The Safety of Work

Ep.60 How does Safety II reimagine the role of a safety professional?

Episode Summary

Welcome to the first Safety of Work podcast episode for the New Year! After our three-part series on the book, Safety I and Safety II, we go back and discuss the role of Safety II. Namely, we ask how Safety II reimagines the role of safety professionals.

Episode Notes

Every ten episodes or so, we like to indulge ourselves and cover some of our own research. This is one of those episodes. Since it is relevant to our last three episodes, we discuss the final paper that David wrote when pursuing his Ph.D.





“Centralized control is the big, main idea that pervades, I suppose, our current and traditional... approach to safety, which is about trying to reduce the variability of work…”

“We’ve got all of these people complaining that Safety II doesn’t give you any sort of practical implementation. So you...submit a draft of this paper and the immediate response is ‘Oh, this isn’t offering anything new’, when it was answering the exact thing that people are constantly complaining about.”

“And then understand the issues and uncertainties being grappled with by technical specialists. And try to look for where the organization might be discounting emerging information.”



Safety II Professionals

Episode Transcription

Drew: You're listening to the Safety of Work Podcast episode 60. Today we're asking the question, how does Safety-II reimagine the role of a safety professional? Let's get started.

Hey everybody, my name's Drew Rae, I'm here with David Provan. If we’ve timed the cue right, this is the first Safety Work Podcast for 2021. Happy new year to all of our listeners. In each episode, we ask an important question in relation to the safety of work or the work of safety and examine the evidence surrounding it. But every 10 episodes, we indulge ourselves by talking about some of our own research which may or may not be an important question relating to the safety of work or the work of safety.

I think today definitely is an important question, I'm looking forward to it. We're going to be talking about the final paper that David wrote as part of his PhD. Moving away from the descriptive investigation towards the practical suggestions coming out of that work. David, can you tell us a little bit about how and why you wrote this paper?

David: Drew, this was the main game for me when I started my PhD which was to understand what the new view of safety theories might mean for the design and the practice of the role of safety professional. Or more practically, if you as a safety professional wanted to lead and support your organization to introduce new view safety approaches, what would you be doing day-to-day in your role?

I first brought this question to you and to Sidney Griffith, Drew, I've been working with new view ideas in my organization for five years or so. I really wanted to know what should I be asking my safety organization to do? How can the safety organization be promoting it? Like I said, this is the main gain, but it was the final paper that I wrote because we have to actually get to the point where we felt confident to be able to lay these ideas out. To do that, we did the belief research first which we spoke about in episode 30, and then my ethnographies current practice which I'm sure we'll talk about in our future episodes as well.

This paper was a really nice way to finish off my research and I was also hoping that it would be read as widely as possible by practitioners so we ended up publishing it open access. When we link it to the show notes in this episode, it won’t be behind the paywall for any of our listeners.

Drew: David, I presume you're going to be doing most of the talking in this episode since it's your paper. I’ll just run through the introductory stuff. The paper is called Safety-II Professionals, how resilience engineering can transform safety practice. Which I think is many buzzwords about new view of safety as we can get into one title without actually saying safety differently as well.

It was published in the journal Reliability Engineering and System Safety which is one of the sort of big four safety journals. Published officially in 2020. It already has, I noticed, 12 citations which means that it sparked a great deal of interest pretty immediately. 

I had a look through some of who is citing it and one of the citations is from the final editorial from the journal Policy and Practice in Health and Safety which unfortunately, ended this year. The final editorial talks about the need to have a continuing conversation about the role of safety practitioners in organizations. The authors of this paper are David Provan, David Woods, Sidney Dekker, and Andrew Rae. That's three generations in one paper. 

David was a PhD candidate when he wrote this. Sidney and I were his supervisors and David Woods was Sidney's supervisor. I just have to complete the connection by the way. I believe Erik Hollnagel was David Woods’s supervisor. We interviewed David Woods on episode 24 of this podcast. David, why in particular did you want Woods involved with this part of your work?

David: Drew, the first paper that we published during my PhD was a literature review called Bureaucracy Influence and Beliefs a literature view of the safety professional practice. I sort of tried to raid or I think I threw my arms around pretty much everything that has been written in the last 30 years about the role of safety professionals and safety professional practice. There was one chapter or an article that became a chapter in the original Resilience Engineering: Concepts and Precepts book which was published in 2006. David Woods had got involved with some work at NASA after Columbia. I was actually on the independent expert review board for Columbia.

They sort of asked him about what they should do in the design of the NASA safety organization because of some of the conclusions that were drawn in the Columbia incident investigation report. David had written this chapter titled, How to Design a Safety Organization, a Test Case for Resilience Engineering. When I contacted him in 2017, I wanted to ask him, did you ever do anything more with this paper? Because I just pretty much read everything in the last 30 years on the safety profession. It was probably in my opinion, the most insightful piece that I've read and started to talk about the complexities, and challenges, and possible directions for the role.

He introduced that paper, some of our listeners might be familiar with the four R’s of a safety professional. He never really stepped out what to do, but he said look, safety professionals need to be involved really close to the operations, but they also need to be independent so they can test, and challenge, and make decisions for themselves. They also need to be very informed about what is going on, but they also need to be informative so they're going to be bringing new insights and new ideas to their organization.

