Regulatory Guide: Holistic Safety

REGULATORY GUIDE

Holistic Safety

This document provides guidance to licence holders on the interaction of key technological, individual or human, and organisational factors necessary to create and maintain optimal safety

REGULATORY SERVICES

REG-COM-SUP-240U v1.1

June 2017

Introduction

Background

Safety management has seen significant developments[1]. Early safety management focussed primarily on only the safety of the plant and equipment (the technology), while later practices also considered human operators (human factors) and the overall management of the organisation (organisational factors). The current approach to safety management is to address all three aspects—the technology, the individual or human, and the organisation—and the interaction between them, to both create and maintain safe operations and reduce the relative risk. This overall approach to safety is known as the holisticapproachto safety or simply, holistic safety.

ARPANSA, like other regulatory bodies in Australia and abroad, has been working on developing capability in holistic safety. Charged with the function of protecting the health and safety of people under the Australian Radiation Protection and Nuclear Safety Act 1998(the Act), ARPANSA proposes to use a holistic approach to assess and monitor the safety of licence holders and applicants. This guide outlines ARPANSA’s vision and expectations for holistic safety. The guidelines are consistent with the aims of international best practice such as the IAEA General Safety Requirements Part 2 – Leadership and Management for Safety.

In this document, the key principles of holistic safetyare arranged in seven categories called ‘characteristics’. Within each ‘characteristic’ are ‘attributes’ that more specifically outline the ways in which the key principles of holistic safety can be achieved. A Safe Organisation exhibits the key characteristics as described in this guide. The presence of these characteristics has been found to both increase organisations’ resistance to incidents and accidents while improving overall safety management and productivity[2].

Although each characteristic may be considered separately, there is significant overlap, interaction and interdependency between the technological, the individual or human, and the organisational aspects of safety. It is an appreciation of these interconnected relationships that separates holistic safety from other approaches to safety management[3]. In addition, the relative contribution of each characteristic and attribute to overall safety will vary among licence holders and applicants e.g. the technological, individual or human, and organisational factors that apply to a complex production plant will be different to those of a small laboratory.

Objective and Scope

The objective of this publication is to provide guidance on key technological, individual or human, and organisational aspects that are necessary to create and maintain optimal safety. This holistic approach to safety may be used to assess and monitor compliance with the Act and Regulations. It is intended that a holistic approach to safety should be adopted by all licence holders, while specific application of the principles set out in the characteristics and attributes will be tailored to the particular organisation.

Although not mandatory, this guide sets out best practice in holistic safety. This guide does not negate obligations on licence holders pursuant to the Act, the Regulations and any individual licence conditions.

Table of Contents

Overall Structure of the Characteristics and Attributes

HUMAN CHARACTERISTICS
1—Human Aspects / A safe organisation will possess processes and controls that take account of weaknesses and strengths in human performance
1.1 The selection of suitably qualified and experienced, competent personnel
1.2 The provision of appropriate training
1.3 Equipment and machine design that account for human factors
1.4 Process design that accounts for human factors
1.5 Operational environment designthat account for human factors
2—Non-Technical Skills / A safe organisation will possess and utilise effective non-technical skills
2.1 The non-technical skill of communication
2.2 The non-technical skill of leadership
2.3 The non-technical skill of team-working
2.4 The decision-making process
2.5 The non-technical skill of situation awareness
TECHNOLOGICAL CHARACTERISTICS
3—Defence in Depth / A safe organisation will apply Defence in Depth throughout
ORGANISATIONAL CHARACTERISTICS
4—Management System / A safe organisation will integrate safety and environmental protection seamlessly into an integrated safety management system
5—Resilience / A safe organisation will build or engineer resilience into the system
5.1 The ability to respond
5.2 The ability to monitor
5.3 The ability to anticipate
5.4 The ability to learn
6—Safety Culture / A safe organisation will at all levels possess shared values and beliefs for safety that produce behavioural norms that provide an appropriate and demonstrable attention to safety
6.1 Safetyand security are clearly recognised values
6.2 Leadership for safety and security is clear
6.3 Accountability for safety and security is clear
6.4 Safety and security is integrated into all activities
6.5 Safety and security is learning driven
6.6 Integration across divisional boundaries
7—Protective Security and Nuclear Security Culture / Organisations with a good security culture will at all levels possess shared characteristics, attitudes and behaviours which serve as a means to support and enhance security
7.1 Security management is informed and integrated

Characteristic 1—Human Aspects

A safe organisation will possess processes and controls that take account of weaknesses and strengths in human performance

Explanation and Rationale

In the context of this document, Human Aspects/Factors is a body of knowledge about human abilities, human limitations, and other human characteristics. Human factors engineering is the application of human factors to the design of tools, machines, systems, tasks, processes, and environments for safe, comfortable, and effective human use.

