Four Steps for Managing Safety. Qualitative Approach. Gilles MOTET.

Transcription

1 LECTURE NOTES LECTURE IN NOTES SAFETY IN SCIENCE SAFETY SCIENCE Four Steps for Managing Safety Qualitative Approach Gilles MOTET

2 Reproducing this document This document is licensed according to the Creative Commons Attribution, Non-Commercial, and Non-Derivative licence. You are free to share (copy, transmit and distribute) the document under the following conditions: Attribution. You must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work). Non-commercial. You may not sell this document. No derivative works. You may not alter, transform or build upon this work. You can download this document and others in the «Lecture Notes in Safety Science» collection, from the «Safety Engineering & Management» website: Liability The opinions presented are those of the authors Publisher The «Lecture Notes in Safety Science» collection is published on the behalf of National Institute of Applied Sciences in Toulouse (France). INSA Toulouse 135 avenue de Rangueil Toulouse cedex 4 France Improvements To suggest improvements to the content of this document or to propose a new publication, please contact: lnss@insa-toulouse.fr

3 1 Rationale CONTEXT Let's take a quick look at the context of this unit which is summarized in Figure 1. Any organization (whether an SME, a multinational or an individual) has several objectives to achieve: design, produce and market a product, make money and build a reputation, complete a task by a given date, etc. The field of industrial safety focuses on two of these objectives: safeguarding peoples' health (including company employees) and preserving the quality of the environment. In order to achieve these objectives, an organisation establishes an Action Plan (between the dates t0 and t1 in Figure 1). The purpose of implementing this Action Plan is to achieve the objectives assigned in t2. However circumstances, that we have grouped for ease of reference under the word hazards for now, can lead to disruption of the action plan execution and prevent the achievement of intended objectives. The disruptive event is called an accident. The consequences of the accident with regard to the objectives are called harms. Figure 1. Context,

4 In that our aim is to achieve our objectives, which in our case means to preserve peoples' health and the environment whatever the circumstances, we have to prevent the risks of the chain reaction hazard-accident-harm from occurring. A COMMON FRAMEWORK Previously, we saw that the definition of the term safety depends on the perspective from which it is considered. We introduced three of those perspectives (Qualitative, Quantitative and Managerial). We saw that they lead to three distinct approaches to safety management. Nevertheless, the various approaches have a common framework. They are implemented in four steps each with their respective goals: risk identification, risk analysis, risk evaluation and risk treatment. This document will introduce the aims of each step. The means to implement each of these steps (models, techniques and methods) will be presented in the following parts of the training. They often depend on which approach is being considered. Before looking at the means, however, it is fundamental to fully understand the part each step plays, and how it contributes to efficient industrial safety management. 1

5 2 Risk Identification GOAL ISO defines Risk Identification as the process of finding, recognizing and describing risks. This step seeks to answer the question: what are the possible risks? Or in our case: what is the potential harm and which circumstances could lead to that harm? The definition emphasizes two concerns: One is methodological: finding and recognizing risks; The other relates to model: describing risks. We'll see that these two aspects are closely linked since our idea of what risk is will lead us to the risks we are likely to find. Abraham Maslow in the Psychology of Science (1966) reminds us that It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. We have already mentioned that the term safety can be approached from several perspectives. This holds true for the means to identify them as well. This diversity can also be found within a given approach. Certain general guidelines can nonetheless be presented here until the next part of the unit on frequently used means. AN EXAMPLE If you're in a shower that has an electric light in it, the risk of electrocution must necessarily be identified. It could be that the house has an ultrasensitive differential that will prevent bodily harm and cut the power off via the trip switch. It matters not at this stage as this is not the time to take such elements into account. As long as a source of electrical energy is present, the risk of electrocution exists and must be identified as such. 4

6 IN SUMMARY Imagination must be given a free rein during the identification step. It is essential to be as exhaustive as possible in identifying risks as only those on the list will be dealt with later and of course treated in order to maintain safety and prevent harms from occurring. The purpose of this step is not to ask oneself if the risks are real ones but to be as exhaustive as possible in listing them. Only later, during the risk analysis step, will we then sort through the list of identified risks. Risk recognition will be followed up with risk description: a modelling activity that will enable risks to be understood by a variety of people and may also be used in the subsequent step of Risk Analysis. Risk models must be kept simple because their aim is to emphasize what could happen to mar health preservation and the quality of the environment. Details, such as how these circumstances come about, do not need to be included. Here again, such a justification would belong to the analysis step. 7

7 3 Risk Analysis GOAL ISO defines Risk Analysis as the process to comprehend the nature of risk and to determine the level of risk. This definition therefore includes two activities: 1. Understanding the nature of risk helps to recognize the real risk factors (for the case in hand) that influence the occurrence of harms. For example, when observing a bathroom we identified an electrocution risk due to the presence of an electric lamp in the shower. The analysis will first show that the severity of the harm depends on the voltage, and that the likelihood of such an accident depends on the height of the ceiling. Voltage and a high ceiling are two useful factors for understanding the nature of this risk. 2. Determining the level of risk, that is assessing risk attributes. a. With a qualitative (or deterministic) perspective, a single attribute is taken in to consideration: the occurrence of the accident. It can take on two possible values: the accident can occur or the accident cannot occur. During the analysis phase, we will therefore try to establish whether or not an accident could occur. b. With a quantitative perspective, two additional attributes are often included: The likelihood of an accident occurring measured in terms of frequency or probability, and The severity of the harm. 8

