What is a safety culture?
A safety culture is the compilation of ideologies, mindsets, perceptions, knowledge, attitudes, and values, that employees share related to the risks within an organization, such as those found in a workplace. It reflects the organization’s attitude about safety from top to bottom, and across all functions, disciplines, teams, and processes.
An effective organizational safety culture is much more than just putting up safety posters in the break room and attending occasional “punch the ticket” safety briefings. Creating and maintaining a safety culture represents a formal process that defines what an organization actually does about safety, rather than just focusing on projecting a certain type of image.
What is the importance of the safety culture?
The safety culture of an organization is more than just an attitude, it is a series of formal documents created through vetted processes that define the safety requirements and expectations for all persons, behaviors, and elements that impact the safety of a product or element to any degree. Thus, the importance of the safety culture cannot be overstated. The safety culture is such a deep and intrinsic part of an organization that it is woven into the cultural fabric of the organization itself, a reflection of who the organization is, why they exist, and how they choose to interact with and impact the world around them.
The safety culture defines both the requirements and the processes to be followed. It defines trustworthy examples of safety, provides the driving force behind the proper execution of safety policies and procedures, and clarifies the criteria by which the application of safety will be measured.
Organizations that are either involved with the implementation and enforcement of the safety lifecycle or are fulfilling safety activities within the safety lifecycle must:
- Establish and enact a safety culture that emboldens and strengthens timely, complete, and effective communication among the teams and disciplines associated with functional safety;
- Establish and sustain the organization-specific rules and processes that are required to achieve functional safety;
- Establish and maintain the processes that are used to resolve the identified safety anomalies in a satisfactory manner;
- Create and sustain a competence management system to assure that the persons involved possess the competence required to properly fulfill their responsibilities; and
- Create and maintain a quality management system that is sufficient to properly support all aspects of functional safety.
What makes a good safety culture?
There are some of the elements that are common to good safety cultures:
- Good safety cultures are created. Safety cultures do not spontaneously happen, nor should they be assumed to already exist. They are designed and implemented with deliberate intent and forethought.
- Good safety cultures are clearly defined. They are defined by vetted and trustworthy standards, such as ISO And, they are created and maintained in a manner that is fully compliant with the entire standard; no cherry-picking, no shortcuts.
- Good safety cultures are clearly communicated. Effective communication channels are defined and maintained between the various teams and functions, including those focused on project management, functional safety, mechanical safety, cybersecurity, quality, competence management, resource management, and all other disciplines that contribute to the achievement of functional safety. These groups work together to exchange relevant information and watch out for conflicts between their various team-level requirements.
- Good safety cultures cover the entire product lifecycle. The safety culture supports a product “from cradle to grave.” They encompass the principal safety activities during the product’s initial concept phase, during the development of the product, throughout the production of the product, and throughout the product’s operation, service, and eventual decommissioning.
- Good safety cultures are executed and sustained. The organization must create a safety culture that inspires and strengthens the achievement of functional safety. Then, it must turn its words and guidance into action, and it must sustain that environment after it is achieved.
- Good safety cultures are tailored where necessary. Teams put in the time and effort to make sure that the safety culture is optimal for their organization, so that the planning, coordinating, monitoring of progress, fulfillment of confirmation measures, and other key management tasks, are being performed properly throughout the lifecycle.
- Good safety cultures are tangibly supported. Their organizations follow through by providing the resources necessary to properly implement and sustain the functional safety culture. These resources include, but are not limited to tools and databases, human resources, guidelines, and work instructions. And, personnel are given sufficient authority to fulfill their safety responsibilities.
- Good safety cultures are continuously improved. The organization establishes, implements, and sustains a continuous improvement process that is based on lessons learned during the application and performance of the safety lifecycle, and derived improvements that can be applied to subsequent challenges.
- Good safety cultures are documented properly. Routine turnover makes people one of the less stable elements in functional safety. Proper documentation is not an optional “nice to have”, it is of foundational paramount importance to all engineering and safety disciplines. If the safety culture and its supporting processes and data repositories are not properly documented, continuity and momentum are lost, and knowledge will either disappear or will have to be learned all over again, resulting in wasteful rework and an increased risk of error.
