By John Covan

[Editor’s note: This opinion piece originally appeared in Vol 35 Issue 4 of Journal of System Safety in 4Q 1999. It has been reformatted from the original, but the text is otherwise unchanged.]

I‘d like to begin a debate about the role of system safety in business.

I have often heard the complaint that safety (in particular, system safety) is viewed by system developers as a necessary evil – something that must be tacked on after the important decisions are made about system architecture and function. How many of us have heard, when trying to inject system safety into a new project, “Come back later, it’s too early for us to talk to you just now”?

Of course we know that to be maximally effective, system safety must be fully integrated from day one. But if we act as if system safety is at the top of the list and argue for our presence based on our company’s slogan (let’s assume it is “Safety is job one”), we will never achieve this integration.

In my opinion, nobody in upper management of the typical company believes that safety is the top priority. This simply reflects the cold, hard facts of business. In his March 1998 Atlantic Monthly article on the crash of ValuJet Flight 592 into a Florida swamp, William Langewiesche writes, “Safety is never first, and it never will be, but for obvious reasons it is a necessary part of the venture.” What venture? The business venture.

So what if you don’t work in the corporate, for-profit world? Does that mean you, as a government or military employee, are exempt from the “business” mindset? No, not for at least the last decade or two. Let’s face it, all the outfits we work for boil down in the end to a business of some sort, competing to produce goods and services and maintain the status quo. Maybe they don’t have a profit line, but they work pretty hard to grow their budgets.

Business people (including project leaders and upper management) tend to focus on words like functionality, marketability, cost and schedule. And why shouldn’t they? If they don’t tend to these issues, their business —- whether product or service – is at risk of failing from loss of competitiveness or other business deficiencies. But safety is not their long suit, and that does hurt their business.

Now, nearly three-and-a-half years after the crash, the lawsuits are still making the news. It was a high consequence event, especially in the business sense. One would think that the airline industry would have gotten busy and hired a phalanx of system safety experts to improve things. But recent press releases tell of improper hazardous materials shipments (the reason the ValuJet flight went down) continuing to flood the airways.

Consider the demise of the billion dollar offshore oil-drilling platform Piper Alpha by fire and explosion in the North Sea in 1988, with the loss of 167 lives. System safety could undoubtedly have prevented the accident by re-emphasizing safety culture as a necessary part of the profit motive, for example. And system safety could have mitigated the horrible consequences by redesigning the rig’s survival systems when the decision was made to retrofit for gas production. Yet the platform design and its management enjoyed no such benefits, and the system blundered forward to a predictable, catastrophic end. The business impact was a bitter pill to swallow – Occidental Petroleum left the North Sea, never to return.

So what’s wrong with this picture? It’s that missing or inadequate system safety is a business risk – just like any other business risk. Sounds simple, right? I don’t think so. If it were, I wouldn’t be writing this essay. The temptation for upper management to separate safety from other business concerns is strong. As long as this way of thinking persists, system safety will continue to be a day late and a dollar short.

To my way of thinking, the only road to success is convincing the powers responsible for designing, building and running systems to add system safety to their business toolkit. These people must become active partners in the process and understand it to its core. Only then will our tasks be elevated to the importance they deserve.

So what can be done to turn things around? Probably lots of things like educating the business community, CEOs and the like. Perhaps we can start with the SSS. What can we do to attract such an audience? Or, are there other avenues to changing the culture of the business community?

I would like to hear your opinions. I believe the SSS has a golden opportunity to reinvent itself and become inclusive of a broader audience. If we don’t, we will remain a bunch of specialists talking to ourselves.

About the Author

At the time of writing, Dr. John Covan was the Vice President of the New Mexico Chapter of the International System Safety Society and was a senior member of the technical staff with Sandia National Laboratory.

by Brian M. Moriarty

[Editor Note (2022): This President’s message originally appeared in Vol 15 Issue 6 of Hazard Prevention (now Journal of System Safety) in Sept-Oct 1979. It has been reformatted from the original, but the text is otherwise unchanged.]

EDITORS NOTE (1979): The following presentation was made by our Society President Brian Moriarty on July 10, 1979, at the opening of the Fourth International System Safety Conference in San Francisco. It is reproduced for the benefit of the many members who were unable to attend the conference so each one may comment on the society’s objectives as Brian outlines them.

We have come to San Francisco to exercise our hazard control techniques. In many ways it is rather opportune that the entry of Skylab is not mapped over this area and I must compliment the committee on good planning for this time and date and the invitation sent to the many of us from the Eastern section of the United States who can join you here. With the last trajectory path of Skylab that I remember the termination path was going to cross Washington D.C. Therefore, I know that judicious use of the hazard control techniques has been exercised in seeking the Western region for this conference. However, I still remember the warnings given by NASA that we should keep away from the top floors of buildings to assure that we have no penetrations through the roof.

Our challenge […] should focus on developing system safety efforts that are “more effective, meaningful and comprehensive”.

I particularly remember our System Safety Conference in 1973 at Denver when Guy Cohen was able to give us first hand information regarding Skylab and its problem with the solar panel deployment. In many ways it is rather ominous that this time this satellite is with us again now in another phase of its life cycle, that being termination rather than initiation. This truly represents a life history of a particular project that many of you have personally followed with intense interest as System Safety Professionals.