He started talking about these tensions, and contradictions, and challenges, and design ideas. I asked him if he had done anything with it and he said at the time, no. The space shuttle funding got canceled. Our project stopped and I went on to other things and I kind of forgotten that I wrote that. I just said, would you be interested in working with us, yourself Drew, Sidney, and I to try to deepen those ideas and make them be more practical and he actually said yes. In 2018, I was able to go over to OSU for a couple of weeks and spend a couple of hours a day bottoming out those ideas with Dave.

Drew: David, you started the paper as is fairly typical with these sorts of papers, by laying out some definitions. What I like about these are as far as I can tell, they’re independent of particular theory. In the last couple of episodes when we've been talking about Safety-I and Safety-II, Hollnagel sort of implies the different definitions of what safety is, whereas you've gone the other way. You've given the sort of united set of definitions which you then break out into different ways of achieving those goals. Can you just run us through your ideas for the key terms that you're using?

David: Yes. This actually came out, I'm pretty sure it was the first round of peer review comments in the paper, because it went to Reliability Engineering And System Safety. There were a few comments coming back about, when you say safety, what exactly do you mean? When you say risk, what do you mean? When you say safety professional—and it was really helpful because I've done the thing that we've been talking about other people not doing which is we hadn’t actually defined some of the key terms we’re going to use throughout the paper. We added in the section of definitions. Maybe if I go through it quickly.

We define the term safety. When we say safety we mean the ability for a system to perform its intended purpose while preventing harm to persons. We also say that safety is an emergent property of the operational system. Therefore, safety can be thought of as the combined result of all the decisions and all of the actions of all people with the ability to interact with the operational system. I would think about it quite broadly. People who design a system, people who can exert any influence, or pressure, or impact on that system.

We then talked about safety management, which is different from safety. We talked about safety management as a label being used to describe the practices that can direct, monitor, and intervene in the corporations for the purpose of generating or maintaining safety. Safety management is an active thing that we try to do just to create safety within that operational system.

We use the term risk. We link that to safety, but I use the term risk to refer it to the level of uncertainty that the operational system will generate safety as an emergent property and the severity of the potential consequences to people of a lack of safety. We're talking here about the consequence and uncertainty around whether the system will actually perform its function and keep people safe.

Finally, the term safety professional. We use the term safety professional to describe the roles within an organization that exist with the primary purpose of safety management and that did not have a core operational purpose within the organization. I thought that was really quite good because we had to give some thought once we got asked for that clarification from the peer review as when we say safety, when we say safety management, when we say risk, and when we say safety professional, how do we define what we're talking about.

Drew: I noticed that those definitions don't draw any lines between different types of safety professionals or different types of safety management. They apply equally to engineering style activities, or operational activities, or behavior based safety programs that's all activities that people do which have a combined impact of changing the operational system and therefore, the emerging property of safety.

David: Drew, the way that the paper is structured, we sort of set it out in two parts. It's a little bit like from two papers. When we’re talking about transforming the role and this was I think your idea Drew, and maybe it was a little bit about the frustration that we were having with everything just being bundled up in Safety-I. We wanted to not get into this emotional debate about what we've talked about the last couple of weeks about Safety-I and Safety-II, what's good and what's bad. We just wanted to actually be really descriptive and say, what have organizations traditionally been trying to achieve to manage safety in their organizations, and what does the new view literature say that organizations should be trying to achieve, and are they different?

We lay out the paper with two different what we call modes of safety. Two different ways of trying to achieve safety and not trying to say one’s good or bad. Although once we get into it, we realize that there are probably some preferable ways of approaching safety.

Drew: If I remember correctly, David, we had quite a few conversations around trying to create this sort of fairest and most generous case for what was the theory behind how Safety-I was meant to work. We had to almost reconstruct that, because mostly it is fairly atheoretical. I'm really happy with what sort of ended up in the paper. Do you want to describe what centralized control looks like or how it's meant to work?

David: The two modes of safety we talked about is centralized control and guarded adaptability. They're just two labels. We talked about Safety-I and Safety-II a little bit different, but obviously there’s a lot that we'll talk about in this episode. Centralized control was the big main idea that pervades I suppose our current and traditional largely approach to safety which is about trying to reduce the variability of work which we spoke about particularly in last week's episode around Safety-I and Safety-II.

We just want to standardize, and prescribe, and control, and we want to centralize decision making. We want to centralize the way that work happens. Centralized control was a multisite management. It basically talks about how the organization determines what's safe. Then the organization works to implement all these mechanisms and practices to align the operational work throughout the organization with the prescribed roles, the prescribed requirements, and the prescribed procedures for the organization.

Accidents, and near misses, and problems are believed to be the results of all operational work not deviating from these prescribed practices, or the prescribed practices not being sufficient to cover all of these operational scenarios. Remedies, and improvement plans, and corrective actions, and focus on trying to increase the scope of compliance opportunity, and also the actual practice of compliance as work is being performed.

Our safety management practices and remember these deliberate activities that we do within our system to try to generate safety are really targeted around identifying deviations from prescribed work which need to be detected and eliminated. Hopefully I sort of described that quite clearly. We decide what's safe, we put it in a lot of ways to actually make sure that work aligns with that. Then we check and we correct as we go forward in our organization.

