Next Article in Journal
Application of Circular Economy in Oil and Gas Produced Water Treatment
Next Article in Special Issue
Biobjective Optimization Model Considering Risk and Profit for the Multienterprise Layout Design in Village-Level Industrial Parks in China
Previous Article in Journal
Environmental Protection Fee-to-Tax and Corporate Environmental Social Responsibility: A Test Based on Corporate Life Cycle Theory
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sustainability
Volume 15
Issue 3
10.3390/su15032130
sustainability-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Integrating Safety-I and Safety-II Approaches in Near Miss Management: A Critical Analysis

by
Federica De Leo
1,
Valerio Elia
2,
Maria Grazia Gnoni
2 and
Fabiana Tornese
2,*
1
Department of Economic Science, University of Salento, Campus Ecotekne, Via per Monteroni, 73100 Lecce, Italy
2
Department of Engineering for Innovation, University of Salento, Campus Ecotekne, Via per Monteroni, 73100 Lecce, Italy
*
Author to whom correspondence should be addressed.
Sustainability 2023, 15(3), 2130; https://doi.org/10.3390/su15032130
Submission received: 14 December 2022 / Revised: 18 January 2023 / Accepted: 20 January 2023 / Published: 23 January 2023
(This article belongs to the Special Issue Sustainable Risk Management and Safety Engineering - Second Edition)
Browse Figures
Versions Notes

Abstract

:
Safety-II is a recently theorized approach, considering safety as the ability of a system to reach a positive outcome under variable conditions: analyzing “what goes right” can help to understand the dynamics of the analyzed system and improve its inherent safety level. On the contrary, a more traditional perspective, defined as Safety-I, aims at analyzing “what goes wrong”, thereby relating the safety level of a system to the number of adverse events that occurred. This study explores the potentialities of integrating these two approaches in near-miss management. Through a Safety-I approach, near-miss events are analyzed to identify the root causes generating the event chain, in order to delete them and prevent future accidents. Applying a Safety-II approach, the analysis can include elements that contributed to limiting the consequences and blocking the event chain, revealing the resilience level of the systems. This study presents a critical analysis of the two approaches and proposes a practical framework to integrate them into near-miss management systems. A test case shows the potential benefits of this integration. This work provides a tool to support the implementation of Safety-II on the operative level while suggesting a new perspective for near-miss management.

1. Introduction

Safety science is a dynamic research area, which can be included in the social sustainability dimension of a company, where several theoretical debates have enriched the vision and concept of safety over the decades [1]. One recent debate is about two different perspectives on how to analyze and develop effective tools to prevent accidents at workplaces: the so-called Safety-I and Safety-II. In detail, according to this new perspective, Safety-I defines safety as the ability of a system to avoid adverse events by reducing/eliminating accident root causes. On the opposite side, Safety-II adopts a broader perspective, considering safety as the ability to reach a positive outcome over a variable context [2,3]. The literature about the critical analysis of Safety-I and Safety-II approaches is very recent and mostly theoretical. While some authors analyzed how the two approaches differently affect the whole safety management process [1,4,5], other authors outlined their potentialities as complementary perspectives that can help to focus on different aspects of safety without necessarily conflicting [6,7,8,9]. Most of these works focused on Safety-II theoretical basis; few researchers proposed practical cases for implementing this perspective in everyday practice: a lack of specific methods and tools to support specifically Safety-II has been highlighted [7,8]. However, it has to be noted that current tools and methods—already adopted in other approaches—could also be adopted to support this new approach, in a more effective way by increasing the overall efficiency of the system [10]. Based on this consideration, this work aims to explore the potentiality of integrating Safety-II approaches in designing Near Miss Management Systems (NMSs) aiming to improve their global efficacy. Near misses currently represent an interesting test field for evaluating how traditional and new approaches in safety management could be integrated to enhance the overall efficacy of the system. According to traditional approaches, near-miss events are defined as unexpected events in the workplace that could have turned into accidents that may have harmed the workers, but, due to a combination of events, they are characterized by no (or reduced) gravity [11,12,13]. Thus, the main difference between a near miss and an accident/injury is the outcome, while they share the same root causes. For this reason, the analysis of near-miss events is often intended as an extension of accident analysis, aiming at analyzing the root causes that have led to the event in order to prevent them [14]. If the analysis is carried out in light of the Safety-II approach, the focus is not specifically on root causes but it is on elements (i.e., human-based, automatic, etc.) that have contributed to blocking the event chain as well as to eliminate (or reduce drastically) its consequences. Thus, the aim of this work is to look at near-miss management through the lenses of Safety-II and understand if NMSs can be adapted to include the main strengths of this approach, with benefits for the safety of the company. To do so, a framework for the integration of the two safety approaches in NMSs is presented, and a test case shows its potential to improve the analysis and management of near-miss events. Results contribute to research in two directions: (i) providing a practical tool to implement the Safety-II perspective in working environments and (ii) supporting the improvement of the near-miss management process. The paper is organized as follows: in Section 2, a quick critical analysis of the most important topics in safety-I and II is proposed, and the potential integration of the two perspectives in near miss management is discussed, while Section 3 presents a framework to support the integration of Safety-II in NMSs. A test case is proposed in Section 4 to validate the approach presented, while discussion and conclusions are shown in Section 5 and Section 6 respectively.

2. Safety-I and Safety-II as Complementary Approaches

The concept of Safety-II has been first elaborated on and presented by Hollnagel [3], who described the main features and peculiarities and proposed a first comparison analysis with a traditional approach, which he defined as Safety-I. In this section, a quick description of both approaches aims at outlining their relevant features that will be used in the next activity, i.e., evaluating how Safety-II could increase the efficacy of current near-miss management systems. It has to be noted that this analysis aims to outline the main strategic differences between the two approaches rather than proposing a complete definition of how they work. In addition, as the two concepts have been recently introduced, some evaluations are derived directly from authors that have proposed these definitions, as several elements still represent open issues.