8 AN EXAMPLE Let's keep the example of the electrocution risk, with the light in the shower. The manner in which the shower is used together with the height of the ceiling indicate that the probability of contact with the source of electricity is rare (on a scale of likelihood). Furthermore, the analysis shows that the light uses a 12volt charge which causes bodily harm estimated to be insignificant on a severity scale. The risk factor values (height and voltage) therefore enable the assessment of both risk attributes (the likelihood of an accident and the severity of the harms). This example shows that risk factors aren't solely aggravating ones. They also include the means to control the existing risks which are often called safety barriers. For example, a house equipped with an ultra-sensitive circuit breaker, means that the risk of electrocution that was identified can be considered insignificant, even with a 220 volt current. Without the circuit breaker, the severity of the electrocution risk would be considered fatal. IN SUMMARY So there are many new terms to become familiar with here! Risk analysis is no trivial matter. But there's no need to be concerned as we shall be reviewing this in more detail at a later stage. For the moment, the most important thing to remember is that risk analysis seeks to answer two questions: Why do harms occur? This involves understanding the nature of risk (determination of risk factors) and How great is the harm that can occur? This involves the degree of risk. The identification process sought to assess Can harms occur. The various factors of risk highlighted in the analysis will enable us to understand if the previously identified risk is real. <

9 4 Risk Evaluation The ISO norm defines Risk Evaluation as the process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable. This evaluation can be broken down in to two steps: 1. The combination of risk attribute values in order to obtain a level of risk. We combined the likelihood of an accident occurrence with the severity of the harms. In our example, the likelihood of electrocution from the lighting in the bathroom which was assessed as rare when combined with the 12 volt current considered an insignificant harm, lead us to consider that this level of risk is negligible. 2. The second step determines whether the level of risk can be qualified as an acceptable risk or not. In general, with a quantitative perspective, a risk threshold is specified. The levels that are lower or equal to this threshold are considered acceptable and the levels higher than the threshold are qualified as unacceptable. Figure 2 below gives level of risk metrics that include 4 values: {Negligible, Low, Intermediary, High}. This Figure also shows that levels lower or equal to the threshold are considered acceptable. =

10 Figure 2. Level of Risk and Acceptability >?

11 5 Risk Treatment GOAL The ISO norm defines Risk Treatment as a process to modify risk. In the field of industrial safety, this modification boils down to lowering risks (risk reduction) in order to bring unacceptable levels to below the threshold, thereby making them acceptable as can be seen below in figure 3. Figure 3. Risk Reduction Amongst the risk reducing principles, two main ones emerge: Prevention that reduces the likelihood of an accident, and Protection that reduces the severity of the harm. >>

12 AN EXAMPLE For example, prevention could take the form of limiting access to a machine to the sole periods when it is absolutely necessary, such as for maintenance or for training users of the machine on the risks involved. These forms of prevention lower the probability of an accident. Wearing security equipment such as a helmet is a means of protection: it reduces the severity of the harms (the consequences of accidents). >

13 6 Risk Management This document has highlighted the various tasks that are useful to Risk Management in order to achieve the targeted level of safety: identification, analysis, evaluation and treatment. At this point, it is critical to fully understand the role each of these tasks plays and how they are connected. The following parts of the training will detail how each task is implemented. Beforehand, however, it is important to point out that the sequential process of the 4 tasks often has to be repeated as symbolized in Figure 4. This is particularly so when the treatment of risks can, in itself, introduce new risks that need to be identified, analysed, evaluated and treated. Figure 4. A Cyclical Activity >,

14 AN EXAMPLE Let's consider an LPG (Liquid Propane Gas) tank. Let's assume that we've highlighted a risk of explosion due to overpressure in the tank (Risk identification). The likelihood of this explosion occurring is evaluated as rare ; however it would have catastrophic consequences (Risk analysis) that are considered as unacceptable (Risk evaluation). As a result, we decide to lower the risk of an explosion by reinforcing the tank as this considerably reduces the likelihood of an accident because inordinate levels of pressure would have to be reached for an explosion to occur. The risk is nonetheless considered as unacceptable, not only because of the severity of the consequences on peoples' health but also because of the negative impact on the gas company's image. A new risk has been identified (companies reputation). In order to avoid this explosion a safety valve is installed that is set to go off when the pressure reaches a level well below that required for the tank to explode. No further explosion is possible: at normal temperature, the risk of an explosion has dropped to zero. Our mission seems accomplished. Or is it? In fact, the gas released by the safety valve creates new risks, such as a fire, for example. This fire could have several consequences on the local population and on the surrounding buildings. It could also bring the tank up to very high temperatures and therefore very high pressure levels, thereby causing an explosion. The means with which the first risk was treated introduced new risks and even reactivated the first risk. It is imperative therefore to reiterate the 4 previous tasks to find a compromise that makes each of the risks acceptable. To bring this document to a close, I would like to point out that the implementation of the third perspective on uncertainty management (see Several Perspectives on Safety ) will not be covered by the 4 steps introduced. Other tasks will be exposed later on to deal with uncertainties. >1