Drew: One thing that I find interesting is that most people when they try to describe the difference between Safety-I and Safety-II, they start off with definitions. In particular, they talk about the idea that Safety-II is about learning from what goes well or what is normal instead of what goes wrong. Whereas, you’ve really started from the practice of what is Safety-I trying to do. Learning from what goes wrong is part of it, but it's just one practice in this overall management philosophy of trying to identify what safety is and then keep the organization within the bounds of what is safe.

David: We came at that from Safety-I because we talk a lot in the new view of safety theory particularly within engineering about capacity. What are the organizational capacities that are trying to be created and enhanced through these approaches? People know like Erik's for resilient potential, and monitor, anticipate, respond, and learn and trying to build these capacities. 

We had that discussion which is that all of our traditional approaches to safety have been about building capacity in the organization as well. One of those capacities is that both traditional approaches have been trying to build and that's where we ended up with these quiet practice interviews, because all of these practices have to be tried to actually strengthen the organization in some way. How might they be doing that?

Drew: Before we go into the detail, could you just quickly run us through the alternative, what the decentralized mode looks like.

David: Decentralized mode was about guided adaptability and that really type comes out in the new view theory. We spoke about that as one of the central ideas with Safety-I and Safety-II last week about the performance variability of work. Particularly, a lot of what we’re seeing is work which is about that safety is created through capable and responsible shops and operators dynamically adjusting their work to match the situations that they face.

Accidents occur not because people don't conform to procedure, but accidents occur because the organization and the people at the frontline don’t have that adaptive capacity to keep pace with the changing needs and demands of operational work. I think when you test that in really fast paced dynamic environments, in flight simulators, and nuclear control room simulators, and things like that. We can see that safety is not just created by conformance to procedures, but we can see that safety is created by sort of dynamically adapting, sensing, and responding to situations that people face.

How do you manage that and why we called it guided adaptability was because of the tension that I always needed to reconcile in my mind which is that, how do you know whether an adaptation is about creating safety, or how do you know if that adaptation is starting to create drift in the organization towards safety. 

The capacities that we're trying to create in an organization for guided adaptability. The alternative guided adaptability really talks about four capacities. This is a bit of a take on the four resilience potentials that we spoke about from resilience engineering and Erik, but it has been updated because at the same time David was working on his theory of graceful extensibility which we did speak about in episode 24.

We talked about these four capacities in organization about anticipation. Creating foresight about future operating conditions, our readiness to respond which is about maintaining deployable reserve resources available that can keep pace with the changing demands and that frontline shopping workers can access those readily expandable resources. Synchronization about coordinating information flows and actions across different teams and different actors within the organization, and then proactive learning. Those activities by which organizations search for ways that they might fail but also the things that they need to do to support their continued operations, trade offs, reprioritization of work before incidents occur. 

We did redefine some of the resilience engineering that you're doing here and expand out some of the Safety-II that you're doing. We're starting to set up these revised roles of safety professionals.

Drew: We've got all of these different theories in the paper, you name checked car reliability organizations, resilience engineering, safety differently, Safety-II, and now you’ve also named checked graceful extensibility, and then this new one that you've talked about, guided adaptability. To what extent do the sort of differences between these theories matter when it comes to deciding how we go about doing safety and safety practitioners?

David: It probably don't matter a lot practically in my opinion, Drew. I’d be also very interested in your opinion. For me there's a big sort of venn diagram that overlaps a lot in some of these core ideas. We know that a lot of these different labels that we put on these new view safety theories are sometimes more about the individual academic than they are necessarily about the difference in the underlying theoretical framework.

I actually did a quick analysis this year, I put it on LinkedIn. I can throw it in the show notes where I took over those theories you just name checked. I took the principles that sit within each of those and then tried to actually look at doing some thematic analysis to see just how different and how similar they are. They basically all line up in varying ways, the different theories. I suppose if we then extend that thematic analysis to the purpose of this podcast Drew, but just to run through it. 

There were eight core things that came out of those seven theories that you just name checked which was about the capacity for organizations to have leaders who care about their people. To have an aligned understanding and mental model in the organization that works in risk. To set workers up for success. To appreciate the variation and complexity of work. To closely monitor operations, anticipate future scenarios, and prioritize support learning, and then to adjust the organization's goal structures and resources to reduce pressure and conflict in the system. 

Whether you talk about any one of those theories you name checked Drew, they more or less in different ways, cover aspects of those themes and principles. For practitioners, I don’t think there's any point in saying, I do human and organizational performance. I don’t do safety differently. You're probably just telling people that you don't really understand what's underneath those theories.

Drew: I guess the way I think about it is that we've been doing essentially the theory of centralized control for years and years without having any sort of underlying theory. Safety practice has just [...] atheoretically on a set of established practices that people agree are the right thing to do. 

With the new view of safety, we’re doing a similar thing. We're trying to coalesce around a set of practices that are a reformed way of doing safety. But the people who are proposing it are theorists. Instead of atheoretically doing it, we have a multitude of theories. You’ve gone from not enough theory to having lots of different theories. All of which mostly speak to the same practices just with a slightly different theoretical understanding of why we should do those particular practices.

