www.irishrail.ie managing the risk of organisational accidents peter cuffe chief safety &...
TRANSCRIPT
www.irishrail.ie
Managing the Risk of Organisational Accidents
Peter CuffeChief Safety & Security Officer
Irish Rail
International Railway Safety Conference 2007
Goa, India
Railway Organisation
Safety Professionals
Society
Individual Accidents– A specific persons– Agent and victim– Limited scope
Organisational Accidents– Multiple causes– Many people– Devastating consequences– Often a product of technological innovation
Organisational Accidents are the result of
highly complex coincidenceswhich are rarely foreseen
by those involved.They are unpredictable because of
the large number of causes and the spread of information
over all the participants
Cost of Protection greatly exceeds the dangers
Cost of Protection greatly exceeds the dangers
Protection falls far short
of required level
Better defences convert to improved
production
Better defences convert to improved
production
Post Accident response measures
Better defences convert to improved
production
Post Accident response measures
Relaxation with further improved
production
Better defences convert to improved
production
Post Accident response measures
Relaxation with further improved
production
Catastrophic Disaster
Examples of Improved Production
• Invention of the Davy Lamp– Extract coal from
more dangerous areasMine accidents increased
• Introduction of Marine Radar– Travel faster in fog or busy waters
Marine history littered with “radar assisted” collisions
Dangers of the Un-Rocked Boat
A lengthy accident-free periodSteady erosion of protection
Easy to “forget to fear” Increasing production,
without extended defences, will erode safety margins
Production v Protection
Partnership is rarely equal– Production creates the resources for protection
Process managers have production skillsProduction information is:
Direct, Continuous & Easily Understood
Production v Protection
Partnership is rarely equal– Successful Protection shown by
Absence of Negative Outcomes– Information is indirect or intermittent– Hard to interpret, often misleading– Awareness often driven by accident
or near-miss
Defences
Create Understanding & AwarenessGive Clear Guidance on Safe OperationAlarms & Warnings of imminent dangerRestore System to a Safe StateInterpose Barriers between Hazards & LossesContain & Eliminate HazardsProvide Means of Escape & Rescue
Defences
Create Understanding & AwarenessGive Clear Guidance on Safe OperationAlarms & Warnings of imminent dangerRestore System to a Safe StateInterpose Barriers between Hazards & LossesContain & Eliminate HazardsProvide Means of Escape & Rescue
Defences-in-depth, successive layers, specific sequence
Holes are continuously moving
Defences can be deliberately removed:-Maintenance-Testing-During Failures
Latent Conditions
Poor DesignGaps in SupervisionUndetected Manufacturing DefectsMaintenance FailuresUnworkable ProceduresClumsy AutomationPoor TrainingInadequate Tools & Equipment
Active Failures v Latent Failures
• Immediate Effect• Shortlived Effect• Committed at the
“sharp” end, at the human-system interface
• Lie Dormant• No Impact until
local interaction• Spawned in the
organisation• Pervasive
In aviation, there are foreseeable hazards:
Gravity,Weather, Mountains,
and Human Fallibility
Human Error v Non-Compliance
Error - an intrinsic part of the Human Condition
Error - distractionError – loss of situational awarenessError - deliberate
We all learn by “trial and error”– Necessary to push limits to establish
system characteristics
We cannot change the Human Condition, but we can change
the Conditions under which Humans work.
Investigations
• Who ?• What ?• Where ?• When ?
• Why ?
