System safety principles: A multidisciplinary engineering perspective

• This work provides a synthesis of a set of system safety principles.
• This work is pedagogical and is meant to serve a support role in safety training.
• The principles are domain-independent and broadly applicable across industries.
• The principles are related to the notions of hazard level and accident sequence.
• They are an important addition to the intellectual toolkit of engineers and decision-makers.

System safety is of particular importance for many industries. Broadly speaking, it refers to the state or objective of striving to sustainably ensure accident prevention through actions on multiple safety levers (technical, organizational, and regulatory). While complementary to risk analysis, it is distinct in one important way: risk analysis is anticipatory rationality examining the possibility of adverse events (or accident scenarios), and the tools of risk analysis support and in some cases quantify various aspects of this analysis effort. The end-objective of risk analysis is to help identify and prioritize risks, inform risk management, and support risk communication. These tools however do not provide design or operational guidelines and principles for eliminating or mitigating risks. Such considerations fall within the purview of system safety.In this work, we propose a set of five safety principles, which are domain-independent, technologically agnostic, and broadly applicable across industries. While there is a proliferation of detailed safety measures (tactics) in specific areas and industries, a synthesis of high-level safety principles or strategies that are independent of any particular instantiation, and from which specific safety measures can be derived or related to, has pedagogical value and fulfills an important role in safety training and education. Such synthesis effort also supports creativity and technical ingenuity in the workforce for deriving specific safety measures, and for implementing these principles and handling specific local or new risks. Our set of safety principles includes: (1) the fail-safe principle; (2) the safety margins principle; (3) the un-graduated response principle (under which we subsume the traditional “inherently safe design” principle); (4) the defense-in-depth principle; and (5) the observability-in-depth principle. We carefully examine each principle and provide examples that illustrate their use and implementation. We relate these principles to the notions of hazard level, accident sequence, and conditional probabilities of further hazard escalation or advancement of an accident sequence. These principles are a useful addition to the intellectual toolkit of engineers, decision-makers, and anyone interested in safety issues, and they provide helpful guidelines during system design and risk management efforts.