Attributes

1.1The selection of suitably qualified and experienced, competent personnel

1.1.1Licence holders should ensure requirements for safety and security are considered and assessments of skills and competencies are undertaken for positions that have a safety or security function.

1.1.2Licence holders should ensure selection processes result in a suitably qualified and experienced person (‘SQEP’) to perform in the given position.

1.1.3Licence holders should ensure that succession plans are in place for all positions having a significant safety or security function.

1.2The provision of appropriate training

1.2.1Licence holders should demonstrate that, where relevant, training covers weaknesses and strengths of human performance.

1.2.2Licence holders should ensure that training programs are developed in consultation with SQEP employees.

1.3Equipment and machine design that account for human factors

1.3.1Licence holders should ensure that equipment is designed ergonomically.

1.3.2Licence holders should ensure that equipment is human error tolerant and/or human error evident[4].

1.4Process design that accounts for human factors

1.4.1Licence holders should ensure that processes are designed to take account of human factors.

1.4.2Licence holders should always strive to review and, where necessary, optimise processes to make human work safer.

1.5Operational environment designthat account for human factors

1.5.1Licence holders should ensure that the operational environments are regularly reviewed and optimised for the safety and security of work being undertaken.

1.5.2Licence holders should ensure that human factors relevant to radiation and nuclear safety and security are taken into account when designing or modifying any work area.

Characteristic 2—Non-Technical Skills

A safe organisation will possess and utilise effective non-technical skills

Explanation and Rationale

Non-technical skills (‘NTS’) are the cognitive, social and personal resource skills that complement technical skills, and contribute to safe and efficient task performance (Flin et al. 2008, p. 1). The attributes below aim to assist regulatory officers in their assessment of licence holders’ NTS. Accident investigations invariably demonstrate a failure in one or more of the following attributes. In order to apply technical skills effectively, staff need to apply non-technical skills. Good communication, leadership, team-working, decision-making and situation awareness are necessary for staff to apply technical skills effectively. Thus improving NTS optimises and complements technical skills.

Attributes

2.1The non-technical skill of communication

“Communication is the exchange of information, feedback or response, ideas and feelings. It provides knowledge, institutes relationships, establishes predictable behaviour patterns, maintains attention to the task, and is a management tool”(Kanki & Palmer 1993 cited in Flin et al. 2008, p. 69)

2.1.1Licence holders should ensure that the dangers from inadequate communication are made clear and avoided.

2.1.2Licence holders should ensure that employees understand communication methods and types, and the weaknesses and strengths of the different methods of communication.

2.1.3Licence holders should equip staff with the necessary skills and competencies to communicate effectively.

2.1.4Licence holders should assess their employees’ competence in communication and provide extra training where necessary.

2.2The non-technical skill of leadership

Leadership refers to the personal qualities, behaviours, styles and strategies adopted by the team leaders that guide and support the other team members, and influences how and whether a team achieves its objective. The team leaders also influence motives, values and behavioural standards of the team

2.2.1Licence holders should equip leaders with the knowledge of how leadership can contribute to good or bad safety and security outcomes.

2.2.2Licence holders should equip staff with the necessary skills and competencies of leadership for safety and security.

2.3The non-technical skill of team-working

Team working isa distinguishable group of two or more people who interact, dynamically, interdependently, and adaptively toward a common and valued goal/objective/mission (Flin et al. 2008, p. 94)

2.3.1Licence holders should ensure that the risks of inadequate team-working and benefits of effective team-working for enhancing safety and security are made clear.

2.3.2Licence holdersshould ensure that employees understand the positive and negative individual and team attributes that affect team-working.

2.3.3Licence holders should equip staff with the necessary skills and competencies to work effectively in a team.

2.3.4Licence holders should assess their employees’ competence in team-working and provide extra training where necessary.

2.4The decision-making process

Decision making is “the process of reaching judgement or choosing an option, sometimes called a course of action, to meet the needs of a given situation” (Flin et al. 2008, p. 41). They are not pre-planned decisions previously established in procedures and instructionsbut spontaneous decisions related to operations and made by personnel and management under pressure

2.4.1Licence holders should equip their staff with knowledge on how human decision-making can contribute to good or bad outcomes.

2.4.2Licence holders should ensure employees understand the different types of decision-making tools and processes, their weaknesses and strengthsand external factors that can affect decision making.

2.4.3Licence holders should develop training programs that assist good decision-making.

2.5The non-technical skill of situation awareness

Situation Awareness is the cognitive process for building and maintaining awareness of a workplace situation or event”—knowing what is going on around you(Flin et al. 2008, p.17). The personal ability to take in and process any information within a given situation or time

2.5.1Licence holders should equip their staff with knowledge of how situation awareness can contribute to good or bad outcomes.

2.5.2Licence holders should ensure training covers the basic principles in situation awareness, how situation awareness can be impaired, and factors that affect it.

2.5.3Licence holders should develop training programs that assist effective situation awareness.

