System Safety Management

The Basic Need For Safety

• Originates as a fundamental human need• Dr. Abraham Maslow outlined a hierarchy• States that humans are motivated to action by

unsatisfied needs • Physiological needs are first:

– Air, Water, Food, etc.• Basic requirement must be fulfilled before there is

interest in a higher function

Hierarchy of Needs (cont.)

• After Physiological needs are met Safety concerns are second

• At this level humans seek stability in their lives• Freedom from hazards or potential threats• In this layer humans predominantly seeks

structure and order• Comfort zones are developed based on boundaries

and known parameters

Human Need for Safety

• Safety needs are mostly psychological in nature and difficult to quantify

• Perception of safety is often based on false assumption and intuition

• Once the “feeling” of safety is achieved humans can move on to the next tier

• Higher tiers relate to increased efficiency and higher personal performances

Human Needs Based on Deficit

• Homeostasis principal (deficit needs)– Thermostat / Furnace relationship

• Human needs are essential to survival and instinctive or instinctoid

• Needs are Prepotent -- our actions are influenced by our greatest need

Industrial Revolution

• Significant steps in structured safety efforts evolved during this period (19th Century)

• Safer practices met personal needs and was eventually considered “Good Business” as it protected skilled laborers and valuable equipment

• Safety Programs proved to be a Win-Win solution

Anonymous Safety Professional statement:

““It is immoral to design a It is immoral to design a product or system for mankind product or system for mankind

without recognition and without recognition and evaluation of the hazards evaluation of the hazards

associated with that product or associated with that product or system”system”

History of Safety Process

• To best enable users of system safety practices to understand the process of safety, placing today’s programs in context to their historical predecessors helps maintain the lessons learned of their “safety forefathers”

• System safety began within the context of looking for safe results

Aviation Safety Process - 1908

• Aviation safety processes can be traced back to the earliest days of aviation when a mishap occurred during flight demonstration of a new aerospace system (Wright Flyer) at Fort Myer, Virginia

• The investigation revealed that an untested sub-system (propulsion) component (propeller), failed causing subsequent damage to the other propeller and structural supporting guy wires

First Aviation Fatality

September 17, 1908

Mishap Investigation

• The sub-system, which had performed reliably, was modified in order to successfully meet and exceed US Army speed specifications

• The designer (Orville Wright) had extended the previously proven propeller design by approximately 4 inches

• This untested modification failed, striking the other propeller and a wire bracing the tail section causing it to collapse and pitch into a fatal plunge

Fly-Fix-Fly Approach to Safety• This type of flight research was consistent with the

approach that produced a functional aircraft • The Wright Brothers had successfully

accomplished powered flight with a trial and error approach to flight testing their new designs

• There were few previous studies for them to review -- Each flight was an experiment, if a new design worked, they would fly it to gather data. If it failed, they studied the deficiencies; performed modifications and flight-tested the new design

Science of Accident Investigation

• Early flight posed new challenges, which shaped safety programs that grew to address hazards

• During these formative years the complexities of aircraft and the effects of the environment in which they operated were not fully understood

• Inquiries into aircraft accidents were not specialized enough to capture information in a fashion that identified all the hazards, eliminated them or reduced them to acceptable levels

The Need for System Safety

The first fatal powered-aircraft accident investigation pointed to the need for system safety practices – the formal recognition of this holistic approach came decades later

Aviation Safety Programs

• The US Army Air Service took the first steps toward a formal aviation safety program in 1921

• The Chief of the Medical Division --Air Service reviewed all accidents that caused injury to people or equipment during the previous year

• In that report the first soundings for a formal safety program were heard

Chief of Air Service 1921 Report:

“…that the Air Service desires to perfect preventive accident measures to the fullest possible may be readily appreciated from the fact that during the

calendar year 1920, 51 officers and enlisted men of the Air Service lost their lives in airplane accident, [and] 312 airplanes were damaged or destroyed...”

