Eng-Tips is the largest engineering community on the Internet

Intelligent Work Forums for Engineering Professionals

  • Congratulations waross on being selected by the Eng-Tips community for having the most helpful posts in the forums last week. Way to Go!

What does "safe" mean to you? 6

Status
Not open for further replies.

Haf

Mechanical
Nov 6, 2001
176
US
As engineers, it is expected that we hold paramount the safety of the general public. Everyone has heard the expression "safety first."

One definition for "safe" (Webster's) is "free from harm or risk." I would argue that no product or process whatsoever is completely free from harm or risk.

So how do we really decide if a product or process is safe? Obviously, at some point, you have to accept some level of risk. How do we decide what level of risk is acceptable?

With some products or processes, there are codes or standards that must be met for safety, which can make our jobs easier. But did you ever stop to think where those codes and standards came from? Who developed them and what was their reasoning? More importantly, do you agree with their reasoning?

Anyway, before I ramble too much (maybe it's too late), I'd be interested to hear (read) peoples' thoughts on this.

Haf
 
Replies continue below

Recommended for you

Well for me in the UK oil & gas industry, under the goal setting safety regime imposed after the Piper disaster, the definition of "SAFE" is "As low as resonably practicable" (ALARP). This means that when you would have to spend more to make something safer than the cost of the risk of the event, it is ALARP.

Risk is defined as the probability of an event multiplied by the consequences of that event, so something that will happen once a century but kill loads of people is the same risk as soemthing that happens daily and causes a minor injury each time, and both must be dealt with.

So, for the Safety Cases I compile before each well we drill, we'll look at all the things that could go wrong and then do a cost benefit anaylsis: we calculate the likelyhood of an event and the consequences of that event (using a number of criteria: material damage, damage to reputation, environmental damage and value of loss of life & limb using actuarial tables). Then we work out he cost of reduing those risks. Usually it's just a matter of emphasising something in the procedures or changing how we're going to do something, but for example, I have proposed to the UK authorities ommitting a downhole safety valve on a certain type of well as the risk of a blowout was smaller than the cost of installing and maintaining that valve, and the proposal was accepted.

The problem the general public have with this approach is two fold:
1. they don't like the idea of there being any risk at all. They perceive this approach as "well only one person per year will die so it's ok".
2. The public gernally underestimate risk in situations they are used to (crossing the road, or driving in their cars for eaxmple) but overestimate the risk in situations they are unaccustomed to (flying....)

The SAfety Case system is gernally 'better' than the regulations type safety system, as it forces teh designer to think about what they are designing rather than simply looking up a regulation and making sure they've ticked the box. Sadly, like most improvements in safety engineering, the goal setting system is usually only adopted after a disaster: Piper Alpha in the UK, the Alexander Kielland in Norway and the Ocean Ranger in Canada....
 
ALARP would have said that the Ford decision in the Pinto fuel tank case was correct.

The calculation went wrong when the punitive damages were set so high, precisely BECAUSE a cost benefit calculation had been used!

Cheers

Greg Locock
 
greg- not being an automotive engineer (Hell, I can hardly drive according to my wife!) I can't comment on the Pinto fiasco. But I'd have thought that with the design as it was, the probability of a major accident & fire would have made the risk unacceptible even if the cost of each accident and fire had been low?

Also, we use other criteria beyond simple finacial cost to mearsure the effects of risk when doing our risk assessment- loss of reputation for example.
 
I know that this is an old thread, but...

The case of the Pinto is an interesting one.

GregLocock said:
ALARP would have said that the Ford decision in the Pinto fuel tank case was correct.

The Pinto cost benefit analysis had two main flaws:
(a) It was woefully inadequate, and
(b) The assumptions were badly wrong.

Cost benefit analysis is a useful tool for determining acceptable risk, but it is precisely that. As with most tools, the quality of the output is directly related to the quality of the input. As drillernic points out, it is just one tool. There are other risk assessments that could and should have applied in this case, not least common sense.
In what sense is addition of a part costing a few dollars not practical?

If there was any justification for that decision whatsoever, it would be that we have to take into account the context and date of that decision. However, times have moved on. Product recalls happen on a wide range of products, and safety is very much of the forefront of most (I would hope all) engineer's minds. Such analyses are now relatively commonplace for assessing risks in a wide variety of applications. I hope that it's not being seriously suggested that the same conclusion on the Pinto would be reached today.
 
Oh, where was it inadequate?

Number of crashes * damages per crash vs number of cars sold * cost per car of fixes

only has four variables.

As I said, my understanding is that the "damages per crash" estimate was wrong, and the reason it was wrong was that the juries were annoyed/horrified that anybody could be so cold blooded. The actual figures are pretty revealing. In practice 27 people died, and 2 million vehicles were sold before the changes were introduced. At the usual 2004 rate of 4 million $ per person, that's about $54 per vehicle in current $. The cost save was $11 in 1974 dollars, which sounds about right.

According to this presentation

currentstudents/Lecture%207%20-%20Economics.ppt

the actual calculation used 180 deaths+180 serious injuries +2100 cars, at $200000 $67000 and $700 respectively, and sales of 12.5 million vehicles, with a fix cost of $11 each.

