The Limits of Safety Differently?

DSCN5361I was having a discussion the other day with a colleague about how Safety Differently fits in different organizations. Some organizations we’ve encountered are hungry for something new. They realize that the same-old safety approaches are not getting them the results they would like and are actively seeking a different approach. Obviously these organizations are ripe for a discussion about Safety Differently.

But what about others who, as some describe, are not as far along? For example, in my own company the majority of organizations that contact us are simply looking for help with basic regulatory compliance. How does Safety Differently fit in an organization such as that? As my colleague argued, and I’ve heard others take a similar argument, first we must use traditional approaches to get the organization up to a minimum level of compliance. Only then can we apply a Safety Differently approach and get results. To apply Safety Differently before this would be inappropriate and perhaps harmful.

A similar argument is found sometimes in those dealing with critical tasks that may lead to disastrous outcomes. In a situation where variability may lead to catastrophe wouldn’t an approach that embraces worker creativity and adaption be inappropriate? Would a Safety-I mindset be more appropriate in such an environment?

Now, let me start off by saying that people who I’ve spoken with who adhere to the idea that Safety Differently only applies to certain types of organizations and contexts are all very intelligent and well-meaning. They really do believe in doing Safety Differently.

That said, the idea that Safety Differently applies in some environments and not others confuses me. At a conceptual level, Safety Differently is not merely a set of interventions or tools. In safety practice we have interventions and tools that we apply in various situations that are appropriate or inappropriate depending on the context. Take training for example. Training is a very useful tool to enhance human performance for some skills and tasks and is wholly lacking for others.

Or take another example, a safety management system (setting aside the debate on the effectiveness of management systems as an intervention for the moment). Clearly some organizations have the resources and drive necessary to implement a safety management system, whereas others (i.e., small businesses) may simply not have the bandwidth to do so.

Safety Differently is not like that. Safety Differently is, if I may be so bold, a paradigm (or insert the word “mindset” if you’re not comfortable with the word “paradigm”) based on a worldview of how people organize to do work. Take one of the primary tenets of Safety Differently for example – people are a solution to harness. This is regardless of the problem we’re trying to solve or the environment we are in. Of course we’re not saying that people will always have all the answers. Most workers have no real understanding of legal issues surrounding regulatory compliance. But workers always have expertise when it comes to work, and if those regulations involve applying them to work the workers will have a really good set of ideas on how to do that if we work with them collaboratively.

Now a set of interventions and tools follows from the basic tenets of Safety Differently and there are plenty more to be identified. But if people are a solution to harness, if we should focus on successful outcomes as well as failures, if we want to change the focus to understanding how work works, etc., I don’t see why this doesn’t apply in almost any organizational context.

Take the critical tasks example. Yes, we don’t necessarily want variability when disaster looms, but if we find variability shouldn’t we seek to understand that variability before simply correcting it? Wouldn’t the worker who literally has “skin in the game”, so to speak, have the most to lose by varying from the procedure? Could it be possible that they have found a better way to avoid catastrophe than those who are separate from the work environment? Imagine the message we send to workers by seeing them as a solution…unless their life is on the line, in which case we can no longer trust them.

Further, and perhaps more importantly, a Safety-I only approach to critical risks often ignores other factors related to work processes that induce the variability we see. Workers in tasks with and without critical risks have to balance competing goals and deal with scarce resources. Managing the complexity of these tasks, in addition to keeping themselves safe is the source of the variability we observe. If we attempt to eliminate this variability through traditional command and control means we ignore these external influences. Our solutions will erode against the continuous, but unseen pressures of normal work.

In the case of those organizations that are looking for basic compliance, the argument also appears to assume that there is some maturity model that organizations go through, from looking for basic compliance to, eventually, looking for Safety Differently. It seems strange and counter-productive if we build up the organization using traditional models in the beginning, only to have to unlearn them when the organization matures. Imagine the scene when one day you walk into the organization and you say, “Ok, you’re finally ready! Forget everything that I’ve ever taught you before this, because it’s all wrong!” I don’t think we could fault the organization if at this point they sort of feel like the child whose parents just informed him that Santa Clause is a myth – a bit betrayed. Not to mention all the old habits that you encouraged previously that you’d have to now break.

The argument that an organization that is “immature” from a safety perspective ignores the potential appeal a Safety-II approach would have. Imagine a small to medium-sized business that realizes it wants to begin to invest in safety after a period of no investment. Isn’t it plausible that an approach based upon understanding how work gets done and enhancing the capacity to achieve success would be more palatable to the organization than an approach merely based on forcing constraints on production?