Systematic Approach• In December 1925, the Commander of the

Information Division of the Air Service, Major Henry H. “Hap” Arnold, identified the need for a systematic approach to aircraft maintenance and operations

• His interest was in determining what constituted an effective maintenance program

• Examining the most successful flying operations, then identified and recognized the best practices

Organizational Best Practices

• The best organizations with the most reliable aircraft had:– Written instructions for crew chiefs– Work stands, which allowed better access to

work areas– A system of supervising inspections

• Also recognized were human performance issues:– Poor pilot training – Inadequately trained maintenance personnel

Technical Report - 1927

• The Inspection Division Accident Committee undertook a comprehensive review of the newly designated Army Air Corps accidents from 1917 to date

• The Development Section’s solution to the “accuracy problem” was the creation of the Technical Report of Accident Classification committee

• They were specifically chartered for accident prevention and could not be used for legal purposes

NACA Report -1928

• The National Advisory Committee on Aeronautics addressed the other two problems that same year in a report labeled simply as #308

• This report set standards for:– Accident terminology– Classification analysis

• Creation of standardized flying hour tracking forms

Challenges To Improving The Safety Record

• Inconsistency of accident reporting procedures• Decentralized control of trends and analysis• A conflict between the US Army’s competing

priorities of accident prevention and personal accountability for such accidents (Retribution)

Army Air Corps Accident Investigation Goals -1930

• Sought to improve materials• Identify improvement to training programs• Proper budgeting for procurements and

spares

Reactive Safety Program

• Emphasis was placed on the accuracy of information input into data base

• Program fell short of a definitive process that allowed data to be analyzed and transformed into preventive actions (information & knowledge)

• Accident prevention efforts were mainly characterized by an emphasis on what happened

• “Rear view mirror” study of a threat and reactive in nature

Air Commerce Act - 1926

• Air Mail delivery provided the first commerce sector for aviation - “the mail must get through”

• By 1930 this new career field was recognized as extremely perilous

• Between 1933 and 1936 Congress held 26 separate investigations into various aeronautical concerns

• Accident frequency had a negative impact on public confidence in aviation

Public Confidence Eroded

U.S. Army Safety Section

• Keenly aware of Congressional concerns the U.S. Army institutionalized accident prevention as a distinct discipline

• Captain Samuel Harris was first to lead the new safety organization within the Inspection Division, formed in 1940

Safety Section Duties• Develop systems for the purpose of improving

standards of operations and maintenance• Conduct studies of unsatisfactory performances• Provide statistical studies of accidents, incidents and

equipment failures • Maintain a confidential file on personnel showing a

history of accident/incident involvement• Analyze and prepare studies of damage reports and

accidents• Recommend changes to promote efficiency

U.S. Army Air Corps Safety Culture

• Statement of responsibilities highlight a maturation in both structure and direction

• Established accountability for the reorientation of safety efforts from merely identifying and correcting “unsafe situations” to a “proactive posture”

• The Commanding General of the Air Corps created an institutional culture with mishap prevention as a core responsibility

Safety Objectives - 1941

• Developed a multidisciplinary approach to air safety

• Creation of a holistic, analytical view of accidents• Apply accident analysis (lessons learned) to

prevention efforts• Measurement of effectiveness of prevention

(Taxonomy or Performance Metrics)

U.S. Army Air Force - 1942

• Head of Safety Section elevated to Directorate status

• Director of Flying Safety now equivalent to a Deputy Chief of Staff

• Historical basis of safety reporting directly to the top of the organization established

• Colonel Harris reporting directly to the Commander-in-Chief

Office of Flying Safety - 1945

• Organized into 5 functional areas– Training and Operational Policy– Material and Maintenance (concerned with life-cycle

related aircraft problems)– Medical Safety (tracked human factors and personal

equipment issues)– Safety Enforcement (monitored violations)– Safety Education ( safety material and training

manuals)

Modern Day U.S. Air Force• All of the functional areas addressed by the 1945

Office of Flight Safety have analogous functional areas in the present day USAF

• Compared to modern day system safety methodology, this systematic approach identified and acted upon by General Arnold and Colonel Harris readily illustrate the genesis of the “safety of the system as a whole” vision which grew into present day system safety programs

The Key to Program Success

• The vision and willingness to direct, from the top down, is clearly identifiable as the critical element to the success of early USAF safety programs and remains, to this day, a vital key to any programs success

• “There is no substitute for genuine top-down commitment to insure a safety program’s success”

System Safety in the Civilian Sector

• The first recorded presentation, to the aviation industry, of a system safety processes was by Amos L. Wood in New York in January 1946

• His presentation was titled “The Organization of an Aircraft Manufacture’s Air Safety Program”

• Mr. Wood emphasized continuous focus of safety in design, post-accident analysis, safety education, accident preventive designs that minimize personnel errors, and statistical control of post-accident analysis

Engineering For System Safety• In September 1947, another paper was published by

William Stieglitz entitled “Engineering for Safety”• His work outlined a vision for system safety• He stated, “Safety must be designed and built into

airplanes, just as are performance, stability, and structural integrity...”