2.1. The Pillars of Safety-I

According to Hollnagel’s proposal, systems in a traditional Safety-I perspective are usually represented as bimodal, meaning that in their functional state outcomes are positive, while if something goes wrong, the action or process ends up in an adverse event [3,8]. It has to be noted that complex models are also used in this approach in order to overcome this limitation, but the author proposes a simplification constructed for comparison rather than for a single analysis. The definition of the safety of a system is mainly based on the number of adverse events that occurred, and consequently the actual safety level of a system is inversely proportional to the number of negative outcomes. This is underlined as a limitation by Hollnagel [2], who argues that this approach gives “something to measure when safety is absent, but paradoxically nothing to measure when safety is present”. As a consequence, the main target in a Safety-I perspective is to prevent negative outcomes and to try to identify root causes, i.e., “what goes wrong and why” for each negative outcome; thus, the main effort focuses on preventing one or more root causes that could be identified with a certain level of confidence, as systems can be decomposable and causality relationships can be defined within their basic elements. Based on this logic, Hollnagel et al. [3] describe the Safety-I management principle as mainly based on a “reactive” approach, where dynamic conditions with respect to the risk assessment process are evaluated as a non-conformity. This is also a simplification useful for comparison analysis, as recent studies have outlined new trends oriented towards a more proactive approach in safety management [15]. In this context, the human factor is often seen as a possible source of errors and malfunctioning, due to its unpredictability, while the distance between the “work-as-imagined” (WAI) and the “work-as-done” (WAD) is considered a measure of how well a system is performing [8]. Traditionally, WAI represents the way things should be carried out in order to avoid malfunctioning; detailed procedures or methods are studied and provided to optimize performance by a standard procedure, where risks are easily managed. WAD represents the way things are actually carried out, and it should be as close as possible to WAI in order to maximize the performance of the system [5]. Therefore, variability is seen as a criticality that needs to be controlled and reduced as much as possible in order to ensure the safety of a process [4].

2.2. The Pillars of Safety-II

Hollnagel observed that linear accident models, usually adopted in Safety-I, can effectively apply to work environments typical of static industrial systems, e.g., industry models of the 20th century, where technology and organizational models were less complex -; however, current systems are characterized by higher technological and organizational complexity, which are hard to represent through linear models. In this case, non-linear models for accident analysis, where outcomes are emergent rather than resultant, could represent a more effective solution [2]. Starting from this point, he defined the Safety-II approach, where the system’s behavior is not bimodal but rather characterized by an inner variability that most of the time generates positive outcomes, while sometimes resulting in a failure. This issue introduces a new perspective from which to analyze adverse events. The definition of an “intractable system” is also introduced: it outlines a system whose principles of functioning are not completely known [4]. On one side, this also challenges the traditional simple causality paradigm that usually identifies malfunctioning as the only starting point of every chain accident. On the other side, bad outcomes in Safety-II are considered as the unexpected product of a combination of variables (which can be identified by conditions, states, and events), expressing the system’s performance variability [4], and outcomes are considered “emergent rather than resultant” [2]. Another difference with Safety-I is the role of WAI and WAD. If WAI derives from the knowledge of the working mechanisms of a system and its components in a standard situation, this can only apply to simple and well-known systems, while it can be challenging to define WAI in a reliable way in most real-life systems, which are often complex or intractable. In these cases, WAD is inevitably influenced by the inner performance variability of the system, reflecting the necessary adjustments that most times produce a positive outcome. Therefore, the analysis of WAD can play a crucial role, giving an insight into how things work in the system and why [5]. Moreover, the human factor is not only seen as a source of variability causing bad outcomes but also as an active resource for its flexibility and adaptation capacity and for preventing bad outcomes. In this perspective, safety is defined as the system’s ability to perform well, under varying conditions, and can be achieved by adopting the necessary adjustments in a dynamic way, through a more “proactive” approach. Therefore, a higher system safety corresponds to a higher number of positive outcomes. This idea is also in line with resilience engineering approaches that have contributed to the development of this strategy. This new perspective focuses on how things go right in a system, rather than how they go wrong, requiring a deeper understanding of everyday activities and their actual dynamics.
A quick comparison between the two approaches based on current recent studies is synthesized in Table 1.

2.3. State of the Art about the Adoption of Safety-II

Several criticalities for the implementation of Safety-II in the industry have been outlined in the scientific literature. Farooqi et al. [7] and Martins et al. [8] outlined that, currently, knowledge about Safety-II is still at an early stage as studies focused on a theoretical level since there is a lack of structured approaches and tools to implement this vision at an operational level, while Provan et al. [16] underline the need to rethink the role of safety professionals for supporting and implementing Safety-II. One of the few structured tools based on Safety-II currently applied in industry is the FRAM (Functional Resonance Analysis Method), based on the concept of emergence previously described, as opposed to the classic root cause analysis. This method investigates the dynamics of a complex system, which can lead to positive or negative outcomes [17]. The most relevant criticality outlined for this method is the high operational effort required for application [7]. The need for Safety-II-specific models and tools is also outlined in the literature: a possible path is identified in the study and some Safety-I tools, which are already known and widely used in the industry, are adapted to include Safety-II pillars and combine the advantages of both perspectives, considering their complementarity [8,9,18,19]. Only a few works in the literature analyzed the potentialities of effectively integrating the two safety perspectives in everyday practice. Martins et al. [8] proposed a framework based on the evaluation of the gap between WAI and WAD, tested on a construction site; [9] explored the correlation between Safety-I and Safety-II in the maritime industry, proposing some guidelines to enhance this integration. Thus, this study tried to follow this issue by analyzing the near-miss management process also through a Safety-II perspective to understand how the analysis of near-miss events can concur to enhance both Safety-I and the Safety-II cultures, and, finally, to improve the overall safety level of a company from a strategic point of view. Furthermore, an effective integration of the two approaches could enhance their performance [7,18]. As an example, in complex or intractable systems, integrating Safety-II in the overall safety strategy could allow to obtain more resilience and robustness in the system [20]. On the other side, root cause analysis could also increase the reliability of the Safety-II approach, outlining non-conformities in a dynamic environment. Ham [5] suggested that current and traditional safety methods should be reviewed to be adapted and improved according to Safety-II principles. Homann et al. [21] underlined the focus on how to empower the human factor in promoting safety in the workplace. The role of workers is certainly crucial from a Safety-II perspective, as well as in new emerging organizational models, and companies should dedicate more time to building a collaborative and empowering work environment [21]. It has to be noted that this element is also crucial in the Safety-I approach, where e.g., root cause analysis is mainly based on human reliability.
This analysis shows that a gap exists in the literature on how to implement and manage a Safety-II approach in working environments. Findings suggest that to support the integration of the two approaches novel or adapted operating tools are needed, together with a proper training of safety professionals.

