Safety Management problems

Erik Hollnagel, Ph.D.

Professor emeritus LiU (S) -- Mines Paristech (F) -- SDU (DK)
Visiting Professorial Fellow, Macquarie University, Sydney (Australia)
E-mail: hollnagel.erik@gmail.com
© Erik Hollnagel, 2024
The main problems with safety

Problem #1: safety is not accurately

defined.

Problem #2: safety is a result of historical

and psychological fragmentation

Problem #3: safety is better known by its

absence than by its presence

© Erik Hollnagel, 2024

How do we think about safety?
When we think about safety, we usually think
about accidents – about (low probability) events
with unacceptable outcomes.

The central aim of safety management is therefore

to prevent such events.

Old French sauf, meaning ‘uninjured’ or ‘unharmed’.

A system is safe if as Latin salvus. meaning ‘uninjured’, ‘healthy’, or ‘safe’.
Safety = without injury
little as possible
goes wrong.

© Erik Hollnagel, 2024

Avoid the safety maelstroem!

© Erik Hollnagel, 2024

The definition problem

Problem #1: safety is not accurately

defined.

“Safety is the state in which the risk of harm to persons or of

property damage is reduced to, and maintained at or below,
an acceptable level through a continuing process of
hazard identification and risk management.

“Safety is the state in which the risk of harm to persons or of

property damage is reduced to, and maintained at or below,
an acceptable level through a continuing process of
hazard identification and risk management.

Acceptable level = affordable cost

© Erik Hollnagel, 2024
Still more definitions

“Industrial safety can be defined as

the ability to manage the risks
inherent to operations or related to
the environment. Industrial safety
is not a dislike of risks; rather it is a
commitment to clearly identify
them in relation to production
operations, assess them in terms of
quality and quantity, and manage
them.”

The WHO defines health as “a state of complete physical,

mental, and social well-being and not merely the absence of
disease or infirmity’. Safety would in this manner be
defined as more than the absence of accidents and incidents.

safety is not merely the absence of accidents and incidents

© Erik Hollnagel, 2024

A contemporary definition
Reliability is a dynamic non-event … it is an ongoing condition
in which problems are momentarily under control due to
compensating changes …Weick,(1987, p.116).
Safety is a dynamic non-event … it is an ongoing condition
in which problems are momentarily under control due to
Karl E. Weick compensating changes .

Accidents are events and the absence of accidents are

Non-events (nothing happens).

© Erik Hollnagel, 2020

Managing safety by its absence!
Acceptable

Time
Unacceptable

Limi
unac t of
perfo ceptable
rman
ce

Harmful events attract Events are analysed step-by-step.

attention. But they are Prevention/responses are developed
rare and isolated. for each problem found.
© Erik Hollnagel, 2020
Problem #2: safety is a result of historical
and psychological fragmentation

© Erik Hollnagel, 2024

Organisations as silos
The departments of an organisation usually work in silos,
as if they were independent of each other.

A fragmented view
can lead to short-
sighted changes and
antagonistic
solutions.

There are both historical and psychological reasons for

this fragmentation.

© Erik Hollnagel, 2024

Organisations as silos

CEO

Reliability Safety Production Quality Client

Manager Manager Manager Manager Manager

Customer
Assets Maintenance Operations Sales
relations

© Erik Hollnagel, 2024

Historical fragmentation
Safety - Reliability Engineering
Industrial Accident (Technology)
Prevention PSA
Root cause analysis Calculate component
Accident pyramid reliability
“Safety-I” Quality -
Economic control of quality Human Reliability
Assessment
“human error”
1931

Shewhart cycle / SPC

Assignable / common
Productivity - causes High Reliability Organisations
Scientific PDCA / PDSA Safety culture
Management

1957
Task decomposition
Specialisation

1984-86
1979
Standardisation
1911

1931

1910 1930 1950 1970 1990 2010

© Erik Hollnagel, 2024

Historical fragmentation
Each problem area was addressed at the time it was
recognised and solved by the means then available then.

