eEdition JJS :: Clif's Notes

What is Safety?

by Clifton A. Ericson II

Safety is a noun: a word that can be used to refer to a person, place or thing, or that can serve as the subject or object of a verb.

Industry and individuals frequently use the term “safety” with a seemingly inherent understanding of its meaning. We in the system safety discipline base most of our work around this word. After having worked with this term for many years, I one day started analyzing its meaning and realized that not only was I uncomfortable with its common definitions, I was not sure whether they’re completely accurate. As an advocate of making the system safety discipline more professional, I feel that we need to clean up some of our terminology. Perhaps the term “safety” is the place to start.

The MIL-STD-882 definition of safety is, “Freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.” A hazard is defined in MIL-STD-882 as, “Any real or potential condition that can cause injury, illness, or death to personnel; damage to or loss of a system, equipment or property; or damage to the environment.” By combining these two overlapping definitions, MIL-STD-882 is really saying that safety is “freedom from hazards,” which appears consistent with the typical dictionary definition of “freedom from danger.”

There seems to be some incongruence here, however, because in many cases it’s not possible to be free from hazards. My problem with this definition is with the use of the word “freedom.” Freedom from hazards implies that the hazards must be removed in order to have safety, but many hazards cannot be eliminated; they can only be reduced to an acceptable level of risk. My system safety work involves controlling or reducing mishap risk because the system cannot be made free from all hazards. This suggests to me that perhaps the 882 definition of safety is not quite accurate and is even somewhat misleading, or else that I have to bend the definition to make it fit. The question is, does “freedom from hazards” mean no hazards at all (i.e., they are eliminated), or does it mean something different? It seems that it would have to mean something different in order to be applicable or even true.

"Hazards will always exist when hazardous elements must be involved in a system."

Freedom from hazards or danger implies that safety can only be achieved when the hazards are eliminated. As system safety engineers, we know that this is not always possible. We will always live with hazards and risk. There are many situations and system designs where it is not possible to be “free” from hazards — in fact, we must co-exist with them. Hazards will always exist when hazardous elements must be involved in a system. The best we can hope for is to reduce the mishap risk of a hazard to an acceptable level. For example, we drive our autos almost daily with the feeling that we are safe, yet we are living with a multitude of hazards, such as a gasoline fire in the car, critical brake components that can fail, traffic lights that can fail, bad weather conditions, speeding drivers, etc. If freedom from hazards means elimination of hazards, then the definition implies that safety is not reached until the hazards are eliminated. This interpretation does not work for me because I know that I am not free of hazards while driving, yet statistically the risk is considered “safe.”

Recently, while trolling the Internet, I found a newer definition of safety that I like. It says that “safety is the state of being certain that adverse effects will not be caused by some agent under defined conditions.” While this is not quite the definition we are used to, it’s close to what I really believe we think of as safety.

Safety involves hazards and risk, thus safety can never be certain, but safety is a function of risk probability. Safety is the state of low likelihood that adverse effects will be caused by some hazard under defined conditions. Hazards automatically establish the agents, conditions and mechanisms involved, as well as the resulting adverse effects.

Here’s an interesting insight. Note that the official definition of system safety does not even mention “safety” or “freedom.” Rather, the definition is about achieving acceptable mishap risk.

“System safety. The application of engineering and management principles, criteria, and techniques to achieve acceptable mishap risk, within the constraints of operational effectiveness and suitability, time, and cost, throughout all phases of the system life cycle.” [MIL-STD-882D]

My proposed definition is, “Safety is the state of zero or minimal risk.” Why? Because we cannot usually achieve complete freedom from conditions of risk or danger, but we can strive to control or mitigate their impact. Safety is the expectation of being safe from danger, in terms of a minimal mishap risk level.

"When someone says that something is 'safe,' I would like to know exactly what that means."

What is Safe?
Safe is an adjective: a word that expresses an attribute of something.

As you might have guessed, my next question is, what does the term “safe” really mean? When someone says that something is “safe,” I would like to know exactly what that means. Does it mean that there is no hazard, or does it mean that the probability of the hazard mishap is small? Is there no risk, or is there acceptable risk? Is safe a quality or an entity; is it a value, an absolute or a range?

MIL-STD-882 is silent on a definition and does not define the term “safe”; however, the dictionary defines it as “free from injury or risk; secure from danger or loss.” The first definition uses the term “freedom” again, yet in system safety we define something as being safe even though it is not “free” from hazards or risk. The better description is offered in the second definition with the term “secure” (i.e., from danger or loss). I thought that secure might imply a level of risk; however, the dictionary defines secure as “free from danger or risk,” using that constraint “free from” once more.

Again, I am in a quandary. If safe is being free from danger or risk, then it is more of an ideal than a reality. When we analyze a system and say that it is safe, we are not usually stating that it is free from danger or risk, but more likely that it presents an acceptable minimal level of danger or risk. Ideally, safe means no chance of harm or danger, but this ideal condition is rarely possible.

My proposed definition is, “Safe is a condition of zero or minimal risk.” Why? Because safe is a level of risk whereby one feels confident that he is adequately protected from adverse or hazardous conditions. Safe is the result of an accepted level of safety control, where this level of control is measured in terms of mishap risk.

Conclusion
Safety is the state of zero or minimal risk, and safe is a condition of zero or minimal risk. Risk is the possibility of danger, a possibility of incurring loss or misfortune.

Thus, perhaps the better definition for safety is, “Safety is freedom from unacceptable risk.” This definition is similar to our current MIL-STD-882 definition, making it very familiar. This definition merely changes the focus from hazards to risk, just as version D of MIL-STD-882 did, yet it provides a definition closer to what can be realistically achieved.

Given these proposed definitions, safety can be viewed as a system characteristic, attribute or quality. It is a condition built into the product or system. The amount of safety achieved can be measured in terms of risk. Risk defines the level of safe-ness, which we typically refer to in terms of mishap probability and mishap severity. Safety is built into a product or system, and the level of mishap risk is the safe-ness value or measure for the system. Safety is relative; what may be a safe level for one system may not be for another.

Safety is an engineered immunity to hazards. Immunity is the quality of being unaffected by something. Safety is the condition by which a system is resistant to the effects of a hazard (i.e., a mishap). Hazards may be present in a system, but the level of built-in safety establishes a mishap immunity level.

System safety is the process of applying positive control over those conditions that can cause mishaps or undesired events (i.e., hazards). System safety is the practice of engineering a systemic immunity to hazards. Safety is the achievement of zero or minimal acceptable risk through an engineered level of hazard immunity.

Hopefully, this discussion will stimulate some concern and thought. Are you happy with the current definitions, or do you have some better alternative definitions? Perhaps the founding fathers had the definitions right to begin with. I would really appreciate some feedback and dialogue on this topic. I obviously don’t have all the answers, but I am convinced that the safety discipline needs to improve these definitions. Perhaps there will be a chance to get some meaningful definitions into the upcoming revision of MIL-STD-882 to version E.

I would like to take an informal survey. Please send me an email telling me whether you agree with the 882 definition of safety, or if you disagree. I will print the results at a later date (presuming that the response is adequate).

Regards,
Clif

Copyright © 2005 by Clifton A. Ericson II. All rights reserved.