The year of 1979 has been a year of action for Safety…perhaps in a manner that many of us did not expect nor anticipate related to accidents. The BART tunnel fire, Three Mile Island incident, DC10 accident and subsequent grounding, Nuclear waste disposal, asbestos disclosure, railroad derailments and collisions, pollution of chemicals in waste areas, etc. We learn from accidents in an even more penetrating manner that we, perhaps, exert in the initial design and development phase. However, it is quite obvious to us that the avoidance of accidents must come from the realization that a more thorough and complete examination of products and systems must be performed “up-front” in the concept, design and development and production and testing areas. A frontal attack to gain top management visibility and commitment on this need for examination is a clear and distinct mandate. The “cause and effect” relationship between the potential of hazards must be thoroughly disclosed and the alternatives for control must be acknowledged for action.

Yet I think you would all concur that this must not be “Cosmetic” as Chuck Childs very strongly brings out in his recent article in Hazard Prevention. If we, as System Safety Professionals, are going to be able to contribute to the hazard identification and control it means incisive questioning about the operation of a system and the use of a product…to the extent that the System Safety Professional becomes the “System Integrator“: System Safety in many ways grew out of the System Engineering discipline where it was totally necessary to know all facets of the design, production, operation and maintenance requirements with the perceiving examination of action to take in emergency when failures occur in the product or the system. We understand System Safety as a total examination in all aspects of the Life Cycle of the product or system to distinguish the eminent hazards, to identify the controls that can be applied, and to evaluate the risks associated with the types of controls that are available.

The very reknown Physicist Max Born commented on the nature of the Universe in pointing out that most things can be ruled into the “possible occurrences” and the “impossible occurrences.” However, he went one step further in recognizing that the controls to these situations occurring can be “sensibility” is a part of the examination of controls, so that “insensible” things do not become a reality. The direction of the System Safety professional is in acknowledging a practical, realistic basis of consideration of his findings that is attuned to “‘potential of the hazard” occurrence and “reasonableness of acceptability?”

There has been tremendous advancements in Science and Technology in the last years to increase the complexity of the hardware and controls of products and systems. This, in turn, has made it more difficult to perform System Safety Analysis. The incorporation of software and hardware has created the requirement to carefully understand the close relationship that these elements have. The rapid advancement of automated missile systems, controlled by a myriad of software programs has necessitated copious detailed analysis of the software and its impact in leading to undesired events for the missile. These same architectural happenings are occurring in rail transit, energy systems, space technology, automobiles, and manufacturing and construction areas, to name a few. A challenge that exists is for System Safety to continue to develop techniques and methods to assure the better understanding of software and hardware hazards and provide the total umbrella of knowledge of hazard detection before the equipments become operational.

The Three Mile Island incident has surfaced a unique problem in the ability to follow through with System Safety Analysis and corrective action methods from design to procurement, to installation, to operation and full turnover to responsive ownership.

The challenge that exists, in this instance, is to provide the safety management methods to assure that a total disclosure of hazards is done not only by the designer, but also by the installer, the user and the maintainer. Where needed proper regulation oversight may also be required to follow a consistent thread of safety in design to safety in practice. Again the life cycle aspects of System Safety bring us to the realization that performing the System Safety task in one element is NOT ENOUGH.

It must be accomplished across the board and traceability provided for all parties in order to not neglect responsive hazard control action.  In setting a course for the following year I have some basic goals that I would like to state to you and also have the chance to hear back from you concerning the method to implement them.

Our challenge for the 1980s should focus on developing system safety efforts that are “more effective, meaningful and comprehensive”. Special attention should be given to a true appreciation of the benefits, costs, risk assessment, criticality, and priorities for accomplishment of safety tasks and objectives.

Performing the System Safety task in one element is NOT ENOUGH.

The Society must improve its ability to provide to the membership basic knowledge concerning new and improved techniques, technical and management information, and to implement progress being achieved in academic education and membership professional development.

The Society’s objectives should be to provide meaningful services to its members and its officers should provide dynamic leadership to cooperatively advance the professional interests of its members. Specifically the following goals during this period are offered:

• To develop positive System Safety Education and Training Programs. This involves encouraging academic training in system safety and continuing mini-symposia on specialized topics for cooperation and support of safety conferences.
• To support activities that will result in professional development.
• To improve cooperative relationships with other organizations and Societies (around the World) with common objectives to facilitate exchange of information.
• To expand the recognition of Safety professionals by annual awards such as Safety of the Year, Safety Scientist of the Year, Safety Educator of the Year, Safety Manager of the Year, etc.
• To formulate and develop System Safety consensus standards for definition of program requirement standards relating to product and system safety development.
• To actively encourage more professionals to join in Society membership and participate in Society activities.
• To coordinate with legislative actions involving System Safety.
• To communicate to System Safety professionals in all fields through chapter activities, mini-symposia, conferences, and international activity.
• To expand and improve our means of the exchange of ideas, concepts, information, methods by increasing size and frequency of publications such as Hazard Prevention, the Journal for the SSS, Chapter newsletters, Conference proceedings, and other written publications.
• To encourage more company and group affiliations for System Safety instruction of all engineers in undergraduate programs.
• To encourage more company and group affiliations for System Safety Society membership.
• To make the System Safety Society a recognized “international forum” for the exchange of information on product and system safety.

The accomplishment of these goals is dependent upon the cooperation and participation of the membership. Every effort will be made to create and increase the opportunity for active involvement of the membership at all levels. The strength of the Society rests in each one of us performing at some level of activity and actively accepting some responsibility as a professional toward improvement of himself and thereby increasing the stature of the Society.

[Editor Note (2022): Brian M. Moriarty was a Past President of ISSS as well as the co-author of the book System Safety Engineering and Management.]