The result was specialised departments with

PRODUCTIVITY
separate models, methods, and cultures (silos).
QUALITY
The main ideas have been
SAFETY
transferred from one area to
the next: Decomposition,
RELIABILITY linear causality, focus on
failures.

This has created a

fragmented view that
continues to dominate.

© Erik Hollnagel, 2024

Psychological fragmentation
Limited span of attention:
vigilance and STM capacity
Information Input Overload
(channel/processing capacity)

Understanding by decomposition:
breaking the complex into its elements.
Bounded rationality
Efficiency-Thoroughness Trade-Off (ETTO)
© Erik Hollnagel, 2024
Resilience engineering
Resilience is an expression of how people – alone or together – cope with
everyday situations - large and small – by adjusting their performance to
Outcome
the conditions. If as much as possible goes well – there will be few safety
value problems.
Positive

Time

Limi
t
Negative

unac of
perf ceptable
orma
n ce
Safety is not an issue for Resilience
Engineering is not concerned about safety.
© Erik Hollnagel, 2017
The existence problem

Problem #2: safety is better known by its

absence than by its presence

© Erik Hollnagel, 2024

What is safety?

Professor James Reason

Safety is defined and measured more by its absence than by its presence.
Reason, (2000, p. 4).
If safety is absent, then how can it possibly be managed?
And how can you learn anything from it?

© Erik Hollnagel, 2020

Presence or absence of safety? sa
fe ly

safely

If safety is present,
there will be no Accidents are due to
accidents a lack of safety

© Erik Hollnagel, 2023

The safety Legacy

The safety legacy provides two related

guidelines

Guideline #1: The safety mantra

Guideline #2: The Heinrich dogma

(Heinrich’s curse)

© Erik Hollnagel, 2024

The safety mantra

This is what responsible people

(Managers, politicians often say
when an accident has happened

“We assume full responsibility for this tragedy and express our
deepest condolences to the family and are committed to
supporting them. We are thoroughly investigating what
occurred to prevent this from ever happening again.”
© Erik Hollnagel, 2023
The Heinrich dogma
It is widely accepted as true that “the cure of a given
troublesome condition depends primarily upon
knowledge of its cause and the elimination, or at least
the mitigation, of that cause” HEINRICH
(Heinrich, 1931, p. 38).

Is this statement still valid in

2024 93 years later when work
environments are completely
different?

© Erik Hollnagel, 2023

 Two ways of learning sa
fe ly

safely
The accepted safety “wisdom” is that we must learn from accidents

Safety-I: Learning from

accidents and failures only
tells you what not to do and
what to prevent or avoid

Safety-II: Learning from all

operations can tell you what
to do and what to support
and facilitate

© Erik Hollnagel, 2023

Regulator’s paradox sa
fe ly

safely
“The task of a regulator is to eliminate variation, but this variation is the
ultimate source of information about the quality of its work. Therefore,
the better the job a regulator does the less information it gets about how
to improve.”

In other words: No accidents means no learning.

If accidents are exceptional, then learning also becomes exceptional!
© Erik Hollnagel, 2023
A single issue is not enough
It is not enough to look at issues in isolation or at just one criterion for a system’s
performance. We need to look at other criteria as well.
Each issue represents a special concern for the system’s performance, with its own
tradition, methods, models, and vocabulary.

Safety Quality Reliability Resilience

Issues must be looked at together. Management should consider a system’s

performance as a whole rather than issue by issue.

© Erik Hollnagel, 2024

One system or five?

Safety management as much as possible goes well

Quality management quality is as high as possible

Manage
system as many goods and services as
Production management performance possible are produced
to ensure that
customers satisfaction is as
Customer management
high as possible
Reliability management reliability is as high as possible

Is this about the same system

or five different systems?

© Erik Hollnagel, 2024

From safety to safely
0
Safety-I leads to Vision Zero,
that there are few or no accidents
Managing safety
by finding and eliminating causes
100
Safety-I leads to Visio Centum,
that as much as possible goes well
Managing safely
by enhancing the systemic potentials
© Erik Hollnagel, 2024