David: Yeah. I've said it a number of times, I might have even said them on the podcast. Most of what we did in traditional safety, we tend to link back to the Frederick Taylor scientific management in 1911. I think the best counter to that was the HRO literature which we spoke about a number of times in the mid 1980s. I have spoken to a number of the theorists that we're talking about here now about why in the mid 80s did all of us in the new view—wouldn’t have been so much me and or you then Drew, but why didn't the group just all in behind the HRO theory and think how far we could have come in 35 years if we stopped worrying about theory when we had HRO and just actually worked to bottom out the practices, because really what we’re talking about here is the difference between scientific management and high reliability organizations.

Drew: Before we leap into the meat of the paper, there's one more bit of setup that you did which is just explaining what it is that you're trying to achieve by the paper. Which is essentially you said that we've got these new approaches to safety. Lots of safety professionals are looking at the new theories and either embracing or critiquing, but they're engaging in different ways with those theories. But the profession itself is operating very much in alignment with the theory of centralized control law in Safety-I. What you wanted to do was to establish a practical reference for how someone who wanted to shift their practice more towards Safety-II or more towards guided adaptability, how they could make that movement, what it would practically look like. Is  that a fair representation?

David: Yeah, exactly right. I think one of the critiques or criticisms even of Safety-II was that it wasn't practical and people said how do I do this? Where do I start? For all of the theory that have been put together in let’s say the two decades before we wrote this paper. It was a fair criticism. 

I mean that the publication of practical reference points for these ideas was more limited than the theoretical reference points. That was the end game, we’re just trying to say, if you're a safety professional and you want to do these stuff, and you turn up at your desk or your site at 9 o’clock on a Monday morning, what are some of the things you can start doing that might actually help create these different capacities in your organization?

Drew: I remember David the first round of peer review for this paper, we've got all of these people complaining that Safety-II doesn't give you any sort of practical implementation. You submit a draft of this paper and the immediate response is this isn't offering anything new, when it was answering the exact thing that people are constantly complaining about.

David: Yeah. This is probably the most challenging peer review because we picked reliability engineering system safety as the journal. That was probably a bit of a mistake for this type of theory type of paper or predominantly theory type of paper. Probably just because it's a review of a circle within that particular journal itself and you know more about risk and than I do, Drew. It was published in 2020 when the paper was submitted in 2018. This was a genuine 24-month peer review process.

Drew: Let's get on to the meat of the content. The way the paper is structured for each approach, you talk about some organizational capacities that we're trying to create. Then you list out the safety professional activities that support those organizational capacities. Can you just walk us through—I think fairly quickly because people are familiar with the old view just so that they're familiar with the structure—the organizational capacities for centralized control and how those then link in to the type of activities that we do.

David: The capacities in centralized control would talk briefly about five capacities. For an organization to have control over safety, and risk, and operations in their business in a centralized way which is this traditional approach. What organizations try to do is have the capacity to analyze the hazards. The factors that can cause their operations to become unsafe. They implement controls to those hazards and these are physical controls and behavioral controls.

They monitor their conformance both proactively and reactively like audits, inspections, incident investigations. They delegate authorities to line managers and to safety professionals to make safety decisions and they try to standardize their safety culture. They promote leadership and a frontline commitment to prioritize safety over other things and get a consistent mindset and belief around safety within their organization. Those five talk about understanding hazards, implementing controls, monitor conformance to those controls, delegate clear authorities and responsibilities, and standardizing safety culture for a priority on safety.

Those again unemotionally Drew, those are bad things and this is where I think we did a pretty good job of showing how Safety-I and Safety-II in some ways can be a bit complementary, because you wouldn't want to necessarily stop doing all of those things, but you might want to wind some of them back, and add to the other ideas.

Drew: The paper does talk a little bit about some of the ways the organizations adapt in response to safety activities trying to promote those things. One of the things that I think is a little bit different to other Safety-II approaches is that you've talked about this in terms of pressures and tensions. If I understand correctly, the argument is basically that the pressures and tensions are inevitable whenever you do a Safety-I, but that doesn't have to mean that they’d lead into serious problems. It's just that they can lead us into a sort of pathological direction if we don't do something to account for the precious intentions that get created. Is that a…

David: There's a table in this paper which goes, well, these are all the capacities and they don't have to be bad. To analyze risks, and put in place controls, and try to have a strong consistent safety coach. They're not necessarily bad ideas, but we know from the start of our podcast our listeners would know we spent a bit of time in institutional theory and the organizational literature. What happens in organizations is somewhat interesting, and challenging, and in some ways crops that ways that practices might normally be tended to be performed by theory.

We see the same with Safety-II, and safety culture, and other things like that. I did want to go through that literature and actually show in this table in this paper that you can do this task level analysis, but here’s all of the things that might actually happen as a result of that, depending on what pressures and tensions get inserted within your organization. You might think you're doing an objective risk assessment, but then there's pressure for people to just find and answer this palatable to the organization so you actually don’t assess the risk at all.

We don't need to go through them all. There's I think about a 2-page table that just said all the different references in the literature to the different ways that Safety-I approaches can not lead to safety in organizations.

Drew: Let's just pick out one of them to give our listeners an idea of what it's like, and then they can look up the paper if they're interested in the greater detail. One of the examples you gave is that safety professionals facilitate task level hazard analysis which has a very legitimate purpose. Under Safety-I, we want to identify and know what the safety hazards are associated with tasks, but then there's a bunch of literature that talks about what happens if you start facilitating task level hazard analysis.