What are the five elements of safety culture?
In the article Safety Culture, published by Air Safety Support International at: https://www.airsafety.aero/Safety-Information-and-Reporting/Safety-Management-Systems/Safety-Culture.aspx, Dr. James Reason is referenced as suggesting that safety culture consists of five elements:
- An informed culture: In an informed culture the organization collects and analyses relevant data, and actively disseminates safety information.
- A reporting culture: A reporting culture means cultivating an atmosphere where people have the confidence to report safety concerns without fear of blame. Employees must know that confidentiality will be maintained and that the information they submit will be acted upon, otherwise they will decide that there is no benefit in their reporting.
- A learning culture: A learning culture means that an organization is able to learn from its mistakes and make changes. It will also ensure that people understand the SMS processes at a personal level.
- A just culture: In a just culture errors and unsafe acts will not be punished if the error was unintentional. However, those who act recklessly or take deliberate and unjustifiable risks will still be subject to disciplinary action.
- A flexible culture: A flexible culture is one where the organization and the people in it are capable of adapting effectively to changing demands.
One comparison that might be drawn from Dr. Reason’s assertions, can be that a safety culture is much like a living, dynamic thing. It possesses and acquires knowledge and puts it to work as it continuously improves itself. It enables communication in an atmosphere of trust built on data rather than emotional foibles. And it conducts all of this effort in an evenhanded and fair-minded manner. In more than one sense, a good safety culture can be thought of as a reflection of what we as a people want in our world.
Managing safety anomalies
Simply put, safety anomalies are a deviation from the norm or the expected safe state, a safety-related inconsistency that is odd, peculiar, or strange. When they are encountered, safety anomalies must be addressed in a straightforward and disciplined manner.
This activity begins with the organization defining and implementing a process that explicitly communicates safety anomalies to the people who have responsibility for accomplishing or maintaining functional safety during the course of the safety lifecycle. Typically, many of these people are fulfilling safety manager roles in customer safety, supplier safety, product development, product production, operation, service, or decommissioning. It is imperative that they be informed of these anomalies early in the process, so they can help ensure that the safety anomaly is processed by the proper persons in a manner that accommodates all of the appropriate safety considerations and interactions.
After the process is put in place, it is put to work. The safety anomaly is analyzed and evaluated in accordance with the process. This evaluation can include a root cause analysis that results in future corrective action. An appropriate resolution is defined, and the safety anomaly is managed to closure in a timely and competent manner. If this work results in any changes, those changes are handled in accordance with the change management process defined in ISO 26262-8:2018, Clause 8.
A safety anomaly will only be considered closed if:
- adequate safety measures are implemented to resolve the anomaly and the effectiveness of the safety measure is verified, or
- the safety anomaly is evaluated and determined to not constitute an unreasonable risk and a valid rationale is made for its closure; it is then closed.
Note: The rationale is important. It must be documented and formally reviewed. If no rationale is presented, the safety anomaly is not considered to be closed.
If a safety anomaly is not managed to closure, then it must be escalated to the proper persons who are responsible for functional safety. These persons must have the proper authority to bring together the right people to drive a safety anomaly to closure. If a functional safety assessment is performed as part of this process, then the safety anomaly must be explicitly communicated to the person responsible for conducting the assessment.
How do you develop a safety culture in the workplace?
Proper management of the safety lifecycle is of paramount importance. The most important thing that the managers do is to plan, coordinate, and track all of the activities that are related to functional safety in any way, during all phases of the safety lifecycle. These include:
- the overall management of safety;
- safety management that is scoped to the concept phase and the product development phases for a specific project at their system, hardware, and software levels; and
- the management of safety during the production, operation, service, and decommissioning phases.
For product development, safety activities are initiated right at the beginning, during the concept phase. Refinement is continued during the subsequent product development phases as required until the decision is made to release the item or element for production.
What does creating a culture of safety mean?
