No theory forbids me to say "Ah!" or "Ugh!", but it forbids me the bogus theorization of my "Ah!" and "Ugh!" - the value judgments. - Theodor Julius Geiger (1960)

Safety Management Evolution

In many organizations, safety management concerns the control of the working environment through extensive rules and procedures. Posters remind people of risks and there is surveillance and monitoring of compliance. Safety management also often focuses on having multiple layers of defense. It uses models such as the domino model, or the Swiss cheese model that looks at latent conditions and active failures from different layers or defense mechanisms that can lead to an accident.
 
Although this approach works and is still very successful, it simplifies the complexity of interactions between failures and doesn't explicitly consider non-linear, dynamic interactions within the system. Human behavior, social dynamics, and organizational culture are difficult to model in the same way as engineered components. The influence of context, individual perceptions, and interactions makes formalization and prediction challenging.
 
Safety is not just the absence of accidents and incidents, errors and violations. It’s the presence of capabilities that allow systems to adapt and perform effectively under challenging conditions. Safety management should therefore not only consist of identifying errors and violations and investigating accidents and incidents. It can also identify and improve factors that contribute to success in complex systems and enhance these capabilities. And these factors not only play a role at the process level, but also at the personnel, management, company level and also outside the organization, in government and in supervision. Penalizing operators for not sticking to the rules does nothing for the other levels.
 
Particularly in all kinds of socio-technical systems, agents are constantly adapting and adjusting internal and external factors. These systems thrive on open interactions, self-organization, and feedback loops between their constituent parts. Adaptation allows them to respond to changes and maintain essential functions without relying on centralized control.
 
So we need to encourage open communication and shared learning and focus on systemic improvements in order to proactively anticipate, manage and recover from potential failures or unexpected events. After all, safety management is an active, continuous process and not a static state of absence of failures.

One major trap to avoid is the tendency to blame too quickly. We can make improvements by using one of the more systemic models (e.g. Accimap, STPA, FRAM) on our day-to-day processes. Does this mean we have to cancel the "old" models? I don't think so. I do believe we need to be aware of the strengths and limits of each model and that we have to communicate about those.