2.4. State of the Art about the Integration of the Safety-II Perspective in Near Miss Analysis:

The main aim of this study is to evaluate the potential contribution of the Safety-II approach in increasing the overall efficacy of near-miss management systems (NMSs). The analysis of near-miss events to support safety management has been spreading in the last decades from some pioneer sectors (such as nuclear and chemical industries) to several others (i.e., construction and manufacturing), and the adoption of NMSs from companies has been growing in the last years [22]. As previously specified, a near miss is usually defined as an occurred event (or unsafe act or condition) that had the potential to become an accident, but due to several factors, did not cause any harm. These events are also referred to as accident precursors [14], as they share with accidents their origin; this latter is usually identified with the root cause in a Safety-I approach, or, for example, with the concurring factors and conditions that led to the emergence of the outcome in a Safety-II view, but in the end, the nature of a near miss is identified as positive (meaning that the event eventually leads to an outcome with no serious damage). From a traditional point of view, outlining near-miss root causes could enhance accident prevention: usually, the focus is on what went wrong and how to prevent its occurrence in the future: this is in line with a Safety-I perspective. Furthermore, it has to be noted that evaluating the dynamics of such an event could also allow outlining the barriers/systems/factors that have avoided consequences, thus supporting a “favorable” outcome, which is more in line with a Safety-II approach. Thus, the potentiality of improving NMSs performance by adopting this new perspective can be outlined. However, in practice, a few attempts can be highlighted in the scientific literature that try to expand the typical way of designing NMSs, i.e., based only on the Safety-I approach. Few works have already investigated how the process of near-miss management can relate to different safety concepts and paradigms. Gnoni and Saleh [14] explored the connections between NMSs and safety principles adopted in risk management, i.e., the fail-safe principle, safety margin, the un-graduated response, defense-in-depth, and observability-in-depth, suggesting that near miss events can be assessed starting from the analysis of the violations of such principles, thus evaluating possible solutions on this analysis. Connections between NMSs and the principles of High-Reliability Organizations (HRO) were also proposed [23]. HROs are defined as organizations that aim at ensuring safety in highly complex environments embracing two main approaches: prevention and resilience [24]. In particular, they rely on organizational redundancy and the ability to adopt decentralized control in crisis management [1]. HRO strategy seems to be aligned with both pillars of Safety-I (e.g., prevention based on incident analysis and consequent safety measures) and Safety-II (e.g., the resilience of the system as a main tool to ensure good outcomes). This is an interesting starting point, not fully explored yet. Few other works have referred to the possibility of looking at near-miss events through the lenses of Safety-II or based informally on its main pillars. Recently Thoroman et al. [25] proposed the adoption of a system thinking approach—which is mainly based on the concept of emergence in line with Safety-II—for analyzing accidents as well as positive outcomes that result from the interaction of different factors. Applying this approach to incident analysis in aviation, the authors identify a network of contributing factors and protecting factors in accident analysis, according to the principle of emergence – typical of Safety-II and described in the previous section. Authors argued that this same dynamic can be applied to near-miss events since they share many properties of accidents: this defines near-miss as a system phenomenon. The authors underlined that near-miss analysis was currently mainly based on causation models, focusing more on accident risks and less on analyzing factors that have contributed to preventing/blocking the event escalation towards an actual accident.
Moreover, Thoroman et al. [26] underlined that near misses can also provide information about the system’s resilience, as the absence of consequences could be interpreted as an error-recovery factor; this issue is often neglected in NMSs. Authors highlighted that currently NMSs are not structured to support a full understanding of emergence in accident causation, thus identifying a gap between research and practice in near-miss analysis. Aiming to fill this gap, a few studies focus on how to include the analysis of protective factors in near-miss reporting systems: Thoroman et al. [27] discussed a near-miss reporting form developed for a specific activity—i.e., the led outdoor activity domain—which included a focus on accident prevention and protective factors. In another study, Thoroman and Salmon [28] explicitly referred to the Safety-II perspective when proposing a model based on the AcciMap and Network Analysis methods to assess the impact of protective factors in near miss analysis, while Thoroman et al. [29] applied the same AcciMap method to analyze near misses from the aviation sector, showing the potential of a protective factors analysis in understanding the dynamics that prevent a near miss from becoming an accident. This quick review outlines the high potentiality of applying the Safety-II approach for improving NMSs efficacy; however, practical guidelines are still lacking. A proposal is described in the next section.

