by Warner Talso
[Editor’s note: this opinion piece originally appeared in Vol 38 No 1 (Q1 2002) of Journal of System Safety. The text has not been modified except for formatting changes, images, and hyperlinks]
Most of us are aware of the evolutionary, even revolutionary, changes that have been taking place in the system safety discipline. These include both technology and areas of application. It is time to review exactly what defines system safety, or at least what we perceive system safety to be. This is a “what” statement, not a “how” statement, and it should be a vision of what system safety encompasses. It is important because it is the key ingredient of what binds us together. It shapes how we see ourselves and how we describe our profession to others.
Recall our origins in the Air Force aerospace arena. The discipline was, and still is, defined by MIL-STD-882. This document has been consistent in defining system safety as, “The application of engineering and management principles, criteria, and techniques to achieve acceptable mishap risk within the constraints of operational effectiveness and suitability, time, and cost, throughout all phases of the system life cycle.” [1] This definition has served us well over the years. However, the discipline was driven by the Department of Defense’s (DoD’s) mandating the implementation of 882. Our Society coasted along on the coattails of this mandatory requirement, with little effort to preach the gospel of system safety or seek out new applications.
This all changed when the Berlin Wall came down and the DoD was no longer driven by the threat of the Union of Soviet Socialist Republics. Remember the de-emphasis on military standards? All of a sudden we had to become proactive in promoting system safety and saving our Society. We have been successful to varying degrees. As the Society reaches out to new members and new industries, the definition of system safety is the shorthand version of what identifies us. I submit that it needs to be more than the military-oriented definition of 882.
Speaking of the Society, what does the Constitution say about defining system safety? Section 1.3 of the Constitution doesn’t define system safety per se, but says: “The term ‘system’ as used herein shall be considered to include any product, service and/or activity developed, produced and/or managed by a specific person, agency, or organization for a designated purpose.
The term ‘safety’ as used herein shall be considered to include any technical, social, educational, and/or managerial action initiated for the purpose of eliminating or reducing the hazards (i.e., risk of property loss and personal injury) associated with a procedure or system.” Well, there certainly are a lot of words there. It is a little verbose and not as focused as it could be. Note that the environment is not mentioned. In today’s world, should it be?
When Perry D’Antonio was our Society President, he wrote the following definition of system safety for the Society’s strategic plan: “The system safety concept is the application of special technical and managerial skills to the systematic identification and elimination or control of hazards throughout the life-cycle of a system.”
This definition of a system includes not only the product or the process, but also the influences (stresses) that the surrounding environment (including human interactions) may have on the product’s or process’s safety performance. A “system,” therefore, defines the boundaries to which the systematic process of hazard identification and control is applied.
When Dick Stephans and I have presented tutorials on the System Safety Analysis Handbook, [2] we have defined system safety as “the application of system engineering and management principles, criteria, and techniques to take positive steps to optimize all aspects of safety within the constraints of operational effectiveness, time, and cost.” We have emphasized the system analysis/engineering/management process and the need to be proactive.
One of our chapter members is performing software system safety work on a very large project. The client is so impressed with our chapter member’s grasp of the systems approach that the member has been asked to do other systems management and engineering tasks. This anecdotal evidence supports my contention that the system approach is very important to the system safety discipline, and is an engineering and management skill in its own right. In my observation, we do not put enough emphasis on the systems approach of looking at the impact of hazards (i.e., potential sources of danger) to the entire system.
When Clemens and Simmons wrote the National Institute for Occupational Safety and Health (NIOSH) Instruction Manual for System Safety and Risk Management, [3] they did not specifically define system safety, but they did identify the two primary characteristics as “(1) it is a doctrine of management practice that mandates that hazards be found and risks be controlled; and (2) it is a collection of analytical approaches with which to practice the doctrine” (emphasis in the original). This definition introduces management decision-making. This is very important. As Steve Mattern has pointed out in several articles, the system safety practitioner must show value added to the project. The practitioner must be seen by management as a worthwhile member of the team. Recognition of the value of system safety is accomplished by making a positive contribution to managers and the decision-making DOE process. Should this be part of the definition?
The OSHA regulation on process safety management (PSM) provides “an integrated approach to chemical safety, putting the focus on a comprehensive management program.”[4] I don’t think there is any argument that this PSM regulation is an application of system safety. Again, we have an emphasis on management. By the way, why doesn’t the Society have greater representation in OSHA because of PSM, and in the EPA because of Risk Management Planning (40 CFR Part 68)? Just asking.
The tragic events of September 11 should be ample reason alone to reevaluate our discipline. Was not the safety (and security) of the World Trade Center a systems issue? How could we have been involved in preventing this event (security) or mitigating the damage (safety)?
Sandia National Laboratories does research on critical infrastructures encompassing communications, transportation, banking and finance, and several other complex systems. The term high-consequence surety has been coined to identify the safety, security and reliability controls associated with preventing catastrophic events. One such critical infrastructure is municipal water supplies. These are complex systems involving pumping, treatment and distribution processes using highly computerized control systems, and are considered attractive targets for terrorists. The system safety approach allows one to see the broad hazards and evaluate the acceptability of the controls associated with preventing undesired consequences to these processes. One observation of this work is that safety and security are closely related.
The Department of Energy (DOE) has created the Integrated Safety Management System (ISMS) [5] process to apply a systems approach to safety. This is part of the “Work Smart” process. [6] ISMS defines a five-function process for incorporating safety into the workplace that is almost identical to the system safety process.
As an aside, DOE never calls this a systems approach, nor does it use the term system safety. DOE is now testing the concept that the ISMS approach can be used for security. The above examples raise an interesting question. Should security be included in the definition of system safety? Is there a System Security Society (SSeS) or a System Surety Society (SSuS) on the horizon? Do we want to lead the way in this area?
In summary, I believe it is time to review the definition of system safety to make it reflect the world of today, and to help us better understand our profession and enlighten our associates and friends. A few ideas:
- The definition should include more than just military systems. Recognition of industrial systems, medical systems, software and more should all fit under the umbrella.
- The proactive, positive nature of system safety should be recognized. There should be more recognition of system engineering and management.
- There should be recognition of management decision-making.
- The environment should be addressed.
- The definition should be included in the Society’s Constitution.
A great deal of information could be included. You will have your own ideas. Decisions have to be made. Perhaps we should also promulgate a set of principles to support the definition.
References:
- MIL-STD-882D, “Department of Defense Standard Practice for System Safety,” Government Printing Office, February 10, 2000.
- Stephans, R.A. and Warner W. Talso, Eds. System Safety Analysis Handbook, System Safety Society, Unionville, VA, 1993.
- Clemens, Pat L. and Rodney K. Simmons, System Safety and Risk Management, National Institute for Occupational Safety and Health, Cincinnati, Ohio, March 1998.
- 29 CFR 1910.119, Process Safety Management, Government Printing Office, July 1972.
- DOE G 450.3-3, “Tailoring for Integrated Safety Management Applications,” U.S. Department of Energy, Washington, DC, February 1997.
- DOE G 450.3-1, “Documentation for Work Smart Standards Application: Characteristics and Considerations,” U.S. Department of Energy, Washington, DC, February 1997.
Warner Talso is a former New Mexico Chapter President and SSS Director of Member Services. He was the Treasurer of the New Mexico Chapter. Along with Dick Stephans, he was also co-editor of the System Safety Analysis Handbook, a renowned and landmark system safety publication.
(Photo: Warner Talso, right, receives the ISSS 1994 Educator of the Year Award from Mike Brown, left.)
Don’t miss our annual event. Register here.
Also by this author: