SYSTEM SAFETY PROGRAM: KEYSTONE TO A ROBUST SAFETY MANAGEMENT SYSTEM

As much as we all (especially engineers, who are a pragmatic and practical lot by nature) hate institutions and bureaucracy, they are necessary if we want to design safety in. We all seem to dislike bureaucracies because they appear to run amok

Procurement

FIGURE 4.3 Simplified organizational structure.

and not help us complete our mission—which is building and running technologi-cal systems. Institutionalized oversight, such as a safety program or SMS, at times can be wrought with overindulgence and a lack of understanding of how engineer-ing organizations and businesses function. Engineers many times feel that they are Joseph K., Franz Kafka’s antihero in The Trial, fighting unseen forces, staving off unarticulated critiques and criticisms from secret bureaucrats. Like Joseph K., engi-neers feel that their safety organizations (including federal and local government oversight) are secretly accusing them of being callous, but they won’t tell them exactly what they are doing wrong or how to fix it. And on top of that, they appear to hinder a pragmatic solution to the problem. This is the single most important negative that must be overcome in developing an effective SMS. In reality, it is not that difficult.

There is absolutely no reason why a good SMS, which is both effective and under-standing, cannot be put in place. It really is quite easy. There are many sources for information in designing and running SMSs; numerous existing successful safety programs you can copy, tailor, and implement as your SMS; and various organiza-tions willing to help. The rest of this chapter is dedicated to demonstrating how to set up a successful SMS, debug it, and keep it running. A sample SSPP (which is the cornerstone of the SMS) is included, distilled from various safety organizations in different industries. It is included here for you to use and tailor to your needs.

SMSs, whether developed for the aerospace, marine, food, or any other industry for that matter, all have certain concepts and elements in common. As explained in detail in Chapter 2, especially Figure 2.2, the safety organization within the SMS must follow a certain process. To refresh your memory, first, understand what you want to do (or protect, i.e., lives, hardware); then identify the hazards in the process;

analyze the hazards; evaluate the risks (including the costs and benefits); control or mitigate the unacceptable risks; verify that it is in place; and finally, document and periodically review the entire system. The SMS institutionalizes this system safety process. Simply put, if the safety organization does not apply the system safety pro-cess, then it is not a viable SMS.

4.4.1 e^LeMenTsofA s^ysTeM s^AfeTy p^rogrAM

There are almost as many safety programs as there are technological programs. The vast majority, in the United States, however, is rooted in two primary sources: the U.S. OSHA and the U.S. military. As stated in prior chapters, the need for safety regulations arose in different ways in different countries. However, because so many of them rest on the foundation and promulgation of OSHA and the military stan-dards, this chapter focuses only on those two. The 29 CFR 1910, U.S. Department of Labor, OSHA Regulations for General Industry, and Mil-Std 882, Military Standard System Safety Program Requirements, are the universally recognized and most often-cited safety standards.

The promulgation of the OSHA Act of 1970 has resulted in positive results for safety: the overall workplace death rate has been cut in half, brown lung disease has been virtually eliminated in the textile industry, and deaths from trench cave-ins have declined by 35%.

In spite of much debate in Washington, DC, about government safety oversight and how it hinders business, OSHA will not disappear. What is more likely is that it will be slowly reconfigured into a more modern bureaucracy. OSHA is already working toward a more flexible goal of increased safety with far fewer dollars. It also is seriously trying to forge new partnerships with states and businesses. The adversarial role is starting to change. The new OSHA is attempting fundamental organizational and operating change throughout the entire system. The cornerstone of that structure is the new OSHA partnership with states and businesses.

To enact this, OSHA is encouraging companies to put in place a strong and effective health and safety program. OSHA now is attempting an incentive-based approach. As the OSHA web page (U.S. OSHA, 1996b) states,

To encourage employers to reduce death and injury by implementing safety and health programs on a continuing basis, OSHA will grant an array of penalty adjustments based on the vigor and effectiveness of the program.

If, for example, OSHA finds, during the course of a workplace inspection that an employer has implemented a superior safety and health program, it will grant large reductions—up to 100%—in the penalties that would otherwise be assessed for viola-tions found. For employers who have less effective programs in place but are mak-ing good-faith efforts, OSHA will grant a slidmak-ing scale of incentives. To qualify, the employer’s program must include each of the recognized elements of a good safety and health program, which must be effective in practice and not just on paper. As evidence of a program’s effectiveness, OSHA will expect to find that the workplace has a low injury and illness rate, that the employer has in fact found and fixed most hazards, that the workplace has not been cited in the past three years for the gravest type of viola-tions, that the inspection was not prompted by an employee fatality or catastrophic accident, that any violations found in the current inspection are comparatively minor, and that the employer is prepared to correct any violations found.

An example is in the construction industry. Again, from the OSHA web page, if OSHA finds an effective safety program, OSHA will only inspect for the top four hazards: falls, electrocution, crushing injuries, and being struck by material or equipment. “If these hazards are well controlled, the inspector closes the inspection promptly and leaves the site. Conversely, where a safety and health program has not been established or is ineffective, OSHA conducts a complete site inspection, with full citations” (U.S. OSHA, 1996b).

For many years, the OSHA standard never really suggested very clearly what should be included in a safety management program. Safety management was based more on regulatory compliance of individual regulatory provisions, such as walking–working surfaces; means of egress; powered platforms, man-lifts, and vehicle-mounted work platforms; occupational health and environmental control;

fire protection; electrical; and hazardous materials. Each of these work areas had its own safety program compliance system. There was no overall safety program man-agement standard other than the OSHA Act of 1970, which states in part: “To assure safe and healthful working conditions” (Senate and House of Representatives of the United States of America in Congress, 1970). Emphasis was injury record keeping

and regulatory notification, in other words reactive, not preventive, management.

This is where a lot of the Kafkaesque feelings originated in industry.

In 1995, OSHA launched its New OSHA Initiative (U.S. OSHA, 1996b):

The new OSHA: OSHA will change its fundamental operating paradigm from one of command and control to one that provides employers a real choice between a partnership and a traditional enforcement relationship.

Common sense regulation: OSHA will change its approach to regulations by identifying clear and sensible priorities, focusing on key building block rules, eliminating or fixing out of date and confusing standards, and empha-sizing interaction with business and labor in the development of rules.

Results, not red tape: OSHA will change the way it works on a day-to-day basis by focusing on the most serious hazards and the most dangerous workplaces and by insisting on results instead of red tape.

It goes on to further state that it will nationalize the Maine Top 200 program.

OSHA has further evolved its government–industry into a strategic partnership (U.S. OSHA, 2013):

• In a partnership, OSHA enters into an extended, voluntary, cooperative rela-tionship with groups of employers, employees, and employee representatives (sometimes including other stakeholders and sometimes involving only one employer) in order to encourage, assist, and recognize their efforts to elimi-nate serious hazards and achieve a high level of worker safety and health.

• Partnering with OSHA is appropriate for the many employers who want to do the right thing but need help in strengthening worker safety and health at their worksites. Within the OSHA Strategic Partnership Program (OSPP), management, labor, and OSHA are proving that old adversaries can become new allies committed to cooperative solutions to the problems of worker safety and health.

• OSHA and its partners can identify a common goal, develop plans for achieving that goal, and cooperate in implementation.

• OSHA’s interest in cooperative partnerships in no way reduces its ongo-ing commitment to enforcongo-ing the requirements of the Occupational Safety and Health Act. While employers in partnership remain subject to OSHA enforcement, the OSPP provides them an opportunity to work cooperatively with OSHA and workers to identify the most serious workplace hazards, develop workplace-appropriate safety and health management systems, share resources, and find effective ways to reduce worker injuries, illnesses, and deaths.

• Most of the worksites that have chosen to partner with OSHA are small businesses.

Many businesses felt that OSHA can come in and close them down for no appar-ent reason. It was difficult for businesses to be proactive in safety managemappar-ent and therefore avoid OSHA audits. The 1992 publication of 1910.119, Process Safety

Management of Highly Hazardous Chemicals, changed all that. It is a safety manage-ment program based on OSHA’s hazardous waste regulations. Although it pertains to management of hazardous chemicals, it is extremely useful for other industries.

OSHA says the major parts of a safety program should include (U.S. OSHA, 1992)

• Employee involvement in process safety management

• Process safety information (right to know)

• Process hazard analysis

• Operating procedures and practices (the need for written procedures that incorporate safety controls)

• Employee training

• Contractors

• Pre-start-up safety

• Mechanical integrity (re: maintenance programs)

• Nonroutine work authorizations

• Managing change

• Investigation of incidents

• Emergency preparedness

• Compliance audits

Look at Figure 2.2 again. You can see that the OSHA standard approaches the SMS much better than it did before, but it still doesn’t really give you a way to manage the risk in the system or process. The process hazard analysis clause comes closest to that concept, but it still does not take into account the risks of the system—it only looks at the hazards. As we remember from Chapter 2, the hazards may be enor-mous, but the risk may be infinitesimal (e.g., another planet hitting the earth). Risk management is a necessary ingredient in the appropriate use of system safety. That is how you can still be safe and keep costs at a reasonable level.

State OSHA programs have further developed the concept. For example, the Maryland Occupational Safety and Health office states that the steps to developing an effective program are (Report, n.d.) the following:

Step 1: Develop a plan of action that includes management and employee involvement.

Step 2: Designate a person to be responsible for safety and health.

Step 3: Determine the safety and health requirements for your particular work-place and operation.

Step 4: Conduct a hazard assessment of the workplace.

Step 5: Correct identified hazards.

Step 6: Keep your workplace hazard-free; develop emergency procedures.

Step 7: Train employees in safety and health.

