Safety arguments provide a formal demonstration, supported by evidence, that a system is acceptably safe for a given application in a specified environment.

Three challenges exist with safety arguments:

  • Developing systems, equipment and processes that are adequately safe.
  • Providing a sufficient body of evidence that demonstrates safety performance.
  • Framing the argument in a robust and persuasive format that is compliant with the prevailing regulations, standards and expectations of the accepting authority.

A unique perspective

The team at Sotera have been working on safety arguments and safety approval projects since the early 1990s. This has provided us the opportunity to:

  • Work for approval bodies to help review and approve submissions
  • Experience the evolution of legislation in the UK and Europe and understand what the changes really mean
  • Write documentation and give training in engineering safety management
  • Provide safety arguments for trains, signalling, control rooms, offshore platforms, pipelines and chemical facilities and many more
  • Undertake peer review.

Our depth and breadth of experience in this areas makes us well placed to meeting the current and future challenges.

Those first steps

Every safety argument presents a portfolio of novel challenges. Irrespective of the topic and regulations the first steps are the most important and include:

  • Understand the system, product or process in detail and any history.
  • Establish the veracity of any existing safety documentation.
  • Research the approval process and understand the prevailing regulations and standards.
  • Planning a route to approval, including the evidence that is required and how the safety argument is best framed and presented to meet and exceed the requirement of the acceptance process.

Don't get bombarded

Safety engineering is one area where engineers and consultants can be too keen to try out their latest theory on how to present a safety argument. Examples are Goal Structured Notation, Bow-tie modelling, Cause-consequence modelling, Bayesian networks, Claims Argument Evidence, Node Metadata models.

Whilst there is a good concept behind these approaches, a case needs to be presented in a format readily understood by the entire team and the approval authority - this can be one of the downfalls of these approaches.

The bottom line – for success - is thoroughly identifying the hazards, understanding how likely they are to occur, how they escalate and what hazards management is required to deliver a suitable level of safety and communicating in a way everyone can understand.

Focus on risk not just regulations

Modern regulations such as the Common Safety Regulations for Risk Assessment in the rail industry provide alternative paths to approval, eg:

  • Following codes of practice
  • Comparison with a reference system
  • Explicit risk estimation.

There is a risk with the first two options that the codes of practice or the reference system do not provide for the level of safety that is required from the system so undertaking risk assessment to supplement the first two methods is recommended by Sotera.

It is not about getting a system through an acceptance process, it is about managing a process to get a system acceptably safe

A case study in getting bamboozled

During the financial crash of 2007 David Viniar, Goldman’s chief financial officer announced:

We were seeing things that were 25-standard deviation moves, several days in a row

A standard deviation is a measure of the level of variation expected in data.

A 25 sigma event would only be expected to occur once in 1.3x10135 years.  A number that would even confound prof. Brian Cox when explaining the creation of the universe.

So for that to happen, every day for a number of days, either Goldman were very unlucky or their models were incorrect. Either way, the beleaguered Mr Viniar seemed to get bamboozled with his chosen model.