many different groups, inside and outside government agencies, it IS mandatory to get optimum definitions and lifecycle task descriptions including those with operations relevance into that standard.
Excessive attention to the Paperwork at the Expense of the Real World Benefits of the System Safety Concept…
Contract data requirements are important, including hazard analyses and various reports. However, system safety thought processes by the people performing and interpreting analyses and tests and application of the findings to Hazard Prevention 4th Quarter 1993 accident prevention in a timely manner are what really count. Too often, checking off the boxes seems most important. Hazard analyses become late and/or compromised (rationalized?) away for schedule or short-term cost reasons. Closely allied to this is excessive dependence upon numerical results of hazard analyses (actually and frequently, reliability analyses masquerading as hazard analyses) to make decisions rather than to simply aid in decision-making.
Foot Dragging in Integrating Hazard Analyses and Human Factors Task Analyses to Minimize Human Error…
One of the fundamental differences between reliability analyses and hazard analyses over the years has been the latter’s concern for potential human error. (Reliability types did not know how to handle human error numerically; hence, they just tended to bypass it.) Human performance can be the greatest contributor to safety or one of its main detractors. Like most other cost-effective measures, controlling human error begins in the initial design phase. Both hazard analyses and task analyses can be found there, but all too frequently, following separate, not integrated, paths. This needs to be improved if system safety really wants to live up to its name. After all, what “component” is common to all systems?
Difficulties the Society Has in Fostering the System Safety Concept in Non- Aerospace Activities…
Much has been accomplished in this regard by individual Society members and through occasional pleas by Society officials (e.g., your own message to the membership in HP). Also, the membership scope has been enlarged well beyond aerospace participants (witness the roster of speakers and attendees at the 1991 symposium). Nevertheless, this remains the significant challenge for the 90s – a challenge that might just best be met by paying more attention to the basics implicit in the foregoing items of concern.
The purposes for which the Society was founded are more important today than they were in 1963 for the simple reason systems are more complex than ever. Our problem-solving techniques are better, too; however, if the techniques are applied without due regard to the fundamentals that gave rise to them, the result may be a negative contribution to safety. More on the practical side, if the Society does not realize and pay attention to these fundamentals, it too may encounter difficulties in survival. -C.O. Miller