Every task, you've got this extra process which can have a negative impact on time and resources. You've got creating a fixed model of risk, which means that if the task starts to vary a lot, that fixed model of risk isn't going to be able to cope with it. It’s going to be saying something's dangerous when they're not and failing to recognize all the dangers. There's a risk that that sort of activity shifts accountability away from management towards the frontline workforce.

David: I still get about a request every week for the take five paper. You might get a few follow-ups again after this episode saying when are you going to do the task level hazard analysis podcast episode?

Drew: I noticed that this table here at least has some nice references for me on problems with task level hazard analysis that you've neatly cited.

David: Very good. There's one after this. That’s an interesting table for people to start to think about and not all these things might be present in your organization, but depending on how you approach some of these activities now or in the past in your organization, you can see how those approaches and tensions can corrupt the intense of that safety practice and not actually do anything to create safety at all.

Drew: Let's move on to the positive stuff. This particularly if you're following along in the paper is table four and table six. We set out what the organizational capacities are for guided adaptability and then say what a safety professional does in order to try to create these organizational capacities.

David: If we go through that table now Drew, let's start with exploring everyday work. We've spoken about ethnographic interviewing on the podcast a few times. We've spoken about the need to understand frontline work. The activities exploring every day work, it should be a core part of a safety practitioner’s role with the intention of understanding the way that the organization is currently operating, and then where resilience and brittleness is present. That's really just about where that adaptive capacities are being deployed effectively and where the organization is vulnerable to risk and failure.

What are the tasks then? What does it mean on Monday morning for a safety professional? On one hand is to engage with and observe the challenges and problems faced by frontline work has done, and to facilitate the identification and implementation of safe adaptation. Observe work, go out into your organization, go on to your frontline, watch and talk with and engage with how people do their job. Specifically what should you be looking at, look at how they adapt and respond to the challenges that they face in their day-to-day work. What do they rely on? What do they draw down on? How do they communicate? How do they make decisions? How do they problem solve?

Actually, what becomes really interesting to us is knowing what resources people draw on when they get faced with certain situations, and then how they actually make those decisions about how they're going to deal with the situation in front of them. Secondly, one of the other things is actually to understand the issues and uncertainties being grappled with by technical specialists. Try to look for where the organization might be discounting emerging information. 

Then monitor and enhance the rigor applied to safety critical decision making. It's not just going to be frontline, it's going to your engineering department and saying, what are the uncertainties and challenges that the engineering team is struggling with at the moment? Where is the organization not providing the resource, and the support, and maybe not listening to what your technical specialists are leaving about the status of the system.

Drew: Dave, just as you were saying that, since you were talking about Columbia. The example that springs to mind there is challenger. Your people have talked about challenger a lot with the launch decision and engineers trying to raise concerns and being unsuccessful in raising those concerns. You can imagine just how different it would have been if the safety department had seen their role as going out and finding what engineers were worried about. You're asking the question, what are you most concerned about? What’s troubling you? Where are you most uncertain?

David: Yeah and how can a safety organization amplify that voice. We talked about amplifying the voice at the frontline and amplifying the voice of technical specialists, being the translator and interpreter for some of these roles on the frontline or in technical roles with management, translating and interpreting those messages for management. Monday morning, going out onto your sites and onto the frontline and looking for the way people—what challenges they’re faced with and how they're responding and meeting those challenges. In the afternoon, you might cruise through the engineering department and find out what challenges and struggles your technical people having. Whether they're feeling heard by management or not or supported. That's probably a pretty good first day of the week.

The second one is about supporting local practices and guiding adaptation. You need to support frontline work, whether that's engineering work, whether it's operational work, the safety professional—co-part of their role is to support the delivery, the execution of frontline work and then to guide these adaptations for safety. This is where we started wanting to really think about this because the safety profession needs to make certain judgments about what frontline work has done should be supported because it's safe and it's a good way to responding to the challenges that people face. What frontline work should actually be redesigned and changed because it's actually drifting into a less safe way of working.

Why is it that safety professionals will go out, understand how workers are detecting problems and surprises and how they’re understanding the change in the nature of what they are facing and then identifying those capacities that are supporting them to adapt? Where there's some consensus between the safety organization and the frontline to the way that they’re responding to those situations that they face is safe. Taking those practices and building them back into the policies and procedures to again know that work as done is a matching gap, but then also to extend to be proactive learning across the organization.

If one team has solved the problem in a way that supports safety and supports the work to get done, then the role of the safety person is to take that practice, institutionalize it, and then export it across all the frontline teams.

Drew: David, this is one of those, I think, common misunderstandings about resilience engineering that you were trying to correct in the paper at the same time as you were offering some practical solutions. People tend to think of Safety-I as the procedure’s rule and people should just comply with the procedures. Safety-II says the frontline workers are right, always trust the frontline workers. 

What you're trying to clarify here is that resilience is about making a hard choice in the middle. That it's not about either of the ends, which are nice and simple, but very often wrong. It's this hard part in the middle where we actually have to make decisions. Sometimes the frontline workers are right, sometimes the adoption is dangerous. We need to do that difficult intellectual and social work of working out whether we’re going to support the adoption or whether we're going to try to do something to bring it under more control.