Characteristic 3—Defence in Depth

A safe organisation will apply defence in depth throughout

Explanation and Rationale

Defence in depth provides the basic framework for nuclear and radiation safety by implementing diverse layers of protection at successive levels.

To compensate for potential human and mechanical failures, a defence in depth concept is implemented using several levels of protection including successive barriers preventing harm to people or the environment. The concept applies a graded approach and can include protection of the safety barriers themselves. It includes further measures to protect the public and the environment from harm in case these barriers are not fully effective.

The detailed attributes and regulatory expectations are addressed in other ARPANSA regulatory guides, for example Regulatory Assessment Principles for Controlled Facilities.

Level of Defence in Depth / Objective / Essential Means
1 / Prevents failures and insure that anticipated operational occurrences/disturbances are infrequent / Conservative, high quality, proven design and high quality in construction
2 / Maintain the intended operational states and detect failures / Process control and limiting systems, other surveillance features and procedures
3 / Protect against design-basis accidents / Safety systems and accident procedures
4 / Limit the progression and mitigate the consequences of beyond-design-basis accidents / Accident management and mitigation
5 / Mitigate the radiological consequences of beyond-design-basis accidents / Off-site emergency response

Characteristic 4—Management System

A safe organisation will incorporate safety and environmental protection seamlessly into an integrated safety management system

Explanation and Rationale

A safety management system (‘SMS’) is the ‘toolbox’ that contains the tools an organisation needs in order to safely and securely manage its operation. Modern SMS’s used by high reliability organisations are often incorporated into integrated management systems to include environment, quality and security, where appropriate, rather than as a standalone component system. ARPANSA’s expectation is that safety and security management and environmental protection is seamlessly integrated into every aspect of a licence holder’s activities. The detailed attributes and regulatory expectations are addressed in Regulatory Guide: Plans and Arrangements for Managing Safety.

Characteristic 5—Resilience

A safe organisation will build or engineer resilience into the system

Explanation and Rationale

Resilience Engineering is the intrinsic ability of a system to adjust its functioning prior to, during, or following changes and disturbances so that it can sustain required operational safety and security under both expected and unexpected conditions (Hollnagel et al. 2011, p. xxxvi). The application of resilience engineering principles can also assist in the management of entirely unexpected conditions as it leads to improved understanding of system behaviour within an organisation and of potential intervention methods. Licence holders should address and apply the principles of resilience into their systems and operations to ensure safety and security is maintained under both expected andunexpected conditions.

Attributes

5.1The ability to respond

5.1.1Licence holders should undertake analysis of their system’s design and operation to identify any credible deviations that may lead (immediately or via cascading error) to an increased risk or loss of effective control.

5.1.2Licence holders should regularly review their identification of any credible deviations taking account of operational experience within their own organisation and the wider industry.

5.1.3Licence holders should equip their systems and staff with the capability to respond to any deviations (identified and unidentified) and resume optimal operational safety and security.

5.1.4Licence holders should ensure response capability and readiness is maintained.

5.2The ability to monitor

5.2.1Licence holders should have a list of relevant indicators to monitor system status and performance.

5.2.2Licence holders should ensure that arrangements are in place so that indicators are closely monitored, validated and accountabilities are established.

5.2.3Licence holders should ensure there is a clear basis that determines when the list of indicators is revised.

5.2.4Licence holders should ensure monitoring facilitates response in a timely manner.

5.3The ability to anticipate

5.3.1Licence holders should ensure systems and arrangements are in place to identify future safety and security challenges that may arise.

5.3.2Licence holders should ensure the identification of future safety and security challenges is conducted on a regular basis, and communicated, shared and disseminated within the organisation.

5.4The ability to learn

5.4.1Licence holders should ensure there are clear principles behind which deviation from normal operation (including near-misses) are investigated.

5.4.2Licence holders should strive to improve safety and security by learning lessons from what goes well and what goes badly.

5.4.3Licence holders should ensure they have sufficient and continuous resources to facilitate data collection, analysis and learning from operational experience.

5.4.4Licence holders should ensure learning from operational experience is effective, timely, continuous, and maintained at all organisational levels and across organisational boundaries and demonstrate learning is effective and occurs at the individual as well as the organisational level.

Characteristic 6—Safety Culture

A safe organisation will, at all levels, possess shared values and beliefs for safety that produce behavioural norms that provide an appropriate and demonstrable attention to safety

Explanation and Rationale

Safety Culture interacts with an organisation’s structures and control systems to produce behavioural norms. It is the core values, beliefs and behaviours resulting from a collective commitment by leaders and individuals throughout an organisation that appropriately prioritise safety against other organisational goals to allow business objectives to be undertaken without undue risk. Organisations with a positive safety culture are characterised by communications founded on mutual trust, by shared perceptions of importance of safety and by confidence in the efficacy of preventative measure. The attributes below aim to assist regulatory officers in their assessment of safety culture.