• “...A safety group must be just as important a part of a manufacture’s organization as a stress, aerodynamics, or weights group….”

Engineering For System Safety (cont)

• “Safety is a specialized subject just as are aerodynamics and structures’

• “Every engineer cannot be expected to be thoroughly familiar with all developments in the field of safety any more than he can be expected to be an expert aerodynamicist”

Engineering For System Safety (cont)

• Amos Woods went on to state, “The evaluation of safety work in positive terms is extremely difficult. When an accident does not occur, it is impossible to prove that some particular design feature prevented it”

System Safety – An Interdisciplinary Practice

• Thus the formal connection between system safety and aviation advances were forged

• These farsighted visions comprise the basis of current system safety programs both in aviation and other disciplines, including medical science, atomic energy and even industrial hygiene

• All evolved due to viewing the whole system and any interacting parts in an interdisciplinary approach

Air Force Performance Metrics

• 1946 safety statistics reflected an unsatisfactory 83 accidents per 100,000 flying hours

• By the mid-1950’s this was reduced to 10 accidents per 100,000 hours

• Current day standards hover in the 1.25 to 1.75 range and have been on a plateau for 15 years

Public Expectations of High Standards• In some things, public

confidence demands a proactive posture

• Waiting for a mishap to point out design deficiencies and latent hazards is economically and ethically irresponsible

• A “Fly-Fix-Fly” philosophy is unacceptable as a means to identify, analyze and control hazards

Systems Safety in Acquisition Programs • During this era the

USAF was actively managing several system acquisition programs including ICBMs and the first phase of a research airplane program seeking high-speed flight, beyond the speed of sound

Industry “Best Practice”• In 1950, the USAF Directorate of Flight Safety

Research (DFSR) was formed at Norton Air Force Base, California

• By 1954 the DFSR began sponsoring Air Force-industry conferences addressing safety issues of various aircraft systems by technical and safety specialists

• Recognizing best practices, the USAF lead was soon followed by safety centers for the US Navy in 1954 and the US Army in 1957

Industrial System Safety • Safety stems from personal needs and business

requirements for greater efficiency• The first four decades of powered flight proved a

“rear view mirror” approach to safety was ineffective and expensive

• In lieu of trial and error, military leadership stressed a systematic discipline, focusing on proactive efforts, seeking to identify hazards, analyze them for risk and controlling them as known quantities

Industrial System Safety (cont)

• The focus is to establish an acceptable level of safety, designed into the system as a whole before production or operation

• This approach seeks to perform identification and evaluation of hazards before an incident or accident causes a loss

North American X-15

• Joint USAF/USN/NASA Research project covering 5 years and 120 space exploration flights

• Managed by USAF Systems Command

• The most successful “Systems Managed” space exploration program

• 92% mission success rate

System Acquisition Specifications

• In July 1960 a system safety office was established at the USAF Ballistic Missile Division in Inglewood, California. They published the first system-wide safety specification titled BSD Exhibit 62-41

• The Naval Aviation Safety Center was the first to become active in promoting an inter-service system safety specification for aircraft, using BSD Exhibit 62-41 as a model

System Safety Culture• By 1962, system safety was identified as a contract

deliverable item on military contracts • 1962 Roger Lockwood held organizational meetings

in the Los Angeles area of what would become the System Safety Society a professional organization incorporated as an international, non-profit organization

• 1964 The University of Southern California developed a Master’s degree program to support industry demands System Safety specialties

Acquisition Standards

• BSD Exhibit 62-41 was broadened in September 1963 as MIL-S-38130

• 1969 it became the model for MIL-STD-882• MIL-STD 882 D is the latest version • A standard updated over the years and existing

today

System Safety Management