PRISMA
• Choose “Top Event” (Accident or Near-Miss)
• Determine Direct Causes• Determine Preceding Causes• Stop when the Facts Stop• Stop at limits of Organisational Control
PRISMA – 23 Categories
• 4 x Technical• 5 x Organisational• 3 x Staff, Knowledge based• 6 x Staff, Rule based• 2 x Staff, Skill based• 1 x Customers• 1 x Public• 1 x Unclassifiable
PRISMA – 23 Categories
• 4 x Technical• 5 x Organisational• 3 x Staff, Knowledge based• 6 x Staff, Rule based• 2 x Staff, Skill based• 1 x Customers• 1 x Public• 1 x Unclassifiable
Rasmussen’s SRK Model
Knowledge based Behaviour
• Unexpected or new situations• High attention level• Problem identification and solving• Situational awareness• Understanding of Process• Analytical ability
Rule based Behaviour
• Recognition of situation• Pattern identification• Medium attention demand• Training to ensure correct rule
application
Skill based Behaviour
• Reflex/automatic reactions• Long learning process• Low attention demand• Triggered by environmental signals• Unlearning very difficult• Stress resistant• Error prevention by environmental
change, not by altered behaviour
PRISMA – 23 Categories
• Technical– External– Design (Ergonomics)– Construction/Maint.– Material (further
research required)
• Organisational– External– Supervision– Rules/Procedures– Management Priorities– Culture
PRISMA – 23 Categories
• Knowledge Based– External– Process Status/
Characteristics (eg current permits to work)
– Improper Goals (eg making up for lost time by speeding)
• Rule Based– License/Certified
Competency– Incorrect Permits or
other Safeguards– Pre-work Status Check
not done– Work sequence
incorrect or incomplete– Failure to monitor other
system characteristics– Failure to use correct
resources
PRISMA – 23 Categories
• Skill Based– Intentional
(eg typing error)– Unintentional
(eg leaning against controls)
• Customer(eg Inebriated passenger)
• Public(eg Suicide)
• Unclassifiable(eg Act of God)
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
Poor staff instruction
Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
Poor staff instruction
Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
Poor staff instruction
Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
Poor staff instruction
Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
Poor staff instruction
Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
Poor staff instruction
Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
Poor staff instruction
Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
Poor staff instruction
Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
Poor staff instruction
Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
OS Incomplete supervision
Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
OS OS Culture of shortcuts
Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
OS OS OC Time pressure
Causal TreePassing train caught cable and dragged
along platform
Cable draped over platform
Train on adjacent track
- Context
Staff unaware thatcable should not
be placed on plat. Plan not followed
OS OS OC OM
PRISMA Applied to Chemical Industry, Healthcare and Railway (SPADs)
• Analysis 1: Historic investigation findings were re-classified into PRISMA terms.
• Analysis 2: The same incidents re-analysed with PRISMA, using existing Inspectorate files.
• Analysis 3: New incidents were analysed with PRISMA, using appropriate data gathering.
0%10%20%30%40%50%60%70%80%90%
100%
Analysis1
Analysis2
Analysis3
Analysis1
Analysis2
Analysis3
Analysis1
Analysis2
Analysis3
Chemical industry Health care Railways
Study
Technical factors Organisational factors Human factors Other
PRISMA Applied to Chemical Industry, Healthcare and Railway (SPADs)
0%10%20%30%40%50%60%70%80%90%
100%
Analysis1
Analysis2
Analysis3
Analysis1
Analysis2
Analysis3
Analysis1
Analysis2
Analysis3
Chemical industry Health care Railways
Study
Technical factors Organisational factors Human factors Other
PRISMA Applied to Chemical Industry, Healthcare and Railway (SPADs)
0%10%20%30%40%50%60%70%80%90%
100%
Analysis1
Analysis2
Analysis3
Analysis1
Analysis2
Analysis3
Analysis1
Analysis2
Analysis3
Chemical industry Health care Railways
Study
Technical factors Organisational factors Human factors Other
PRISMA Applied to Chemical Industry, Healthcare and Railway (SPADs)
Reliability is InvisibleReliable outcomes are constant
There is nothing to pay attention toWe see nothing so ‘nothing’ is
happeningAnd nothing will continue to happen.
This is a deceptive diagnosis –Dynamic inputs create stable outcomes
Safety is a Dynamic Non-Event
Accidents do not occur because we gamble and lose,
but because we do not believe that the accident about to occur
is at all possible
Accidents do not occur because we gamble and lose,
but because we do not believe that the accident about to
occur is at all possible