3. A Framework Proposal for Integrating Safety-II in the Process of Near Miss Management

Considering the background described so far on safety approaches and near miss analysis, and given the lack of operative tools highlighted in literature for the implementation of a Safety-II approach, the aim of this work is to define a possible framework and practical guidelines to incorporate a Safety-II perspective in analyzing near miss events and designing more effective NMSs.

3.1. Near Miss Events Pillars Based on Safety-I and Safety-II Perspectives

The first step is to acknowledge that near-miss events can not only be analyzed as a source of knowledge for eliminating causes that could lead to an accident, which is usually the main objective of NMSs in line with traditional Safety-I perspective, but they can also be considered as events characterized by a positive outcome, outlining also the resilience level of the system that allowed to manage its performance variability. While in a traditional approach, near-miss events are accident precursors, where failures have caused a deviation from the normal conditions (or as described before, a deviation from “work-as-imagined”); from a Safety-II perspective, these events are the “natural” result of emergence dynamics mainly due to the intrinsic system variability; they also outline how the system is resilient, leading to a positive result. This change of mindset entails some consequences on the operative level of NMSs: analyzing near-miss events could integrate the assessment of potential causes of failures with the assessment of such factors and/or behaviors that have contributed to a positive outcome (i.e., consequence prevention). For example, the influence of human factors in a near-miss context should be considered not only as a potential source of errors that could lead to accidents, as it usually happens in Safety-I, but also as a possible means for preventing the higher gravity of such events, thus enhancing the resilience of the overall system [3]. On the operative level, this implies enlarging the horizon of the whole analysis process (and probably new model adoption). Together with the focus on preventing the occurrence of future similar events (but also accidents), the attention should be also focused on understanding how to support and foster the overall system resilience, aiming at improving the reactiveness of the system in analysis.
Thus, based on these considerations, a basic strategic schema is proposed in Figure 1, outlining how near-miss events can be considered and analyzed in an integrated perspective that includes both Safety-I and Safety-II principles.

3.2. Designing NMSs by Integrating Safety-I and Safety-II Perspectives: A Framework Proposal

Although near-miss management is a process fairly diffused in several sectors, a standard framework for the implementation of NMSs has not been defined yet. However, literature provides a summary of the following main activities that are usually implemented in NMSs [14,22]:
  • Near miss definition. A traditional classification considers a near miss as an event that could have turned into a real accident with harm to people and the environment but did not. A more proactive approach includes also unsafe acts or conditions that generate potentially hazardous situations. Therefore, this first phase is necessary to identify which events the company endeavors to report and analyze as near misses.
  • Identification and reporting. In this phase, a near miss is identified and relevant data are collected for reporting, considering all the features that can be relevant for the analysis. The roles and procedures of this process should be clearly defined before implementation.
  • Assessment. Based on the information collected in the previous step, the analysis of near-miss events should include a prioritization phase, to define which events are more critical and need to be further analyzed, and a causal analysis, to identify potential causes, determinants, and protective factors that contributed to the outcome.
  • Solution identification. This step should include the identification of appropriate measures to prevent those events from happening again in the future.
  • Dissemination and follow-up. Finally, dissemination activities are functional to inform workers and managers about the results of the analysis, and follow-up activities are needed to verify the implementation and effectiveness of the solution identified.
Currently, NMSs are usually adopted under a traditional Safety-I approach. However, based on the concepts previously discussed, it can be updated to embed also a Safety-II perspective, thus integrating the two complementary visions of safety for improving its global effectiveness. The framework proposal is depicted in Figure 2, where on the left side, main processes characterizing NMSs are summarized, and on the right side, the activities required for integrating Safety-I and Safety-II approaches are reported. In practice, a redesign activity is essential, as the introduction of Safety-II can have an impact on all phases of NMSs, thus enlarging the object and the focus of the whole near-miss analysis, as reported in the previous section.
Starting from the definition, a company may decide to collect and study different types of near misses, not only according to the relevance of the specific event but also considering which kind of information can be extracted from the analysis of that event. A company interested in understanding the dynamics of a system and the factors enabling its resilience may decide to extend the analysis to some types of events that from a Safety-I perspective, could be negligible. Similarly, in the identification and reporting phase, the selection of events to report should reflect this need, and the description of the event should not only include possible causes and contributing factors but also focus on the positive effect that protective factors have generated in the chain of events that led to the outcome observed. As an example, the human factor is often considered in Safety-I as a potential source of errors and investigated as such (e.g., incorrect use of personal protective equipment, an anomaly in the procedure followed, etc.), while the Safety-II approach acknowledges that human intervention can enhance resilience through timely and effective interventions that often avoid bad outcomes (e.g., early identification of a risk by a worker, activation of safety procedures, etc.). Such a comprehensive description of the near miss is necessary to allow an effective assessment: based on the data collected, prioritization can be based not only on the criticality of the event (related to the entity of the potential damage avoided) but also on the potential of that event of revealing something new about the dynamics of the system analyzed. Moreover, the traditional causal analysis focused on identifying the root causes of accidents (i.e., learning from what went wrong) must be extended to understand the dynamics of emergence that led to the observed outcome, with a specific focus on protective factors that fostered the system resilience (i.e., learning from what went right). Consequently, while in a traditional near-miss management process, the solution identification phase usually aims at elaborating measures to prevent future accidents, through intervention on the root causes identified, in a Safety-II approach this phase should also include a focus on how to foster the system resilience, based on the results of the assessment. Therefore, dissemination and follow-up should monitor the effectiveness of the measures implemented, and spread the main information derived from the whole process on “what went right” and “what went wrong”.
Based on these considerations, Figure 3 shows more in detail the main factors that should be evaluated in the phases of reporting, assessment, and solution identification of a near miss, proposing a practical guideline for reporting and analyzing such events integrating Safety-I and Safety-II principles. In detail, the event description in the identification and reporting phase should include all the elements related to the origin of the event, focusing on the concurring factors that led to it, but also on the protective factors that prevented the event from escalating into an accident or from generating severe damage. Next, information on how the system responded and the final consequences can allow us to understand both what went wrong and what went right, thus helping to define the actual criticality of the event, shedding light on the resilience capacity, and helping the analyst identify the strengths and weaknesses of the system. As a consequence, the analysis performed in the assessment phase should be focused on identifying both the root causes and the more or less complex emergence dynamics that led to the registered outcome. All these data are needed to elaborate a solution that should reach a dual target: on one side, ensuring that incidents with similar causes do not happen in the future, thus completely in line with the Safety-I approach (i.e., preventive measures); on the other side, supporting and enhancing the resilience of the system and the identified protective factors, which will help to contain escalation and damage in case of future anomalies (i.e., resilience measures).