Step 8: Keep your program up to date and effective.

The U.S. military uses Mil-Std-882, which is a much more complete definition and application of SMS (see Table 4.5). Don’t be put off by the size of this matrix; the key is to tailor your particular operation to what is appropriate and drop the rest.

TABLE 4.5

Application Matrix for System Program Development

Program Phase

Task Title Task type MSA TD EMD P&D Q&S

101 Hazard Identification and Mitigation Effort Using the System Safety Methodology

MGT G G G G G

102 System Safety Program Plan MGT G G G G G

103 Hazard Management Plan MGT G G G G G

104 Support of Government Reviews/Audits MGT G G G G G

105 Integrated Product Team/Working Group Support

MGT G G G G G

106 Hazard Tracking System MGT S G G G G

107 Hazard Management Progress Report MGT G G G G G

108 Hazardous Material Management Plan MGT S G G G G

201 Preliminary Hazard List ENG G S S GC GC

202 Preliminary Hazard Analysis ENG S G S GC GC

203 System Requirements Hazard Analysis ENG G G G GC GC

204 Subsystem Hazard Analysis ENG n/a G G GC GC

205 System Hazard Analysis ENG n/a G G GC GC

206 Operating and Support Hazard Analysis ENG S G G G S

207 Health Hazard Assessment ENG S G G GC GC

208 Functional Hazard Analysis ENG S G G GC GC

209 System-of-Systems Hazard Analysis ENG n/a G G GC GC

210 Environmental Hazard Analysis ENG S G G G GC

301 Safety Assessment Report ENG S G G G S

302 Hazard Management Assessment Report ENG S G G G S

303 Test and Evaluation Participation ENG G G G G S

304 Review of Engineering Change Proposals, Change Notices, Deficiency Reports, Mishaps, and Requests for Deviation/Waiver

ENG n/a S G G G

401 Safety Verification ENG n/a S G G S

402 Explosive Hazard Classification Data ENG n/a S G G GC

403 Explosive Ordnance Disposal Data ENG n/a S G G S

Source: U.S. Department of Defense, Military standard, system safety program requirements, Mil-Std-882E, U.S. Department of Defense, Washington, DC, 2012, A-90.

Notes:

Task type—ENG, engineering; MGT, management.

Program phase—MSA, material solution analysis; TD, technology development; EMD, engineering and manufacturing development; P&D, production and deployment; O&S, operations and support.

Applicability codes—G, generally applicable; S, selectively applicable; GC, generally applicable to design change; n/a, not applicable.

The purpose of the 100-series tasks is to set up an effective system safety program in the corporate or organizational structure. These tasks establish the detailed pro-gram elements but also set up the safety organization, lines of organizational com-munication (as they pertain to system safety), and program milestones and establish the authority for resolution of identified hazards.

The SSPP is written by the contractor (or organization) to

• Describe program scope and objectives

• Describe the system safety organization

• Explain system safety program milestones

• Address general system safety requirements and criteria

• Describe the hazard analysis techniques and methodologies to be used

• Describe the approach for collecting system safety data

• Describe the safety verification process

• Explain the audit program

• List the type of safety training conducted for each category of employee

• Explain the incident reporting system (accident reporting)

• Identify the system safety interfaces between all the other engineering and corporate disciplines

The other 100-series tasks address in more detail the major elements of the SSPP.

The 200-series tasks explain engineering safety analyses to be performed. These tasks are actual system safety engineering analytical tools used to identify haz-ards and their controls in any technological system. Chapters 5 through 9 detail the numerous kinds of system safety engineering analytical tools available and give application examples.

The 300-series tasks focus on evaluating the risks in a program and the safety review of the engineering design process. The 400-series tasks (excluding the self-explanatory explosive safety tasks) concentrate on system requirements compliance and verification of safety controls.

In October 1972, the U.S. government promulgated the Consumer Product Safety Act. Where OSHA is concerned primarily with workplace safety, the Consumer Product Safety Commission is concerned with product safety. Specifically, the purpose is to “protect the public against unreasonable injury risks, assist consumers in evaluat-ing the product safety, develop uniform safety standards and promote research into the causes and prevention of product-related deaths, illnesses and injuries” (Kitzes, 1991). With so many different requirements for worker and product safety, how do you set up a good in-house program? The following section answers that question.

4.4.2 s^eTTing u^pA s^ysTeM s^AfeTy p^rogrAM

A system safety program documents the SMS. Table 4.6 is a sample SMS SSPP and is a best practice and practical compilation of the 29 SMS Elements; OSHA;

Mil-Std-882C; Consumer Product Safety Commission; OSHA Voluntary Protection Programs; numerous UK, European, and Australian national SMS guidelines;

and various industry SMS SSPPs. Use all sections listed in the following.

TABLE 4.6

In document System Safety Engineering and Risk Assessment- A Practical Approach, Second Edition (2014) (Page 120-127)