in Table 2.9 .
Table 2.9 Categories of barriers.
| Physical barriers– Equipment and engineering design– Personal protective equipment (e.g. clothes, hard hats, and glasses)– Fire walls, shields– Safety devices (e.g. relief valves, emergency shutdown systems, and fire extinguishers)– Warning devices (e.g. fire and gas alarms) | Organizational barriers– Hazard identification and analyses– Line management oversight– Supervision– Inspection and testing– Work planning– Work procedures– Training– Knowledge and skills– Rules and regulations |
2.6.2 Safety
Safety is a problematic concept that is used with many different meanings. Many standards and guidelines related to risk assessment use the word safety but avoid defining the concept. An exception is MIL‐STD‐882E (2012), where safety is defined as “freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.” According to this definition, safety implies that all hazards are removed and that no assets will be harmed. This implies that risk is zero. For most practical systems, safety is therefore not attainable, and may be considered a Utopia.
Many risk analysts feel that the definition of safety in MIL‐STD‐882E is not of any practical use and that we need a definition such that safety is an attainable state. The following definition is therefore proposed:
Definition 2.31 (Safety)
A state where the risk has been reduced to a level that is as low as reasonably practicable (ALARP) and where the remaining risk is generally accepted.
This definition implies that a system or an activity is safe if the risk related to the system/activity is considered to be acceptable. Safety is therefore a relative condition that is based on a judgment of the acceptability of risk. The meaning of acceptable risk and ALARP is discussed further in Chapter 5.
From Definition 2.31 , safety is closely dependent on risk because it is the risk level that determines whether a system is safe or not. An important distinction between risk and safety, as defined above, is that safety is a state that either is reached or not, whereas risk is measured on a continuous scale and can be high, medium, or low or measured or expressed in other ways. This means that even if a system is safe, there will still be risk.
2.6.3 Safety Performance
In this book, we use the word risk to describe our uncertainty about adverse events that may occur in the future. Sometimes, decision‐makers may be wondering “whether the estimated risk in the coming period (e.g. five years) is higher or lower than the risk was in the past period.” With our definition of risk, speaking of risk in the past has no meaning. This is because when a period is over, there is no uncertainty related to what happened in that period. We therefore need another term that can be used to describe what happened in a past period – and we use the term safety performance.
Definition 2.32 (Safety performance)
An account of all accidents that occurred in a specified (past) time period, together with frequencies and consequences observed for each type of accident.
In this way, the estimated risk in the coming period can be compared to the safety performance in the past period.
Remark 2.7 (Was the risk analysis wrong?)
Observe that the occurrence of events and accidents is – at least partly – a random process. If the risk in the coming period is estimated to be rather high, and by the end of that period, we find that the safety performance in the period showed no accidents, this does not necessarily mean that the risk analysis was wrong. The same argument can also be used the other way around. In particular for major accident risk, it can be claimed that risk analyses are hardly ever wrong (although they may not always be right)!
2.6.4 Security
In risk analysis, it is important to identify all the relevant hazardous events. The hazardous events may be (i) random, such as technical failures and natural events (e.g. lightning, flooding), (ii) systematic, such as software bugs or erroneous installation, or (iii) due to deliberate actions, such as computer hacking and arson. The term safety is often used when we talk about random events, whereas security is used in relation to deliberate actions. The term total safety is sometimes used to cover both safety and security. Security assessment is discussed in Chapter 17.
Definition 2.33 (Security)
Freedom from, or resilience against, harm committed by hostile threat actors.
Security is, as safety, a relative concept that is closely related to risk acceptability. The principal difference between safety and security is intentionality; security is characterized by adversary intent to do harm. Assessing security risk therefore changes the first question of Kaplan and Garrick (1981) into how someone can make something happen. This complicates risk assessment, as the range of possible events is restricted only by the assessor's imagination and ability to put herself in the situation of a potential enemy or criminal.
Central to an understanding of the concept of security are the terms threat, threat actor, and vulnerability:
Definition 2.34 (Threat)
A generic category of an action or event that has the potential to cause damage to an asset.
The deliberate hostile action can be a physical attack, such as arson, sabotage, and theft, or a cyberattack. The generic categories of attacks are called threats, and the entity using a threat is called a threat actor or a threat agent. Arson is therefore a threat, and an arsonist is a threat actor. The threat actor may be a disgruntled employee, a single criminal, a competitor, a group, or even a country. When a threat actor attacks, she seeks to exploit some weaknesses of the item. Such a weakness is called a vulnerability of the item. Weak passwords and heaps of combustible materials close to the item are examples of vulnerabilities.
There are two categories of threats, (i) physical threats and (ii) cyber threats. Cyber threats include hacking, worms, viruses, malware, trojan horses, password cracking, and many more. With our increasing dependency of computers and communication networks, our fear of cyber threats is steadily increasing.
Remark 2.8 (Natural threat)
The word “threat” is also used for potential natural events, such as avalanche, earthquake, flooding, hurricane, landslide, lightning, pandemic, tsunami, and wildfire, to name a few.
