A Personal Perspective on System Safety

[Editor Note: This essay was originally published in Volume 32 Issue 4 of Hazard Prevention (now Journal of System Safety) in 4Q 1996. The article has been reformatted, but the text is unchanged.]

FOR MANY YEARS, there were diverse analytic techniques utilized to determine and improve safety during the design, development, and testing of products, processes, and systems. However, actual utilization of the techniques was somewhat fragmentary, sometimes superficial, generally haphazard in nature, and was often overlooked or ignored. The growth of reliability engineering emphasized a more rigorous quantitative evaluation of the components of a system. Design for maintainability concepts focused attention on how the system life and functions is dependent upon the character of its interaction with people during actual use. It was well known for the prior hundred years that it was better to rely upon design engineering to eliminate hazards during early concept and development stages than to rely upon subsequently applied procedures and safeguards or, as a last resort, warnings and safety instructions to the user. Thus, the general concepts and techniques were available but poorly utilized and without priority of objectives. This suddenly changed with the growth of more complex systems (such as missile and space systems requiring greater assurance of a high level of safety) and the subsequent discovery that even small simple products could involve important system concepts.

About 36 years ago, I became directly involved in the effort to formalize and organize a more concerted effort toward achieving higher levels of design safety by use of various design-oriented techniques, concepts, practices, and objectives. Key individuals in cooperation with the United States Air Force, created various “system safety programs” that were outlined in descriptive documents and their procurement specification efforts provided money for specialized groups to perform a separate identifiable function labeled system safety engineering. This evolved into a detailed military specification now known as MIL-STD-882 C (1) . The System Safety Society was then born as the need for collaboration and exchange of information in this specialty was recognized. The subject become a matter of university coursework, textbooks, and part of the practice of mechanical and chemical engineering in various nations around the World. International standards were promulgated, in various languages, such as IEC 812 FMEA (Failure Modes and Effects Analysis) and IEC 1025 FTA (Fault Tree Analysis)(2). System safety concepts have been incorporated into process safety standards, machine design standards, quality assurance standards, and proposed environmental standards(3).

Concepts such as cradle-to-grave (concept design through ultimate disposal and recycling), which were a difficult responsibility for many design engineers to accept 30 or 40 years ago, now abound in various voluntary trade standards, government directives, and product specifications. Some specialists have proclaimed that “the genie is out of the bottle and everyone is now doing systems safety”. This, of course, is exaggerated. The system safety specialist has unique knowledge and skills that many not be available elsewhere. System Safety is not just a matter of the “application” of highly specialized knowledge, since the discipline has gradually grown toward “professional practice” where some independent discretion can be utilized (particularly for a cost-benefit result). In some situations, risk estimates may be made at the one-in-a-million level of apparent numerical precision (probability) and, more often, it is at a 4, 5, or 6 category level of risk classification (much more easily accomplished during transient design processes). The analysis may be computer oriented, with elaborate printouts (as a result or a proof of activity), but is more often focused on immediate and visible product improvement and to forestall probable (likely) system defects. In fact, it has matured to include both assurance (prevention) and improvement (corrective action) during the service life of the “system” as actually utilized.

System design now must be world-oriented and culture friendly.

The remarkable growth of “borderless” world trade has created new challenges for system safety There are world trade groups (such as the European Union), domestic standards are yielding to world standards, there are increasing regulatory criteria (except for the United States), and design efforts are often computer linked to separate groups in many locations and frequently oriented toward larger markets (world automobiles, fabrication plants in multiple countries, and reduction of trade barriers between countries). Thus system design now must be world-oriented and culture friendly.

There is also the very important challenge of incorporating the more user friendly” concepts and applying “human factors” knowledge to prevent human error, mistakes, and resultant system failure. In many respects, system safety practitioners often have not appropriately utilized nor have they been as precise with human data and information as they have been with equipment data and information. One might be considered “soft and imprecise” while the other deals with “hard physical facts”, yet both utilize simplifying assumptions, and, approximations or extrapolations may be made for both. However, equipment-human interactions are becoming more important as more advanced litigation concepts and machine design standards are more evenly applied around the World. There are other standards which, depending on the way they are implemented, could benefit from greater consideration of human factors when system design analysis and evaluation is being performed. The opportunities abound, but exactly who will do the system safety engineering in the years ahead?

Footnote: George A. Peters is Past President of the System Safety Society.

REFERENCES

1. System Safety Program Requirements, MIL-STD-882C, January 1933.

2. Mundell, A.B. Sources of Statistical Standards, Quality Engineering, Vol. 8, No. 1, N.Y: Marcel1 Dekker, September 1996.

3. The ANSI/ASQC Q90-1987 series are identical to the International Standards Organization Standards ISO 9000 to 9004 pertaining to design, development, production, installation, servicing, final inspection, and testing. In Great Britain, the BS 5750 became the IS0 9001 to 9003 series. The IS0 9000 series has also be designated as the EN 29000 series (actually 29001, 29002,29003, and 45012). The machinery safety standards include 89/392/EEC. The IS0 14000 series on environmental management systems are still being coordinated. For details see: Peach, R.W. The IS0 9000 Handbook, 2d Ed. Irwin Professional Publishing, 11150 Main Street, Fairfax, Virginia 22030-5066 (Contains the text of the ANSVASQC 49000 series, plus background, documentation, assessment, and accreditation). Note: the MIL-Q-9858A and MIL-I-45208A standards were to be replaced with the ISO 9000 to 9004 quality system standards. Also note: There are now 7,000 companies in the USA who have attained third party IS0 9000 registration, other companies are prepared to provide declarations of conformity to the IS0 9000 series, and others are issuing derivative specifications for their suppliers.