David: We’ve seen that in the markers around some major incidents just how local practices had been adjusting over a period of time before it entered. Erik Hollnagel has written about efficiency thoroughness trade off, people will always adapt their work. Sometimes those adaptations will be delivering safety as an emergent property of the system. Sometimes those adaptations might be eroding safety margins in the system. Like you said, it's difficult intellectual and social work to make that call. Part of that is the responsibility of the safety professional to understand the work so intimately and understand the implications for safety that they can position themselves to be able to facilitate that conversation in their organization,

If you remember, Drew, I think originally the two modes were just called compliance and adaptability. We actually said no, that's not right because adaptabilities can be safe or unsafe. Compliance can be safe or unsafe too. We actually talked about centralized control and guided adaptability to add a little bit of color for what we're meeting with those terms. If I keep going through the table and we'll see we may not have the time to talk about the morbid—like I said people couldn’t pick up the paper and engage with us further in the discussion but it starts to get harder. These roles and activities start to get harder and harder.

Now, we’re talking about reducing goal conflict and negotiating the redistribution of resources. Monitoring the goal conflict in your organization and creating action to alleviate it. We’re now right back from Rasmussen's work that we know we’ve got these tradeoffs between resource and workload, and cost and production, and safety and compliance. A safety professional should be able to facilitate the reallocation of operational resources. If a safety professional, maybe Wednesday morning by now, or Tuesday afternoon, you start looking at the production reports and the financial reports in the business and the human resources reports and you're starting to look at where teams are under a lot of pressure.

Then, you go out and talk to those teams to try to understand if they are discounting certain safety rules or making certain safety trade offs because they're under pressure to catch up a schedule, or catch up on cost or produce more or do more with less. You’re understanding where that pressure is pushing hard within your system and then you create system-wide action to reduce that goal conflict. You go and talk to the finance department and senior management and you get budgets adjusted and you get production targets redesigned, you get projects schedules with baseline. You’re identifying and you try to negotiate out this goal conflict and pressuring your system.

You also maintain an inventory of internal and external deployable resources, technical specialist key roles, critical equipment. If you know that operators are a really important resource and you've got seven different plants, you might create a list of all of the operators in your organization across all the different plants and what all their different skill sets are. If plant A is down a couple of operators, you can go straight up to the manager and go, actually plant C has got three of these people you need, plant D has got four of them. I talked to plant managers, let's try and redeploy, spread across some of these operational resources.

You might do the same with engineers or project managers or other key roles in your organization or equipment, particular types of production critical equipment, or safety critical equipment that exists across multiple sites and is being used. As a safety professional, you’re better than someone within an individual business line to know what's going on in the rest of your organization. Again, I said that quite simply quite easily but that for me would be an ideal way for a safety professional to maybe spend their Tuesday afternoon going in and moving some people, moving some equipment around from areas of the organization which aren’t under pressure to areas which are. Getting budgets reset and production targets reset to try to get as little goal conflict and resource constrained in your system at any point in time.

Drew: David, this really sounds like safety professionals getting involved in decisions that are safety decisions and try to interfere with operational decision making.

David: The word interfere, may intervene or maybe support operation decision making. If you read through here, you actually don't see the word safety very often at all. The paper does talk about how different that role is and how organizations like to silo and fragment functional roles. It’s got human resource departments, it’s got a safety department, it’s got an engineering department. We’re now deep into the core of the way that the organization functions in the operation. That's going to take a certain level of credibility and leadership from a safety professional to be welcomed within that operational environment, getting involved in these types of decisions.

It's not going to be a place where the organizations typically look for the safety person to be in the center of discussions about.

Drew: If listeners are finding that one a little bit threatening, the next one along is maybe having a little bit easier Wednesday morning?

David: I don't know whether they’re in order of difficulty. Number four is about facilitating information flows and coordinating actions. Safety professionals creating mechanisms to transfer information and coordinate action across organizational boundaries, again, the safety professional is best placed to see what's happening in the boardroom, what's happening in the frontline, what's happening in all the different functional departments.

Therefore, as the safety professional moves around those departments and moves around the frontline areas of the business, then they are going to be in a position to see where there is, you spoke in this one, Drew, what I really liked you used the term porous boundaries. What you need is organizational boundaries that information just sort of flows through in a porous kind of way. 

The safety professional is going to create formal and informal mechanisms to receive information about what's currently happening in the organization and to facilitate the transfer of this information across organizational boundaries where he can enhance decision making. You might go and have a coffee with the HR manager and just pass on some information that you’re hearing from the frontline about training, and resourcing, and recruitment and maybe leadership behaviors within a part of the business so that HR can think about its policies and practices and what support it's providing into the organization in relation to that particular issue.

You might hear from the engineering department that the procurement team keep buying the wrong pieces of engineering equipment, so you might be able to go over to the procurement team and just help them understand how to work better with the engineering team so that the engineering specifications flow through in to the procurement team in a way that they can be acted more effectively. Again, playing this translator role and conduit role for the organization around information, because we know where information doesn't flow from a part of the organization that knows about something to another part of the organization which needs to know about it to make a good decision. It can result in problems and maybe hopefully a safety type of incident.

Drew: We got four more to go on the list, David, do you want to sort of run through each of them briefly?