4. A Test Case

In order to evaluate the potentiality of integrating Safety-I and II approaches for near-miss analysis, the framework proposed has been applied in a test case based on near-miss data freely available in an open access and standardized way, i.e., the eMARS database (electronic Major Accident Reporting System). The eMARS contains reports of chemical accidents and near misses provided to the Major Accident Hazards Bureau of the European Commission’s Joint Research Center from the EU and other countries outside of the EU. Two near-miss events—one which occurred during chemical installations and the other in an LNG storage and distribution plant—reported in the database in 2019 have been used for test case development. Their brief description is reported as follows. It has to be noted that the aim of this section is not to determine the causes of the events, which have already been analyzed and extracted from the database, but to show how the management of near misses can change (and possibly improve) by integrating the two safety perspectives.
The first event (EVENT 1) consists of a release of a toxic chemical product (HF, hydrogen fluoride) caused by a power failure at a hydrofluoric acid plant. The power failure was due to a hardware error in a remote-control system, which caused a subsequent failure of the control visualization systems. Next, a manual plant shutdown occurred. As a consequence, an increased pressure of the hydrogen fluoride caused an unexpected release of this substance in the production hall. Contextually, a failure in the uninterruptible power supply system (UPS) caused a delay in the emergency power supply, and the manual switch for the emergency coolant supply failed, as well as the emergency scrubber for gas absorption. Therefore, this was condensed using a deluge system inside the production building. Material damages occurred both from the HF release and the use of the deluge system. The analysis of this event led to the identification of a solution to prevent similar future events, which includes a systematic inspection and improvement of electrical, auxiliary, emergency, and uninterruptible power supply systems, as well as the optimization of maintenance plans and fire-fighting water supply.
The second event (EVENT 2) consists of a release of hydrogen from a pipe, which caused a subsequent fire on a discharge line of a hydrogen compressor in an LNG installation: in detail, the ignition occurred at the exit of the line that had been rendered inert. The release was caused by a leak from a fitting. The flame was extinguished by shutting down the installation, i.e., the hydrogen (H2) supply. Next, the discharge pipe was monitored by infrared thermometers and the pipe was cooled for a short period with water. No damage to property occurred, as the relief pipe was installed in accordance with internal standards. As a result of the near-miss analysis, some prevention measures have been elaborated: the optimization of the way in which relief pipes are rendered inert, the replacement of all valves and review of the inspection period, and the expansion of the regeneration process to include leak-tightness testing.
The eMARS report form includes different sections: the accident profile (with the nature of the event, the date of occurrence, and the industrial activity involved); the accident report (with the description of the event and the indication of eventual effects occurred, including releases in the environment); the site and installation description; the substances eventually involved; the main causes identified; the consequences reported; the emergency response carried out; and the lessons learned from the event. This scheme reflects the cause-effect relationship on which the Safety-I approach is based, and does not give the possibility to include Safety-II elements to better understand the dynamics of the system involved.

4.1. Analysis of EVENT 1

Considering the information reported in the database on EVENT 1, the framework proposed to integrate Safety-I and Safety-II principles has been applied. The root cause identified and reported is a power failure caused by a hardware error in a remote-control system. However, the details in the accident report section show that the final outcome of the event and the entity of the damage registered are the result of multiple failures in the system and multiple responses generated to address them (e.g., failure of UPS required a manual transfer of consumers to the emergency power supply). Therefore, the dynamics of the event can be better understood by considering the principle of emergence (Safety-II) and analyzing the interaction of contributing and protective factors that reflect the variability of system performance. In particular, the protective factors were identified that allowed to block the escalation of the accident (manual shutdown) and to contain the consequences (timely intervention of fire-fighting service). Consequently, the phase of solution identification should be focused not only on preventing similar events from happening again but also on promoting the resilience of the system that allowed to block the escalation and contain the damage. In this case, resilience can be identified in the capacity to respond to the multiple contributing factors (failures) that succeeded in the process, resulting in prompt interventions and emergency procedures being launched successfully. The solution identified included preventive measures aiming at ensuring the continuity of the power supply, and the optimization of the fire-fighting water supply, which can help enhance the system’s resilience. Possible further integration of this solution, according to Safety-II, could involve the strengthening and improvement of workers’ training related to emergency procedures and management.

4.2. Analysis of EVENT 2

The analysis of the second event is apparently more straightforward since one single root cause has been identified (the leaky fitting) and no other concurring or protective factors have been highlighted in the report. However, if a Safety-II approach has to be implemented, a deeper analysis should give more insights into the motivations behind the root cause identified: the leaky fitting of a valve could be related to technical factors (e.g., wrong treatment or inadequate maintenance plan), organizational factors (e.g., delayed inspection) or other determinants, and their eventual interactions. Considering the protective factors, the main action blocking the escalation of the event was the line shutdown, but another important detail emerging from the report is that the correct installation of the valve according to standards has allowed us to contain the consequences, resulting in a situation without property damage. This can be seen as proof of system resilience and valorized in the follow-up phase through a further revision of emergency responses. However, the current analysis performed and registered in the eMARS database did not include any measure aiming at improving resilience, but only actions for preventing similar accidents, and consequently the report states that it is expected that the event will not happen again. However, a Safety-II approach should include some considerations of system resilience and how to improve it.
Table 2 summarizes the analysis of the two events.

