5-1

Chapter 5 SAFETY RISKS

5.1 OBJECTIVE AND CONTENTS

This chapter presents the fundamentals of safety risk management. The chapter includes the following topics: a Definition of safety risk; b First fundamental — Safety risk management; c Second fundamental — Safety risk probability; d Third fundamental — Safety risk severity; e Fourth fundamental — Safety risk tolerability; f Fifth fundamental — Safety risk controlmitigation; and g The five fundamentals of safety risk management — Summary. 5.2 DEFINITION OF SAFETY RISK 5.2.1 Chapter 2 of this manual defines safety as the outcome of the management of a number of organizational processes. The management of these organizational processes has the objective of keeping safety risks under organizational control. Key in this perspective is the notion of safety as an outcome and safety risk management as a process. 5.2.2 Chapter 4 of this manual further discusses hazard identification as one the two core activities supporting the management of safety. Hazard identification also contributes to the robustness of other organizational processes indirectly related to the management of safety. In order to provide for a proper identification and analysis of hazards, Chapter 4 establishes a clear differentiation between hazards, as sources of potential injury or damage, and their safety consequences described in operational terms. 5.2.3 Safety risk management is the other core activity that supports the management of safety and contributes to other, indirectly related organizational processes. The term safety risk management, as opposed to the more generic term risk management, is meant to convey the notion that the management of safety does not aim — directly — at the management of financial risk, legal risk, economic risk and so forth, but restricts itself primarily to the management of safety risks. 5.2.4 It is a common pitfall that safety management activities oftentimes do not progress beyond hazard identification and analysis or, in other cases, jump from hazard identification direct to mitigation deployment, bypassing the evaluation and prioritization of the safety risks of the consequences of hazards. After all, once sources of danger or harm are identified, and their consequences analysed and agreed, mitigation strategies to protect against the consequences can 5-2 Safety Management Manual SMM certainly be deployed. This view would be correct if one were to adhere to the notion of “safety as the first priority”, and focus on the prevention of bad outcomes. However, under the notion of safety management, agreeing on the consequences of identified hazards and describing them in operational terms are not enough to engage in mitigation deployment. It is necessary to evaluate the seriousness of the consequences, so as to define priorities for the allocation of resources when proposing mitigation strategies. 5.2.5 It has already been proposed that it is a basic management axiom that one cannot manage what one cannot measure. Therefore, it is essential to somehow measure the seriousness of the consequences of hazards. This is the essential contribution of safety risk management to the safety management process. By “putting a number” on the consequences of hazards, the safety management process provides the organization with a principled basis for safety risk decisions and the subsequent allocation of organizational resources to contain the damaging potential of hazards. In this way, safety risk management completes the basic safety management trilogy of hazards-consequences-safety risks, and directly supports the resolution of the “dilemma of the two Ps” discussed in Chapter 3. 5.2.6 Risk, in its vernacular and broadest sense, has been the subject of much discussion, and literature on the topic is abundant. A potential for confusion exists, that is partly due to the vernacular use of the term, which is all too frequent, quite broad and generally vague. The first step in addressing the confusion is narrowing down the use of the generic term risk to the very specific term safety risk. Beyond this, it is essential from the outset to establish a clear definition of safety risk and to link such a definition to the concepts of hazards and consequences expressed in operational terms. 5.2.7 Even after narrowing the using of the generic term risk down to the more specific term safety risk, confusion may still arise. This is because the notion of risk is an artificial one. Safety risks are not tangible or visible components of any physical or natural environment; it is necessary to think about safety risks to understand or form an image of them. Hazards and consequences, on the other hand, are tangible or visible components of a physical or natural environment, and therefore intuitive in terms of understanding and visualization. The notion of a safety risk is what is known as a construct, i.e. it is an artificial convention created by humans. In simple words, while hazards and consequences are physical components of the natural world, safety risks do not really exist in the natural world. Safety risk is a product of the human mind intended to measure the seriousness of, or “put a number” on, the consequences of hazards. 5.2.8 Safety risk is defined as the assessment, expressed in terms of predicted probability and severity, of the consequences of a hazard, taking as reference the worst foreseeable situation. Typically, safety risks are designated through an alphanumeric convention that allows for their measurement. Using the example of crosswind discussed in Chapter 4, it can be seen that the proposed definition of safety risk allows one to link safety risks with hazards and consequences, thus closing the loop in the hazard-consequence-safety risk trilogy: a a wind of 15 knots blowing directly across the runway is a hazard; b the potential for a runway lateral excursion because a pilot might not be able to control the aircraft during take-off or landing is one of the consequences of the hazard; and c the assessment of the consequences of a runway lateral excursion, expressed in terms of probability and severity as an alphanumerical convention, is the safety risk. 5.3 FIRST FUNDAMENTAL — SAFETY RISK MANAGEMENT 5.3.1