Defining the item
One of the first tasks of the safety lifecycle is to develop an accurate and complete description of the item that includes:
- its functionality;
- its interfaces with other components, systems, and humans;
- the environmental conditions in which it operates and which have an impact on it;
- relevant legal considerations and requirements;
- any known hazards that might impact the item; and
- other elements and considerations that could impact safety.
The boundary of the item is then defined, including the item itself and its interfaces. The boundary description must encompass a complete envelope with no overlaps or gaps. If other assumptions need to be made regarding other items, elements, or other external measures, they are done so in accordance with the steps defined in ISO 26262-3:2018, Clause 5.
Hazard analysis and risk assessment
A hazard analysis and a risk assessment of the item are then performed. The hazard analysis produces an estimate of three key considerations:
- the probability of exposure;
- the controllability of the hazardous events; and
- the severity of the hazardous events.
When factored together, these three considerations dictate the Automotive Safety Integrity Levels (ASILs) of the hazardous events. In turn, this information determines what the safety goals will be for the item. Each ASIL is assigned to a corresponding safety goal. Then, during the subsequent phases and sub-phases, more detailed safety requirements are derived. Each safety requirement inherits the ASIL of its corresponding safety goal, or it receives the ASIL if ASIL tailoring has been applied.
The functional safety concept
The functional safety concept is a sub-phase of the concept phase that is based on the safety goals, and preliminary assumptions about the architecture. It extracts functional safety requirements from the safety goals and connects these functional safety requirements to elements that make up the item.
This step might include the consideration of other technologies or external measures; subsequent validation might determine that these fall outside the scope of ISO 26262 and thus, outside the scope of the development of the item.
System-level product development
After the functional safety concept is defined, the item is developed at the system level. This is where the V-model of the Verification and Validation (V&V) process comes into play. Starting at the top and moving downward on the left side of the V-model, the technical safety requirements are specified, as are the system architecture, the system design, and its implementation. Progressing back upward on the right side, the integration, verification, and safety validation are addressed. The interfaces between hardware and software are first defined in this phase and then refined and updated during the actual hardware and software development.
During system-level development, other safety validation tasks also occur, including:
- technical assumptions related to the ASIL classification;
- validating previous assumptions about human behavior;
- validating functional safety concepts that are implemented by other technologies; and
- validating previous assumptions about external measures.
Product development at the hardware and software levels
At this point, the hardware is developed in accordance with the V-model. Then the software is developed, also in accordance with the V-model. For each, the specification of the requirements and the design and implementation falls on the left side, and the integration and the verification fall on the right side.
Production, operation, service, and decommissioning phases
The planning of these phases and the defining of the associated requirements start during the development of the product at the system level, but it takes place in parallel with the development of the system, hardware, and software.
Details and requirements are established and communicated regarding the processes, means, and instructions for ensuring functional safety during these phases. In addition, quality management standards and processes may also be considered, such as IATF 16949, ISO 9001, the ISO/IEC 33000 series of standards, Capability Maturity Model Integration (“CMMI®”), or the Automotive SPICE®1 series of standards.
Other key concepts
Confirmation measures are performed to ascertain the functional safety that is achieved by the item, or the contributions made to the achievement of functional safety by the development of the elements.
During the hazard analysis and risk assessment, credit can be given to the driver and other persons at risk for avoiding harm, even when this avoidance is bolstered by external measures. The exposure to risk and its severity depends on the scenario.
External measures outside the boundary of the item that reduce or eliminate potential hazards can also be considered and validated. This can include measures attached to the vehicle such as anti-sway bars, as well as measures that are part of the surrounding infrastructure such as guardrails.
The act of releasing an item for production formalizes the organization’s decision to release the item for production, after taking into consideration the results of the safety lifecycle and the applicable confirmation measures. Further improvements and refinements are processed in a like manner and implemented at the next formal release.
The safety lifecycle is both the embodiment and product of an organization-level attitude, as well as a formal process that results in specific criteria that must be met. It is driven from the top down, governed by formal vetted processes, and defines what both the risks to, and the achievement of, functional safety looks like. Most importantly, it is a systematic road map for making safety actionable and achievable, as we turn functional safety from just a good idea, into reality.