5. Discussion

Recently, new strategies for safety management are arising due also to the increased complexity of industrial and social systems. A promising one is Safety-II, where safety is considered as the ability to succeed under varying conditions, which has overturned the traditional perspective of Safety-I, where safety is mainly defined as an absence of negative events. This new perspective could represent a starting point to update tools, methods, and procedures applied for several years. One example is the adoption of NMSs, which have been applied by companies in several sectors to increase the efficiency of prevention activities.
The following observations can be outlined from the previous analyses:
  • Safety-I and Safety-II cannot be considered the only competitive approaches for designing NMSs: they represent two different but complementary perspectives that if well integrated, could increase the overall efficacy of the system by contributing to the prevention of accidents in the workplace. Both the theoretical approach proposed in this study and the test case have confirmed this idea. This is also true in a more general application, not specifically focused on NMSs as defined by Leveson [30], who introduced the concept of Safety-III, where the two perspectives efficiently coexist. As clearly defined by the author, the goal is “to eliminate, mitigate, or control hazards, which are the states that can lead to unacceptable losses”. This issue is also confirmed by the HRO theory, where prevention activities—which are mainly based on Safety-I—need to be completed by a resilient approach typical of Safety-II.
  • Literature shows that an effort should be made to define operative tools that could allow an effective integration of Safety-II in working environments. This is currently recognized as a gap in Safety-II research. Moreover, some researchers suggest that instruments traditionally adopted in Safety-I (as are NMSs) could be revised to include a Safety-II perspective, Thus, integrating Safety-II in NMSs can represent a new way of approaching all steps of near-miss management. Basically, a more “positive” perspective needs to be applied, starting from near-miss definitions to the approach adopted for analyzing the dynamics of the event, and, finally, to the way the acquired knowledge about critical factors is communicated to workers.
  • The test case based on public data regarding major installation has shown some interesting results. At first, it has to be noted that some issues typical of Safety-II could be already outlined in near-miss analysis, even if they are not formalized and defined in a structured approach. Thus, the study helps to overcome this limit by proposing guidelines for effective integration. Results can help practitioners (companies and in particular safety managers and operators) to structure the near miss management process considering an integrated approach based on Safety-II principles, recommending which type of data should be collected and analyzed for each event, which factors should be included in the analysis phase, and suggesting the inclusion of resilience-oriented actions in the solution identification phase. However, some criticalities are still present, which are mainly due to a lack of operative tools that enable applying Safety-II in a real-world environment. One example is indicators that allow us to monitor the efficacy of the Safety-II strategy. This issue focused on NMSs could be a further development of this study.
Another limitation has to be highlighted. The test case presented is based on open-access data on events collected from different companies; therefore, the level of detail is limited by the type of information available. In order to assess the validity and efficacy of the framework proposed, it would be useful to perform a case study testing the tool in the working environment of a company, supporting the staff with the implementation of the new approach for near-miss management, and collecting feedback on the field.

6. Conclusions

Promoting safety in the workplace is crucial to enhance the social sustainability of a company. The paper proposes a critical analysis of how to integrate traditional approaches to safety analysis—i.e., based on Safety-I theory—with new approaches derived from resilience engineering, i.e., Safety-II theory. The analysis is developed for a specific core process in safety management, a near-miss management system. Differently, from an open discussion about what is the most effective method to adopt, the paper analyzes how to integrate and coordinate the two approaches for improving the global effectiveness of near-miss management systems. On one hand, the aim of the Safety-I approach in the near-miss analysis is mainly oriented to “delete” causes that have forced the occurrence of a non-conformity event with no consequences. This approach is basically a reactive approach that, for several years, has provided interesting results to prevent incidents as well as injuries. On the other hand, the main target of Safety-II in near-miss analysis is to emphasize enhancing company employees’ resilience as the ability to monitor things and handle situations before an accident could occur. Thus, by efficiently integrating the two approaches, a more effective extraction of knowledge from near-miss analysis is feasible. This study represents a first attempt to realize this integration, proposing a framework for reporting and analyzing near-miss events through an integrated Safety-I/Safety-II approach that is applied to a test case: two events derived from an international structured database regarding major installations have been analyzed in the light of the two principles. These preliminary results outline interesting points of improvement in current models to design and apply near-miss management systems. Further research should be oriented to test the proposed framework for NMSs implementation in one or more case studies, to validate the approach and eventually improve it. Moreover, the analysis of other existing tools for safety management from a Safety-II perspective could be carried out, with the objective of extending this approach through well-known, adapted instruments.

Author Contributions

Conceptualization, F.D.L., V.E., M.G.G. and F.T.; methodology, F.D.L., V.E., M.G.G. and F.T.; formal analysis, F.D.L., V.E., M.G.G. and F.T.; writing—original draft preparation, M.G.G. and F.T.; writing—review and editing, F.D.L., V.E., M.G.G. and F.T.; project administration, M.G.G.; funding acquisition, M.G.G. All authors have read and agreed to the published version of the manuscript.

Funding

This research was partially funded by INAIL, grant number BRIC ID 01/2019.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Publicly available datasets were analyzed in this study. This data can be found here: https://emars.jrc.ec.europa.eu/en/emars/accident/search#.

Conflicts of Interest

The authors declare no conflict of interest. The funders had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript; or in the decision to publish the results.

