360 likes | 624 Views
Business Case for High Reliability. HPRCT Workshop June 21-25, 2010 Richard S. Hartley, Ph.D., P.E. This presentation was produced under contract number DE-AC04-00AL66620 with. What is a High Reliability Organization?.
E N D
Business Case for High Reliability HPRCT Workshop June 21-25, 2010 Richard S. Hartley, Ph.D., P.E. This presentation was produced under contract number DE-AC04-00AL66620 with
What is a High Reliability Organization? • An organization that repeatedly accomplishes its high hazard mission while avoiding catastrophic events, despite significant hazards, dynamic tasks, time constraints, and complex technologies • A key attribute of being an HRO is to learn from the organization’s mistakes • Aka a learning organization
SYSTEM ACCIDENT TIMELINE What is Next? Who is Next? 1979 - Three Mile Island 1984 – Bhopal India 1986 – NASA Challenger 1986 – Chernobyl 1989 – Exxon Valdez 1996 – Millstone 2001 – World Trade Center 2005 – BP Texas City 2007 – Air Force B-52 2008 – Stock Market Crash
Why Is Being an HRO So Important? Some types of system failures are so punishing that they must be avoided at almost any cost. These classes of events are seen as so harmful that they disable the organization, radically limiting its capacity to pursue its goal, and could lead to its own destruction. Laporte and Consolini, 1991 Some types of system failures are so punishing that they must be avoided at almost any cost. These classes of events are seen as so harmful that they disable the organization, radically limiting its capacity to pursue its goal, and could lead to its own destruction. Laporte and Consolini, 1991 Some types of system failures are so punishing that they must be avoided at almost any cost. These classes of events are seen as so harmful that they disable the organization, radically limiting its capacity to pursue its goal, and could lead to its own destruction. Laporte and Consolini, 1991
Business Case for High Reliability Is it right for you?
Does a Systems Approach Make Sense? Department of Energy Safety Improvement from 1993-2008 Contractor ISM deployed Data as of 7/7/2009 DOE injury rates have come down significantly since Integrated Safety Management (ISM) was adopted
Does a Systems Approach Make Sense?U.S. Nuclear Industry Performance 1985-2008 Capacity Factor (% up) Cost (¢/kwh) Rx Trips/ Scrams Significant Events/Unit Nuclear Energy Institute (NEI) Data
What is the Focus of an HRO? Individual Accidents OR Systems Accidents?
Individual Accident • An accident occurs wherein the worker is not protected from the plant and is injured (e.g. radiation exposure, trips, slips, falls, industrial accident, etc.) • Focus: • Protect the worker from the plant Plant (hazard) Human Errors (receptor)
Systems Accident • An accident wherein the system fails allowing a threat (human errors) to release hazard and as a result many people are adversely affected • Workers, Enterprise, Surrounding Community, Country Plant (hazard) Human Errors (threat) • Focus: • Protect the plant from the worker The emphasis on the system accident in no way degrades the importance of individual safety , it is a pre-requisite of an HRO
Strive To Avoid A Systems Accident! • Goal of a High Reliability Organization • Strive daily for High Reliability Operations • A systems approach • Every individual is not going to have a perfect day every day • To avoid the catastrophic accident a systems approach is required
Fundamentals of Systems Approach Reality Engineering Understanding Socio-Technical Systems to Improve Bottom-Line
Central Theme of an HRO Not a New Initiative Logical, Defensible Way to Think Based on Logic & Science Logic & Science are Time and New Initiative Invariant The most important thing, is to keep the most important thing, the most important thing. Steven Covey, 8thHabit • Focus on what is important • Measure what is important
HROs Think and Act Differently • Take a physics-based system approach • Measure gaps relative to physics-based system • Explicitly account for people • People are not the problem, they are the solution • People are not robots, pounding won’t improve performance • People provide safety, quality, security, science etc. • Sustain behavior – account for culture • Improve long-term safety, security, quality
Spectrum of Safety Spectrum of Safety • Hard Core Safety Physics • Physics invariant • Prevent flow of unwanted energy • Delta function • Squishy People Part of Safety • Average IQ of the organization • It is a systems approach • Gaussian curve As Engineers Write As People Do
Spectrum of Safety Spectrum of Safety • Hard Core Safety Physics • Physics invariant • Prevent flow of unwanted energy • Delta function • Squishy People Part of Safety • Average IQ of the organization • It is a systems approach • Gaussian curve Old Mind-Set Compliance-based safety • High Reliability Organization • Explicitly consider human error • Take into account org. culture • Maximize delivery of procedures • Improve system safety
Steps To Deploy HRO • Step #1: Ensure the operation has a defined and justified safety basis • Step #2: Develop and deploy HRO framework to use strengths of organization to maintain safety • Step #3: Measure performance of organization to safety basis • Step #4: Leverage organizational learning to reduce variability to following safety basis
Steps To Deploy HRO • Step #1: Ensure the operation has a defined and justified safety basis • Understand physics and chemistry of processes • Unsafe Zone • Do not Operate Zone (DOZ)
In the red part of the unsafe zone and as delineated by the deterministic line, there are some levels of physics beyond which the outcomes (consequences) are certain. Zones of Safety Unsafe Zone Violates physics of safety High consequence event Unsafe Zone Violates physics of safety High consequence event 20
