I recently listened to one of Drew Rae’s DisasterCast Episodes on Interlocks. During this outstanding Podcast he described how interlocks can be used as a safety mechanism to prevent certain accidents. While I don’t want to go into great levels of detail about Interlocks with this post, to me it was very interesting when he got into the ways humans are involved with systems, how they work to create safety interlocks in a system, and how (sometimes) these can fail. To me the failure part is interesting, but success is even more interesting to me because as humans we create safety and successful outcomes a lot of the time and I think that the amazing capacity of humans to create safety and success can be lost in the noise surrounding a hierarchy of hazard controls.
Before we go further, perhaps I should emphasize that I believe the use of a hierarchy of hazard controls is extremely important. In many cases higher order controls are more effective and take the emphasis off the employee and in many cases may help optimize the operational environment for the worker. However, we should not get lulled into a false sense of security simply because someone has told us that we can eliminate all risks (if you hear this, please challenge the statement with inquiry and dialogue because zero risk is not possible to achieve). Even if we are able to eliminate risks in some areas or substitute less hazardous work methods, we will likely trade one risk for another. (Oh yes, we must be careful of unintended consequences and oftentimes we are blind to them in our zeal to do something). So, we must be aware of the entire risk control process and manage it wisely.
In so many cases when an accident or incident occurs there is a push by the organization to do something to prevent that incident from happening again. However, we must be cautious and guard against the “Do Something Syndrome,” which is described here in The Farnam Street Blog. We really need to understand what the types of controls are in the hierarchy, the purpose of each one, the specific contexts and system interdependencies which can facilitate their successful implementation (and potential failure), and that most of the time for every choice we make we are giving something up and in many cases this can have impacts on successful (and safe) operational performance.
To show a specific example, I need to take you back in time by a few years. It was during my time as an Instructor Pilot in the Naval Aviation Training Command (Marine Aviators often serve as Instructor Pilots in Navy Training units). I remember years ago while I was Director of Safety and Standardization for a U.S. Navy flight training squadron we were undergoing the transition to a more modern training aircraft, which was much faster (and arguably by some, prettier) than our current aircraft. Both aircraft were designed to be used in training brand new student aviators (you know, the kind with little to no experience, which meant as Instructor Pilots we had our work cut out for us). During the transition there was a potential for aircraft positions to conflict with each other during flights. I am not sure how well experiments with two types of high velocity metal occupying the same space work in labs, but with airborne aircraft the result typically isn’t good. So, there was a concern about mid-air collisions.
To address this issue I suggested that we move more towards a stricter form of procedural control where aircraft would be assigned block takeoff and return times and be required to meet those takeoff and landing windows. Great thinking, right? This way we would KNOW who was going to be where at what time and things would be highly controlled, right? It was at this point that somebody with more experience reminded me of our need to maintain adaptability and flexibility, which is a hallmark of Navy and Marine Corps aviation. My option would have placed too much control and too many restrictions and may have resulted in the cancelation of so many missions that it would have reduced our production numbers. Safety has to work as a mission enabler and overly restrictive rules might improve safety, but at an excessive detriment to production flexibility, and ultimately organizational performance. We still needed to preserve the flexibility that was afforded to us through our procedural controls, which allowed for adequate margins of safety.
So, how did we balance the use of procedural interlocks with the need for flexibility and production output? The organization created additional procedural controls for the new aircraft and we went back to the basics that had worked in the past for the older aircraft. We reemphasized the need for continuous communication with other aircraft in our training areas and used the procedural controls the way they were designed. This allowed us the ability to maintain adequate margins of safety while preserving the adaptability and flexibility needed to help the Instructor Pilots accomplish the training missions based on the changing dynamics of the operating environment (such as individual student needs, weather, and congestion at our outlying training airfields). This process allowed us to safely accomplish our production goals and train student aviators who understood the value of adaptability and procedural controls. I am not saying that doing things the way an organization has always done them is the best way to create safety. In fact “we have always done it this way” approaches can be terribly flawed in many cases, such as when there is a need to make sacrifice decisions to preserve safety over production. However, in an organization’s zeal to change perhaps sometimes decision-makers overlook some of the unintended consequences of decisions.
So, what is the best way to protect people and other operational assets while meeting production goals? This post may not provide a clear answer, but using a system approach to analyze problems may help key leaders and decision-makers develop strategies. Using a diverse audience of experienced workers and experts, including those who may be affected by the changes and decisions may serve as a useful approach because oftentimes they may have some of the critical information necessary to actively create safety during production work. The hierarchy of controls is important. In many cases there are ways to eliminate some risks, and in other cases, creating engineering controls in the form of interlocks may be useful. In some cases, using a combination of controls, such as interlocks with Personal Protective Equipment (PPE) may be required. A lot of the decisions will be based on the level of acceptable risk. An important point to emphasize is that when deciding the types of controls to put in place for risk reduction, experts and experienced workers, managers, and leaders should talk about the potential benefits and associated negative consequences before selecting a course of action, because if this conversation does not happen workers may end up having to create workarounds to address unforeseen negative consequences associated with safety interventions. A system approach may never be perfect, but it may help. Leaders and decision-makers will never be perfect, but they can learn and grow. During the process they can help lead their organizations into success.