References

  1. Haavik, T.K. Debates and politics in safety science. Reliab. Eng. Syst. Saf. 2021, 210, 107547. [Google Scholar] [CrossRef]
  2. Hollnagel, E. Is safety a subject for science? Saf. Sci. 2014, 67, 21–24. [Google Scholar] [CrossRef]
  3. Hollnagel, E.; Wears, R.L.; Braithwaite, J. From Safety-I to Safety-II: A White Paper; University of Southern Denmark: Odense, Denmark; University of Florida: Gainesville, FL, USA; Macquarie University: Sydney, Australia, 2015. [Google Scholar]
  4. Aven, T. A risk science perspective on the discussion concerning Safety I, Safety II and Safety III. Reliab. Eng. Syst. Saf. 2022, 217, 108077. [Google Scholar] [CrossRef]
  5. Ham, D.-H. Safety-II and Resilience Engineering in a Nutshell: An Introductory Guide to Their Concepts and Methods. Saf. Health Work 2021, 12, 10–19. [Google Scholar] [CrossRef]
  6. Ball, D.R.; Frerk, C. A new view of safety: Safety 2. Br. J. Anesth. 2015, 115, 645–647. [Google Scholar] [CrossRef] [Green Version]
  7. Farooqi, A.; Ryan, B.; Cobb, S. Using expert perspectives to explore factors affecting choice of methods in safety analysis. Saf. Sci. 2022, 146, 105571. [Google Scholar] [CrossRef]
  8. Martins, J.B.; Carim, G.; Saurin, T.A.; Costella, M.F. Integrating Safety-I and Safety-II: Learning from failure and success in construction sites. Saf. Sci. 2022, 148, 105672. [Google Scholar] [CrossRef]
  9. Qiao, W.; Liu, Y.; Ma, X.; Lan, H. Cognitive Gap and Correlation of Safety-I and Safety-II: A Case of Maritime Shipping Safety Management. Sustainability 2021, 13, 5509. [Google Scholar] [CrossRef]
  10. Bueno, W.P.; Wachs, P.; Saurin, T.A.; Ransolin, N.; Souza Kuchenbecker, R. Making resilience explicit in FRAM: Shedding light on desired outcomes. Hum. Factors Ergon. Manuf. Serv. Ind. 2021, 31, 579–597. [Google Scholar] [CrossRef]
  11. National Safety Council. Near Miss Reporting Systems; National Safety Council: Itasca, IL, USA, 2013. [Google Scholar]
  12. Cavalieri, S.; Ghislandi, W.M. Understanding and using near misses properties through a double-step conceptual structure. J. Intell. Manuf. 2010, 21, 237–247. [Google Scholar] [CrossRef]
  13. Phimister, J.R.; Oktem, U.; Kleindorfer, P.R.; Kunreuther, H. Near miss Incident Management in the Chemical Process Industry. Risk Anal. 2003, 23, 445–459. [Google Scholar] [CrossRef] [PubMed]
  14. Gnoni, M.G.; Saleh, J.H. Near-miss management systems and observability-in-depth: Handling safety incidents and accident precursors in light of safety principles. Saf. Sci. 2017, 91, 154–167. [Google Scholar] [CrossRef]
  15. Pereira, E.; Ahn, S.; Han, S.; Abourizk, S. Identification and association of high-priority safety management system factors and accident precursors for proactive safety assessment and control. J. Manag. Eng. 2018, 34, 04017041. [Google Scholar] [CrossRef]
  16. Provan, D.J.; Woods, D.D.; Dekker, S.W.A.; Rae, A.J. Safety II professionals: How resilience engineering can transform safety practice. Reliab. Eng. Syst. Saf. 2020, 195, 106740. [Google Scholar] [CrossRef]
  17. Salehi, V.; Veitch, B.; Smith, D. Modeling complex socio-technical systems using the FRAM: A literature review. Hum. Factors Ergon. Manuf. Serv. Ind. 2021, 31, 118–142. [Google Scholar] [CrossRef]
  18. Ham, D.-H.; Park, J. Use of a big data analysis technique for extracting HRA data from event investigation reports based on the Safety-II concept. Reliab. Eng. Syst. Saf. 2020, 194, 106232. [Google Scholar] [CrossRef]
  19. Whal, A.; Kongsvik, T.; Antonsen, S. Balancing Safety I and Safety II: Learning to manage performance variability T at sea using simulator-based training. Reliab. Eng. Syst. Saf. 2020, 195, 106698. [Google Scholar] [CrossRef]
  20. Cutchen, S.S. Safety-II—Resilience in the face of abnormal operation. Process Saf. Prog. 2021, 40, e12212. [Google Scholar] [CrossRef]
  21. Homann, F.; Limbert, C.; Bell, N.; Sykes, P. Safety through engaged workers: The link between Safety-II and work engagement. Saf. Sci. 2022, 146, 105521. [Google Scholar] [CrossRef]
  22. Gnoni, M.G.; Tornese, F.; Guglielmi, A.; Pellicci, M.; Campo, G.; De Merich, D. Near miss management systems in the industrial sector: A literature review. Saf. Sci. 2022, 150, 105704. [Google Scholar] [CrossRef]
  23. Gnoni, M.G.; Saleh, J.H. How near miss management systems and system safety principles could contribute to support high reliability organizations. In Safety and Reliability—Theory and Applications, Proceedings of the 2nd International Conference on Engineering Sciences and Technologies, Tatranské Matliare, Slovak Republic, 18–22 June 2017; CRC Press: Boca Raton, FL, USA, 2017; p. 452. [Google Scholar] [CrossRef]
  24. Andriulo, S.; Arleo, M.A.; de Carlo, F.; Gnoni, M.G.; Tucci, M. Effectiveness of maintenance approaches for high reliability organizations. IFAC PapersOnLine 2015, 48, 466–471. [Google Scholar] [CrossRef]
  25. Thoroman, B.; Goode, N.; Salmon, P.; Wooley, M. What went right? An analysis of the protective factors in aviation near misses. Ergonomics 2019, 62, 192–203. [Google Scholar] [CrossRef]
  26. Thoroman, B.; Goode, N.; Salmon, P. System thinking applied to near misses: A review of industry-wide near miss reporting systems. Theor. Issues Ergon. Sci. 2018, 19, 712–737. [Google Scholar] [CrossRef]
