Re: [SystemSafety] Two Process-Industry Accidents

From: Inge, James Mr < >
Date: Tue, 24 Jun 2014 19:07:00 +0100


OK, I'll bite... I have to admit that, since moving from writing safety policy to attempting to follow it, I haven't followed this list quite as assiduously as I used to! -- Disclaimer: the views in this post are my own, not necessarily those of my employer!

I too like Martyn's description of a safety case: "an evidence-based explanation of why it is believed that a system is safe enough to be used in its intended application", and I think that having such a thing is eminently sensible.

I work in the UK MOD, which has an unusually large scope of activity compared to most non-military organisations. In addition to the obvious business of managing tanks, naval vessels and warplanes, we operate schools, hospitals, ports, airports, railways, nuclear power plants, communications networks, and vast swathes of real estate. Across all these domains, we use one single, oft-cited definition of a safety case: "A structured argument, supported by a body of evidence that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given operating environment"

What that means in practice varies greatly. We have different policies concerning the make-up of safety cases for different types of equipment, and I have seen a wide variation in scope, size, format and level of detail in safety cases from different areas. I think that this is necessary to an extent, as the type and amount of evidence required and the structure of the argument will vary with the application. That said, I think that it can be quite easy to produce a safety case that doesn't add much value, or stand up to too much scrutiny.

While I think that the Americans are right to look at safety cases with a critical eye, I don't think that they should be dismissed out of hand.

Having just skimmed Steinzor's article, I would pick up on a couple of points. She argues that the safety case approach should not come to America because of its confidential nature, the levels of risk tolerated by the British system, and the resources necessary to implement a safety case regime.

Safety cases do not need to be confidential - in fact the Railways (Safety Case) Regulations 2000 required them to be publicly available (reg 14(1)c). In the Land domain in the MOD, we have guidance that safety case reports should be made available to all stakeholders.

There is no reason that a US regime should not set its own rules for tolerable levels of risk. The HSE guidance in R2P2 is generic, but there are more specific rules and guidelines set for particular hazards (e.g. exposure to radiation or noise). Safety cases are useful for demonstrating that risks are ALARP, but as a tool they do not rely on that concept. I believe they are being used (successfully?) in places and applications where ALARP does not form part of the legal framework.

And I seem to remember that part of the justification for moving offshore to a safety case regime was to reduce the resources required for regulation...

Once you go beyond the one-liners quoted above, I don't think that there can be any one-size-fits all definition of a safety case at a practical level of detail. I don't see any reason why an appropriate safety case regime couldn't be established, tailored to the US offshore industry (or other industries).

Regards,

        James.

-----Original Message-----
From: systemsafety-bounces_at_xxxxxx [mailto:systemsafety-bounces_at_xxxxxx Of Peter Bernard Ladkin
Sent: 24 June 2014 12:11
To: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Two Process-Industry Accidents

On 2014-06-24 08:55 , Peter Bernard Ladkin wrote:
> There are some useful articles which we didn't reference during the
discussion in January/February.
> An article by Rena Steinzor, a legal scholar at the Uni Maryland:
>

http://lawdigitalcommons.bc.edu/cgi/viewcontent.cgi?article=1695&context =ealr and a review by Peter
> Wilkinson of Nancy's paper on safety cases, on the CSB WWW site:
> http://www.csb.gov/assets/1/7/Wilkinson_Review_of_Leveson_Paper.pdf .
Dewi Daniels also suggested
> that he had reviewed Nancy's paper

http://www.systemsafetylist.org/0799.htm , but he hasn't shared
> his review with us (yet). Maybe he could?

For completeness, some more references.

Steinzor's article refers to James Inge's 2007 article on Safety Cases in the SSS, with a version
also in ISSC
http://safety.inge.org.uk/20071115-Inge2007a_The_Safety_Case-U.pdf It's a useful read,
and well-written. James is here, so I'm a little surprised he didn't chip in when we were discussing
what a safety case was in January.

Dewi Daniels pointed out that his review of Nancy's paper on safety cases appeared on the York list
at http://www.cs.york.ac.uk/hise/safety-critical-archive/2012/0294.html

I suggest that the thread on Safety Cases in mid-2012 is worth looking at again. I particularly like
Martyn's succinct statement at
http://www.cs.york.ac.uk/hise/safety-critical-archive/2012/0230.html , as I said at the time.

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de



The System Safety Mailing List
systemsafety_at_xxxxxx

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Tue Jun 24 2014 - 20:07:24 CEST

This archive was generated by hypermail 2.3.0 : Wed Feb 20 2019 - 20:17:06 CET