David: Yeah, I’ll go through them easy. Third is to generate future operational scenarios. This is using the current understanding you've got of the organization to predict possible future conditions. The task is facilitating the development of future operating scenarios and an understanding of the associated safety risks. Then facilitate contingency plans to try to respond to these scenarios. What you want to do is things like, we’re behind on our maintenance this week and then the next week you’re doubly behind on the maintenance. You look and you go, actually, if we don't correct this in four months’ time, we're going to be 3000 hours behind on our maintenance and we're going to be starting to miss and defer our safety critical maintenance of our plant.

That's the trajectory that we're on. What are we going to do about that? That's about creating that future operational scenario and going into the manager and going, actually, if we don't do something about this weak signal now, in three months’ time, we’re going to be in a position where we can't even do our safety critical maintenance and keep up with that. What are we going to do about that? Creating contingency plans to do something about that. 

As part of that probing frontline workers and technical specialists to understand the uncertainty with current operations. Where are they unsure? Where are they uncertain? What might it mean for the future operation of the organization?

Again, you might say that's what risk management is, I’ll probably say depending on how you do your risk management. It might be, but it's about really trying to be deeply sensitive to emerging signals in your business and be able tell your organization, we need to do something now because down the track it could look like this. I think traditional Safety-Is actually waited until it’s beating down the track and the incidents occurred.

Drew: I think one of the keywords there that you'd brought up is uncertainty even though technically, risk and uncertainty often mean the same thing, I think in practice it's a very different approach doing a risk assessment and trying to identify uncertainty. Very often when we do a risk assessment, we spend our time documenting nine problems that we're already managing. We spend much less time and we’re much less inviting of people to tell us about issues that we can't immediately resolve or put some solution in place just asking people where they’re unsure.

David: Yeah, absolutely. The next one, facilitating sacrifice judgment services tradeoffs. Supporting the understanding of trade off decisions and the resolution of acute goal conflict. Again, this is about facilitating these developments of contingency plans and making sure that there is redundancy for high risk activities so that we can have justified sacrificed decisions. What this basically means is we talk sometimes about the authority to stop work for safety. This is actually going beyond that where the organization actually makes those conscious trade offs to go, in case we have a problem here, we're going to make sure that we've got two cranes on site at this point in time.

We don't know whether crane A or crane B is going to be a better crane to do this particular task. We've decided that we're going to put A and B site. When it comes to the day and depending on the conditions of the situation we face, we've got options. Really about making sure that where there’s high risk situations and it might not always be that level of redundancy, but where there's high risk situations that are coming up in the business operations, that there’s actually some contingency plans around the uncertainty associated with those particular activities.

The last one, Drew, is about facilitating learning. We talked a lot about learning in Safety-II. We're talking about credit organizational change based on current conditions and future scenarios. What we specifically called out here is, again, leaning towards some of the stuff that gets talked about a lot of the moment in terms of psychological safety. The safety professional is continually monitoring and detecting sources in the organization that are contributing to the lowering of the openness of the culture and the psychological safety of individuals.

I was particularly looking for things we’ve talked about in the podcast before that get in the way of learning like blame and sanctions and people who are afraid to raise issues and teams which doesn't have the trust in the openness around it and working to restore the openness and the trust into those parts of the organization. We also talked about building the capacity for individuals to adapt their work to the situations they faced. We’ve trained our workers for so long to follow procedures. We actually, now, need to train them to say, no, we need you to monitor your work in real time. We need you to detect and respond to the emergency situations you face. We want you to draw down on these types of resources when you need to. We want you to adapt your work in this guided way when you need to and show that initiative. We actually talk specifically in here about that task of training workers in how to actually do that.

Drew: The original version of this paper was written back in 2018 I think, we even mentioned that it was published in 2020. In the meantime, David, you finished your PhD. You've been working pretty much full time in your consultancy for Forge Works. To what extent do these principles of guided adaptability feed into the way that you have been advising people and mentoring and providing coaching?

David: It definitely fits it. I think approaching—I'm still not satisfied that we've made this as practical as we need to make it like some of the big things that I've just said. The big task is really hard for practitioners to really perform in their organization because of a lot of the institutional constraints on their role and things that they put on themselves. It definitely informs it. I think I almost feel in a position to write a next paper after this which makes some of the ideas a bit more practical. I found this is still also a bit of an A-B paper. A lot of the time, the work is in the messy middle between those things that we spoke about with centralized control and the guided adaptability piece.

I suppose, for myself, not being thrown into organizations to be in a position to move, to fully embrace this role just because they’re in the messy middle of traditional approaches and trying to start with new approaches and things like that. I'm not sure if it's even answered the question, Drew, I haven't been able to get into an organization, where I’ve been able to really take it to the extent that is outlined in this paper.

Drew: I think it worried me at the time we were writing the paper. I'm sort of re-noticing it now is all of the verbs associated with the Safety-I are fairly nice and definite when it gives the safety practitioner things to do. In the guided adaptability, some of them are very straightforward. Under facilitated learning, we've got developing conduct training. That's something that safety practitioners know how to do. You can see yourself that is an annual task that, during 2021 I'm going to develop and conduct training in dealing with anomalies and surprises. We've identified sources of operational uncertainty.