  27. Thoroman, B.; Salmon, P.; Goode, N. Evaluation of construct and criterion-referenced validity of a systems-thinking based near miss reporting form. Ergonomics 2020, 63, 210–224. [Google Scholar] [CrossRef] [PubMed]
  28. Thoroman, B.; Salmon, P. An integrated approach to near miss analysis combining AcciMap and Network Analysis. Saf. Sci. 2020, 130, 104859. [Google Scholar] [CrossRef]
  29. Thoroman, B.; Salmon, P.; Goode, N. Applying AcciMap to test the common cause hypothesis using aviation near misses. Appl. Ergon. 2020, 87, 103110. [Google Scholar] [CrossRef] [PubMed]
  30. Leveson, N. Safety III: A Systems Approach to Safety and Resilience; MIT Engineering Systems Lab: Boston, MA, USA, 2020. [Google Scholar]
Sustainability 15 02130 g001 550
Figure 1. Near miss event management pillars in the light of an integrated Safety-I and Safety-II perspective.
Figure 1. Near miss event management pillars in the light of an integrated Safety-I and Safety-II perspective.
Sustainability 15 02130 g001
Sustainability 15 02130 g002 550
Figure 2. Steps of NMSs and safety approaches: the framework proposed.
Figure 2. Steps of NMSs and safety approaches: the framework proposed.
Sustainability 15 02130 g002
Sustainability 15 02130 g003 550
Figure 3. Main factors to consider in the reporting, assessment, and solution identification phases of NMSs with an integrated Safety-I and Safety-II perspective.
Figure 3. Main factors to consider in the reporting, assessment, and solution identification phases of NMSs with an integrated Safety-I and Safety-II perspective.
Sustainability 15 02130 g003
Table
Table 1. Comparison of main features of Safety-I and Safety-II approaches, elaborated from [3,8].
Table 1. Comparison of main features of Safety-I and Safety-II approaches, elaborated from [3,8].
ConceptsSafety-ISafety-II
Safety Definition “As few things as possible go wrong”: safety level is inversely proportional to the number of adverse events“As many things as possible go right”: safety level is proportional to the number of positive outcomes
Main FocusAnalysis of bad outcomes and causesAnalysis of all outcomes (including good ones) and causes
Safety management principleReactive: respond to accidents or risksProactive: trying to anticipate events
System behaviorBimodal (good or bad outcome)Performance variability that generates good or (sometimes) bad outcomes
Mechanism of bad outcomesCausality (one or more causes for failure can be identified, they could be connected by complex models)Emergence (failure and success are the resultants of different interacting factors that may not be easily explained)
Human factorPossible source of liability Source of flexibility and adaptability
Table
Table 2. Analysis of the two near-miss events according to Safety-I and Safety-II principles.
Table 2. Analysis of the two near-miss events according to Safety-I and Safety-II principles.
Event 1Event 2
Reporting and assessmentRoot causePower failure caused by a hardware error in a remote-control systemLeaky fitting
Emergence dynamicMore factors concurred with the outcome (failure of UPS, failure of manual switches for the emergency coolant supply, failure of emergency scrubber). Resilience: responses to these events that allowed to contain the damageNeed to explore motivations behind leaking (e.g., wrong maintenance plan, treatment of valve, …)
Protective factor blocking escalationEmergency procedures (manual shutdown)Emergency procedures (line shutdown)
Protective factor reducing consequencesEmergency procedures (firefighting service)The relief pipe was installed in accordance with internal standards (reducing damages)
System responseCondensing of vapors inside the building, supported by monitors and fire service water curtains from outside. Repair and maintenance shutdownInstallation shut down, discharge pipe monitored, pipe cooled with water
ConsequencesMaterial damageNo damage to property
Solution identificationMeasures focused on preventionSystematic inspection and improvement of electrical, auxiliary, emergency, and uninterruptible power supply systems, optimization of maintenance plans.Optimization of the manner in which relief pipes are rendered inert and replacement of all valves;
Adaptation of the inspection period of the valves and regeneration process expanded to include leak-tightness testing.
Measures focused on enhancing resilienceOptimization of fire-fighting water supply.Considering the prevention measures, it is expected that such an event will not happen again.
Further possible measuresFocused on enhancing resilienceImprovement of workers’ training for emergency procedures and managementRevision and improvement of emergency procedures
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

De Leo, F.; Elia, V.; Gnoni, M.G.; Tornese, F. Integrating Safety-I and Safety-II Approaches in Near Miss Management: A Critical Analysis. Sustainability 2023, 15, 2130. https://doi.org/10.3390/su15032130

AMA Style

De Leo F, Elia V, Gnoni MG, Tornese F. Integrating Safety-I and Safety-II Approaches in Near Miss Management: A Critical Analysis. Sustainability. 2023; 15(3):2130. https://doi.org/10.3390/su15032130

Chicago/Turabian Style

De Leo, Federica, Valerio Elia, Maria Grazia Gnoni, and Fabiana Tornese. 2023. "Integrating Safety-I and Safety-II Approaches in Near Miss Management: A Critical Analysis" Sustainability 15, no. 3: 2130. https://doi.org/10.3390/su15032130

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop