[SystemSafety] Two Process-Industry Accidents

Inge, James Mr James.Inge782 at mod.uk
Tue Jun 24 20:07:00 CEST 2014 

OK, I'll bite... I have to admit that, since moving from writing safety
policy to attempting to follow it, I haven't followed this list quite as
assiduously as I used to!  -- Disclaimer: the views in this post are my
own, not necessarily those of my employer!

I too like Martyn's description of a safety case: "an evidence-based
explanation of why it is believed that a system is safe enough to be
used in its intended application", and I think that having such a thing
is eminently sensible.

I work in the UK MOD, which has an unusually large scope of activity
compared to most non-military organisations.  In addition to the obvious
business of managing tanks, naval vessels and warplanes, we operate
schools, hospitals, ports, airports, railways, nuclear power plants,
communications networks, and vast swathes of real estate.  Across all
these domains, we use one single, oft-cited definition of a safety case:
"A structured argument, supported by a body of evidence that provides a
compelling, comprehensible and valid case that a system is safe for a
given application in a given operating environment"

What that means in practice varies greatly.  We have different policies
concerning the make-up of safety cases for different types of equipment,
and I have seen a wide variation in scope, size, format and level of
detail in safety cases from different areas.  I think that this is
necessary to an extent, as the type and amount of evidence required and
the structure of the argument will vary with the application.  That
said, I think that it can be quite easy to produce a safety case that
doesn't add much value, or stand up to too much scrutiny.

While I think that the Americans are right to look at safety cases with
a critical eye, I don't think that they should be dismissed out of hand.

Having just skimmed Steinzor's article, I would pick up on a couple of
points.  She argues that the safety case approach should not come to
America because of its confidential nature, the levels of risk tolerated
by the British system, and the resources necessary to implement a safety
case regime.

Safety cases do not need to be confidential - in fact the Railways
(Safety Case) Regulations 2000 required them to be publicly available
(reg 14(1)c).  In the Land domain in the MOD, we have guidance that
safety case reports should be made available to all stakeholders.

There is no reason that a US regime should not set its own rules for
tolerable levels of risk.  The HSE guidance in R2P2 is generic, but
there are more specific rules and guidelines set for particular hazards
(e.g. exposure to radiation or noise).  Safety cases are useful for
demonstrating that risks are ALARP, but as a tool they do not rely on
that concept. I believe they are being used (successfully?) in places
and applications where ALARP does not form part of the legal framework.

And I seem to remember that part of the justification for moving
offshore to a safety case regime was to reduce the resources required
for regulation...

Once you go beyond the one-liners quoted above, I don't think that there
can be any one-size-fits all definition of a safety case at a practical
level of detail.  I don't see any reason why an appropriate safety case
regime couldn't be established, tailored to the US offshore industry (or
other industries).

Regards,

	James.


-----Original Message-----
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf
Of Peter Bernard Ladkin
Sent: 24 June 2014 12:11
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Two Process-Industry Accidents



On 2014-06-24 08:55 , Peter Bernard Ladkin wrote:
> There are some useful articles which we didn't reference during the
discussion in January/February.
> An article by Rena Steinzor, a legal scholar at the Uni Maryland:
>
http://lawdigitalcommons.bc.edu/cgi/viewcontent.cgi?article=1695&context
=ealr  and a review by Peter
> Wilkinson of Nancy's paper on safety cases, on the CSB WWW site:
> http://www.csb.gov/assets/1/7/Wilkinson_Review_of_Leveson_Paper.pdf .
Dewi Daniels also suggested
> that he had reviewed Nancy's paper
http://www.systemsafetylist.org/0799.htm , but he hasn't shared
> his review with us (yet). Maybe he could?

For completeness, some more references.

Steinzor's article refers to James Inge's 2007 article on Safety Cases
in the SSS, with a version
also in ISSC
http://safety.inge.org.uk/20071115-Inge2007a_The_Safety_Case-U.pdf  It's
a useful read,
and well-written. James is here, so I'm a little surprised he didn't
chip in when we were discussing
what a safety case was in January.

Dewi Daniels pointed out that his review of Nancy's paper on safety
cases appeared on the York list
at http://www.cs.york.ac.uk/hise/safety-critical-archive/2012/0294.html

I suggest that the thread on Safety Cases in mid-2012 is worth looking
at again. I particularly like
Martyn's succinct statement at
http://www.cs.york.ac.uk/hise/safety-critical-archive/2012/0230.html
, as I said at the time.

PBL

Prof. Peter Bernard Ladkin, Faculty of Technology, University of
Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de




_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

More information about the systemsafety mailing list