We know how to do, identify, at the end of identify, you've written a document that's got some tables in there. You've got your list of sources of uncertainties. You’ve got ratings next to them. Then there’s lots of these that just say facilitate the development of a possible future operating scenario, facilitate the development of contingency plans, coordinate action and operational support. Lots of those things are much more ambiguous what's expected of the safety professional. Do you think that's sort of an inherent part of the safety to approach is that it's less well-defined what safety professionals can do? Is it just that we haven't developed enough to create that definition yet?

David: Maybe a little bit of both, Drew. I think maybe it is a little bit less, by design needs to be a little bit less transactional and more flexible because exploring everyday work is a bit different to doing an annual audit against your management system. I think it's definitely transactional. I think by design it's definitely more flexible. That doesn't mean that we can't get to the point, like you say the second point which is to still make it practical and clear. I think that's a bit that I’ve spent a couple more years with these ideas. Even reading through this paper now, in preparation for this episode I’ve gone, actually I think I could say that with some far more clear examples what I think people should do.

Drew: Let's move on to the practical takeaways. The goal of the paper was supposed to be to provide these practical takeaways for Safety-II. Let's narrow down to the first steps. Let’s say someone has picked up this paper, they’ve read through it, they think actually I want to move towards being more of a Safety-II professional as you put it. What's the first step that they need to take?

David: The first step is—well, you've taken the first step if you picked up and read the paper. The second step would then be giving yourself some permission to act. One of the things that I’ve learnt about during my research is that there's a lot of pressure on all safety professionals from their organization about how the organizations think their role should be performed based on how their organization thinks safety is achieved. If you're in a traditional organization with a management team that heavily influences your role, then you need to repair yourself, you need to give yourself permission to act. You need to express your agency. That would be the starting point and part of that, permission to actually just creating some spice in your role.

You need to work at how much time you've got to play around with some of these different ways of performing your role. Carving out some time in your week to be able to do this and then I'll just be looking at the table and saying which things do I think I can do to help. One of things I was doing when I was playing with these ideas, I still had a year or so left before I left an internal safety professional role, Drew, when we were drafting this paper.

I started every Monday morning calling around all of the different sites in the organization and speaking to the asset manager and just say—all the major hazard facilities and just said, what's happening this week? Any big things happening on site? What are the things you’re worried about? What are you uncertain about? What do you need support with? That'd be my first half-a-day on a Monday. I just find every single operational manager and actually get the lay of the land for the next five days across the organization. In every way, they’d say on Wednesday, we’ve got a new contract to come that we’ve never worked with before. On Thursday, we're doing these major maintenance tasks.

I'd be then able to go to my safety organization and go, I want you to have John to be at this site on Wednesday or Tuesday to see how their planning's going for the Wednesday work activity or something like that. If you look through this table, you’d see how that's all actually trying to anticipate future operational scenarios, trying to facilitate the appropriate planning around those. Try to explore every day at work. Understand levels of uncertainty. 

I’d be reading through the table and trying to translate it into something that you can put into your calendar, every Monday morning I'm going to do this. Every Wednesday afternoon, I'm going to leave the office at lunchtime and I'm going to go to a site and I'm going to spend a couple of hours in the afternoon looking at work just for the purpose of saying what situations come up with people's work and how they respond to it. That would be the way I'll be approaching Drew. Just give yourself permission and see how time you can carve out and then get actual things into your calendar.

Drew: That seems to be a common theme with multiple people I've talked to who've tried to change their role as a safety practitioner is that deliberate naming of a day of the week and saying—whether it's every Monday or whether it's Wednesday afternoon and just saying this time is now re-designated. Every Wednesday, in the afternoon, I'm not doing other stuff. I'm doing this new thing that I've decided is now part of my role. Is that the sort of thing you mean by you're creating permission to act and creating agencies just shaping that time in a new way?

David: Yeah. I think to take a little bit further as well, Drew. Have the conversation with your stakeholders in your organization. Don't think that your stakeholders think deeply about what roles that safety professionals are performing. They might not give it much thought. They might actually be expecting you to come and tell them. I would say when you’re starting some of these things, also you are going to have a conversation with the key stakeholders that look at what I'm trying to do with my role in the interest of being more effective in the organization. To be more effective, I actually need to understand work so I can proactively identify issues in the business.

These are two or three things that I'm now trying to achieve more with my role that I have in the past and these are the two of the three things that I'm doing to try to achieve that. I'm still going to be doing all of these other expectations of my role as well but I would be being clear with your organization about what you're trying to do, so then your organization can support you with that. If you lay that narrative in a nice, clear and simple way, I'll be very surprised if you didn’t get broad support from the stakeholder group to go and do those things.

Drew: How about the invitations to the listeners, what would we like to hear from our listeners in response to this episode?

David: I'd love to hear if—particularly in our community, I suspected there are some—I mean I know that we've got a big safety professional community of listeners and I suspect that some of those people are trying to be deliberate about the role they’re performing in the organization and what they're trying to create. I'd love to hear from our listeners, things that you have changed in your role as a safety practitioner to try to build some of the capacities around Safety-II and other new theories into your organization? What specific things did you change in your role and how did that work out for you? If you got any hints and tips for other listeners how to go about making changes in your role.

Drew: I think that's it for this week and for our first episode of 2021, we hope you found this episode thought provoking. We certainly hope you find it ultimately useful in shaping or reshaping the safety of work in your own organization. As usual join us on LinkedIn or send any questions, comments, or ideas for future episodes to