The orange cloud signifies the DOZ (don’t operate zone). It extends to the unsafe zone (red circle) and signifies that area which because of uncertainty we try to stay out of by establishing conservative margins of safety. Zones of Safety Unsafe Zone Violates physics of safety High consequence event DOZ (don’t operate zone - signified by orange cloud) Region noted by DOZ should provide safety but can’t prove 21
Steps To Deploy HRO • Step #1: Ensure the operation has a defined and justified safety basis • Understand physics and chemistry of processes • Unsafe Zone • Do not Operate Zone (DOZ) • Define and justify safety basis relative to Unsafe Zone and DOZ • Ensure individual processes are within safety basis • Ensure collective processes are within safety basis • Determine margin of safety
Zones of Safety Unsafe Zone Violates physics of safety High consequence event The safe zone/safety basis (green oval) represents a physics-based zone bounded with hazard analyses and defined using operating procedures. DOZ (don’t operate zone - signified by orange cloud) Safe Zone - Safety Basis Assured safety based on physics Processes if followed (i.e. stay within safety basis) assures safety Region noted by DOZ should provide safety but can’t prove 23
Zones of Safety Unsafe Zone Violates physics of safety High consequence event DOZ (don’t operate zone - signified by orange cloud) Safe Zone - Safety Basis Assured safety based on physics Processes if followed (i.e. stay within safety basis) assures safety The Margin of Safety represents the gap between the established safety basis and the unsafe zone. Margin of Safety (i.e. safety factors) 24
Steps To Deploy HRO • Step #2: Develop and deploy HRO framework to use strengths of organization to maintain safety • Compliance-based safety • Work-as-imagined equals work-as-done, except • Bad apples
Compliance-Based Safety Engineer’s Field of Dreams Build it and they will come Unsafe Zone Violates physics of safety High consequence event Based on assumption that most people will follow established safety rules. Regulation and oversight ensure compliance with established safety basis. DOZ (don’t operate zone - signified by orange cloud) Safe Zone - Safety Basis Assured safety based on physics Processes if followed (i.e. stay within safety basis) assures safety Management assumes work-as-imagined equals work-as-done work-as-imagined = Margin of Safety (i.e. safety factors) work-as-done 26
Why do we remove “bad apples?” They represent the $ M lesson learned! Compliance-Based Safety Those that don’t follow established safety systems are just those few bad apples that need to be removed. Unsafe Zone Violates physics of safety High consequence event DOZ (don’t operate zone - signified by orange cloud) bad-apples Safe Zone - Safety Basis Assured safety based on physics bad-apples X X Processes if followed (i.e. stay within safety basis) assures safety work-as-imagined = Margin of Safety (i.e. safety factors) work-as-done 27
Steps To Deploy HRO • Step #2: Develop and deploy HRO framework to use strengths of organization to maintain safety • Compliance-based safety • Work-as-imagined equals work-as-done, except • Bad apples • HRO Approach to safety • Reality between work-as-imagined vs. work-as-done • Socio-technical systems • Explicitconsideration of the affect of organizations on technical safety
HRO Approach to Safety Unsafe Zone Violates physics of safety High consequence event Green cloud signifies organizations’ struggles to stay within safety basis. DOZ (don’t operate zone - signified by orange cloud) Safe Zone - Safety Basis Assured safety based on physics Processes if followed (i.e. stay within safety basis) assures safety work-as-imagined work-as-done 29
HRO Approach to Safety Holes in safety basis because of poor analysis (potentially drops you into the DOZ). Unsafe Zone Violates physics of safety High consequence event DOZ (don’t operate zone - signified by orange cloud) Safe Zone - Safety Basis Assured safety based on physics Processes if followed (i.e. stay within safety basis) assures safety work-as-imagined work-as-done 30
HRO Approach to Safety Unsafe Zone Violates physics of safety High consequence event DOZ (don’t operate zone - signified by orange cloud) Safe Zone - Safety Basis Assured safety based on physics . Every excursion into DOZ decreases margin of safety. Processes if followed (i.e. stay within safety basis) assures safety work-as-imagined Reduced Margin of Safety work-as-done 31
HRO Approach to Safety HROs: Explicitly consider how the organizational behavior affects ability to buy-in to the established safety basis. Attempt to leverage this to improve the margin of safety. Unsafe Zone Violates physics of safety High consequence event DOZ (don’t operate zone - signified by orange cloud) Safe Zone - Safety Basis Assured safety based on physics Processes if followed (i.e. stay within safety basis) assures safety work-as-imagined work-as-done 32
How Do HROs Do This? Builiding a High Reliability Organization
Fundamental HRO PracticesUse a Systems Approach to Avoid Catastrophic Accidents
Recommended Reading Material • The Limits of Safety, Scott D. Sagan • Normal Accidents – Living with High-Risk Technologies, Charles Perrow • Managing the Unexpected, Karl E. Weick& Kathleen M. Sutcliffe • Managing the Risks of Organizational Accidents, James Reason • Organizational Culture and Leadership, 3rd ed., Edgar Schein • Field Guide to Human Error Investigations, Sidney Dekker • The 8th Habit, From Effectiveness to Greatness, Stephen Covey • Pantex High Reliability Operations Guide • Pantex Causal Factors Analysis Handbook