Safety-II in Practice
Safety-I is defined as the freedom from unacceptable harm. The purpose of traditional safety management is therefore to find ways to ensure this freedom. But as sociotechnical systems steadily have become larger and less tractable, this has become harder to do. Resilience engineering pointed out from the very beginning that resilient performance an organisations ability to function as required under expected and unexpected conditions alike needed more than the prevention of incidents and accidents. This developed into a new interpretation of safety (Safety-II) and consequently a new form of safety management.
Safety-II changes safety management from protective safety and a focus on how things can go wrong to productive safety and a focus on how things can go well. For Safety-II, the aim is not just the elimination of hazards and the prevention of failures and malfunctions but also how best to develop an organisations potentials for resilient performance the way it responds, monitors, learns, and anticipates. That requires models and methods that go beyond the Safety-I toolbox. This book introduces a comprehensive approach for the management of Safety-II called the Resilience Assessment Grid (RAG). It explains the principles of the RAG and how it can be used to develop the resilience potentials. The RAG provides four sets of diagnostic and formative questions that can be tailored to any organisation. The questions are based on the principles of resilience engineering and backed by practical experience from several domains.
Safety-II in Practice is for both the safety professional and the academic reader. For the professional, it presents a workable method (RAG) for the management of Safety-II, with a proven track record. For academic and student readers, this book is a concise and practical presentation of resilience engineering.
Erik Hollnagel (PhD, psychology) is Professor at the Department of Regional Health Research, University of Southern Denmark and Chief Consultant at the Centre for Quality, Region of Southern Denmark. Erik is also Adjunct Professor, Central Queensland University, Australia; Visiting Professorial Fellow, Macquarie University, Australia; Visiting Fellow, Institute for Advanced Study, Technische Universitt Mnchen (Germany); and Professor Emeritus at cole des Mines de Paris (France) and the University of Linkping (Sweden). Since 1971, he has worked at universities, research centres, and industries in several countries and with problems from many domains, including nuclear power generation, aerospace and aviation, air traffic management, software engineering, healthcare, and land-based traffic. His professional interests include industrial safety, human factors, resilience engineering, systems theory, and functional modelling. He has published more than 350 papers and authored or edited 24 books.
Safety-II in Practice
Developing the Resilience Potentials
Erik Hollnagel
First published 2018
by Routledge
2 Park Square, Milton Park, Abingdon, Oxon OX14 4RN
and by Routledge
711 Third Avenue, New York, NY 10017
Routledge is an imprint of the Taylor & Francis Group, an informa business
2018 Erik Hollnagel
The right of Erik Hollnagel to be identified as author of this work has been asserted by him in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988.
All rights reserved. No part of this book may be reprinted or reproduced or utilised in any form or by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying and recording, or in any information storage or retrieval system, without permission in writing from the publishers.
Trademark notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe.
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this title has been requested
ISBN: 978-1-138-70891-4 (hbk)
ISBN: 978-1-138-70892-1 (pbk)
ISBN: 978-1-315-20102-3 (ebk)
Typeset in Garamond
by codeMantra
To my beloved wife Agnes
Contents
Figures
Tables
Like a child, resilience engineering has grown, although it has not yet come of age. It also has a date or at least a year of birth and possibly even a place. The first gathering of experts to discuss resilience engineering was in October 2004, in the Swedish town of Sderkping. This means that resilience engineering at the time of writing (2016) is 12 years of age. The gestation period was, however, rather long. The first noted use of the term was a presentation that David Woods made in 2000 for NASA as it considered how better to manage risky missions following a series of space exploration accidents (Woods, 2000). In parallel to that Hollnagel (2001) began to explore safety as a balance or imbalance in a key trade-off between efficiency and thoroughness, and this and other fundamental trade-offs have provided some of the theoretical foundations for resilience engineering (Hollnagel, 2009a). The development of resilience engineering from 2004 onwards has been documented in five books as well as numerous conference presentations and journal papers. More recently, the specific application of resilience engineering principles to healthcare has become a field of activity on its own called Resilient Health Care.
The practical interest in resilience engineering was noticeable from the very beginning. Part of the motivation for developing this new field of enquiry was a growing dissatisfaction, if not outright frustration, with the established approaches to safety analyses and safety management. Since safety generally was defined as the freedom from unacceptable harm, or words to that effect, the purpose of safety management was naturally to ensure this freedom. But as sociotechnical systems continued to become larger and less tractable, the much desired freedom became harder to obtain. Resilience engineering recognised from the very beginning that it was necessary not only to prevent incidents and accidents but also to ensure resilience defined as an organisations ability to function as required under expected and unexpected conditions alike. Resilience engineering thereby offered a new interpretation of safety management.
The difference between the two perspectives was accentuated by the introduction of the terms Safety-I and Safety-II as a way to clarify the purpose of safety management in todays world. Where a Safety-I perspective emphasises protective safety and thereby a focus on how things can go wrong, a Safety-II perspective emphasises productive safety and a corresponding focus on how things can go well. Although focusing on how acceptable outcomes come about and looking for ways to support them is neither new nor exotic, there were few concepts or methods in Safety-I that could contribute to do so.
The purpose of this book is to provide concepts and methods that can be used to manage Safety-II, or in other words concepts and methods that can be used to improve how an organisation functions as a whole and not just with regard to safety seen as the freedom from risk and harm. offers some thoughts on the changing face of safety and a hint of the way forward.
Chapter 1
Safety management anno 2016
Safety management has a brief but chequered history where the institutionalised concern for safety at places of work, in the sense of efforts to prevent harm to people, goes back about 200 years. The initial safety concerns focused on the harm and injuries that could befall people who were at work. This was understandable considering the nature of work, not least the nature of the relatively unsophisticated technology that was used. Seen from the perspective of industrial work in the second decade of the 21st century, the technology of the workplace in the 19th century was quite simple, not least because the level of automation was low. Work processes were also relatively independent of each other and would typically show the linear dependency of the assembly line. All this changed dramatically around the middle of the 20th century, not least because of the advent of new technologies and sciences: digital computers, telecommunication, cybernetics, and information theory. Technology became more powerful but also more complex, processes became more integrated and dependent on each other, customer demands to quality and reliability grew, and the pace of work increased relentlessly. Safety was no longer limited to the prevention of injuries to the people at work, but had to consider the possible hazards of the technology being used to customers, to innocent bystanders, and to society.
Next page