So, as I said, the error was in the punitive damages, because of the cover-up, not the analysis. Where do you disagree?

Yet, oddly, this type of calculation is used all the time. Incidentally, do you buy the exact same tyre for your car that it originally had? and do you always specify the top of the range safety features when you buy your car? If not, you have just made a cost benefit decision, with, I would argue, even less information.

for a non hysterical account.



Cheers

Greg Locock
 
Having had a bit of a dig around, I strongly suspect the memo and calculation quoted above in the Nottingham presentation were NOT what was used to justify the original Pinto decision, they were a response to a later proposal to introduce better rollover protection. The actual memo from which that calculation is made is available on-line, it is several pages of reasonably well written stuff.

I haven't got the inclination to research further, the lawyer in the newspaper article is probably a good jumping off point for further research.



Cheers

Greg Locock
 
It depends on which figure you believe on the fatility rate. Doing a quick estimate, it would appear that 27 fatalities over 5 years falls in around the 'Tolerable' region - i.e. should do something if not excessively expensive - on the ALARP scale. 180 - 900 fatalities per 5 years falls into the unacceptable region - i.e. must do something regardless of cost.

I am not sure that I believe either the 27 nor the 900, but suspect the truth is somewhere in between. I tend to believe neither journalists nor lawyers, when it comes to 'facts', but that's another thread.

My comment on the inadequacy comes not from the complexity of the calculation, but rather that it appears to have been taken in isolation from anything else.

I do agree that there is a difference in the general public's perception of risk between 5 fatalities per year from 2 million units, and a risk of 1 fatality per 400,000 years from 1 unit. A cost of $11 per unit in one to reduce the risk, equates to a cost of $22million per unit in the other. The vast majority of people would pay $11 to save their (or a loved one's) life, few could afford $22million. Whether you would pay $11 to save a totally unknown person's life would be down to the ethics of the individual. Some will pay $11, some $1, some $111, while others will pay nothing at all. When you see the effects of failure to pay the $11, that person becomes (apparently) known, and this will sway many people, but if it's hidden - who knows? (Incidentally, that's why so many people chose to vote for political parties who promise to cut taxes - they don't necessarily see the effect of that policy.)
 
Safety first in construction or structural engineering means to prevent loss of life and injuries. How much level of risk can the engineer may take is not really dictated by engineers but has already been established by minimum criteria in building codes.

I'm sure similar criteria exist for consumer products.
 
Here's a situation. When football started, no-one wore helmets - like Rugby today. Then people started to get tired of having broken noses; they started wearing them. The trend has continued. Now we have suits against football helmet makers for something that I am not sure if it is even mandatory to wear! Risks are part of the game; it is part of life. I think, in many instances, we go far too overboard in applying a concept of "risk-free". It doesn't exist. This is not to say we should make risky products or provide risky designs. But we cannot design things for 100% freedom from risk. It is not the maker's problem if the user mis-uses the product - and I don't mean inadvertantly - but in a grossly stupid way. It is time we get back to reality.
 
As with anti-lock brakes, the safety equipment allows the level of violence and danger to increase well above what might have been the case without the equipment in the first place.

Can you imagine being tackled by a 300-lb lineman running at full bore without padding and living to talk about it?

The issue is that once the equipment is sold as protection, it should do its job. If it doesn't, the manufacturer should be liable.

TTFN
 
Trevor A. Kletz in his Critical Aspects of Safety and Loss Prevention (Butterworths) brings interesting observations on the subject. I recommend reading this book of his.
 
GREG: Re: Shuttle Columbia. They did do a failure mode analysis that involved using an air cannon to fire chunks of foam at the leading edge of wing sections. The result? Everyone gasped as the foam punched a huge hole through wing section 8 under conditions that were like those at launch when the anomaly occurred.

Regards


Andy

 
Firing a cannon is not an analysis.

As with many systems, particularly, the Shuttle, bad practices that result in no immediate ill effects wind up becoming the norm.

Lest you think that you are immune from that, I'll remind everyone that there are those that seriously think that they can drive as well as anyone after a night of heavy drinking. There are those who think nothing of driving at 100 mph down the freeway or even down a large street.

TTFN
 
Firing a cannon is not an analysis- it is a test to provide data for correlation against an analysis.
It could also show that analysis was needed in another area entirely!

Jay Maechtlen
 
Loss prevention and risk management are two more recent disciplines added to safety in the chemical industry, complementing and expanding it.

Nowadays safety has become almost as important as production, and the various attached complex theories (models, mathematical techniques, etc.), and applied practices, have transformed it into a real scientific field of study.

It is now a discipline capable to anticipate and identify hazards and quantify risks, in order to enable taking decisions and steps towards forestalling accidents and their consequent damage in its various forms.

Could that be considered a reasonable definition ?

 
In scanning this thread I may have missed it, but in case it wasn't mentioned, here's a link to US DoD standards, handbooks, and specifications, including MIL-STD-882 "System Safety", which defines safety in terms of both probability of occurrence and severity of consequences of occurence. There are various analysis techniques (preliminary hazard analysis, fault tree analysis, event tree analysis, failure modes and effects analysis) that can be used to identify and quantify this for a given design or process. Then mitigating measures can be applied to reduce the assessed risk within given constraints.


Good luck,

-MC
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top