Furthermore, in the case of regulatory compliance or of dealing with critical risks, the Safety-I approach would seem to have limited effectiveness primarily because it deals poorly with variability in work performance. Variability would be present in both compliance and critical risk operations, and if we limit ourselves to Safety-I interventions alone we are handicapping ourselves. We must remember that Safety-II includes Safety-I. If we come to compliance and/or critical risk operations with a Safety Differently mindset we bring a bigger toolbox with us, allowing for a richer set of potential interventions and, indeed, innovations.

Now, I do not want to say that Safety Differently is the only way to practice safety, nor that it is a “you’re with us or you’re against us” situation. However, I do think that the idea that Safety Differently does not work in such situations is premature. I do agree that there will be situations where applying a Safety Differently approach will be challenging, but in all cases I see far more value in the approach if applied successfully than any known alternatives. It seems like instead we should be having a conversation about how Safety Differently applies in these challenging situations. How would it look different in a “mature” organization versus an organization that is only looking for the basics? What about the difference between normal operations versus critical, high risk tasks? How would a Safety Differently approach deal with variability where variability could be deadly? These are all open and vital questions for the Safety Differently community to explore.

Note – Thanks to Daniel Hummerdal for help with the title and for very useful comments and critiques on early drafts of this post!


  1. drbillcorcoran Reply

    • Flowdown Causation of Noncompliance

    An inescapable fact is that the causation of noncompliance/ nonconformance with a requirement includes the failure to flowdown (flow down) effectively the requirement to the situation in which it should have applied. When a beneficial requirement is effectively flowed down to a situation it results in at least one identifiable beneficial condition, behavior, action and/or inaction. Flow down is accomplished by procedures, signs, training, supervision and the like.

    Observation: Compliance is converting requirements into conditions, behaviors, actions, and/or inactions.

  2. Ben Kirkbride Reply

    I feel the current work climate, particularly in construction, is ready for a different perspective, one where workers gravitate towards, simply because it’s different. Variation is something workers can relate to, they do it everyday without hesitation. Adaptation comes naturally. How well do organisations understand it? How will the organisation react when it becomes obvious? The shift is merely offering an alternative to an over-bureaucratic setting (safety I), where transactional activities such as, focusing on high consequence risks and the accompanying assurance activities certainly prove critical to get right. Continue to silo this approach and your organisation will not learn anything new. Blend this approach with a Safety II flavour and you will learn more about your organisation and its people than ever before. I recently facilitated a session, set out to understand conditions for success. No criteria, no assessment guidelines or structure that was visible. Simply a conversation with a mix of blue and white colar workers all working towards one goal, completing a work task, collaboratively. The result, workers talking openly about performance variability, where tools were modified, challenges were overcome by applying previous learning experiences and the refinement of work methods to achieve the task more efficiently. At no stage dos they mention, “we did it safely”. This was already incorporated, an ethical approach to doing it right. No injuries to learn from here, purely a ‘people are the solution’ approach whether they knew conscious of it or not.

  3. Ron Butcher Reply

    Thanks Ron. I think the use of the word paradigm is inescapable in this instance. Safety Differently, Safety-II or whatever label is assigned, carries with it a (albeit difficult) recognition, that we have missed, erred, ignored or failed somehow in our past practices. What may seem like revolution is really, in my estimation, an evolutionary progression built on the questions and works of Heinrich, Peterson, Manuele, Reason, Weick, Doermer, Perrow, Cialdini, Deming, Skinner, Bandura, Milgram, Zimbardo, Latane, Dekker, Hollnagel and Leveson, to name a few. Safety Differently is the incorporation of the so called “soft sciences” into the realm of accounting and engineering which are not historical considerations of either group. I don’t see Safety Differently as an indication of past failure as much as I see it as an acknowledgement that we have been shortsighted in our consideration of factors influencing safety. The “human” has always been an uncomfortable confound that was necessary as the primary cause for our actions and initiatives.

    As I’ve said before, I don’t consider this as “Safety Differently” as much as I consider it as Safety as it Should Be.

    Thanks again for another thought-provoking post Ron. Always enjoy your work.

  4. Shane Durdin Reply

    That was a great read Ron. Thank you. I have for the past couple of years been worried that the ‘safety differently’ mantra was just starting to become rhetoric. We could quite easily detail what was wrong with safety, and quite simply say was was right, yet very little was said about what was actually being done to make it right. I am however starting to see more feedback and stories of success. I’m starting to see courage in experimentation, and believe it or not our economic climate at present is actually favoring a safety-II approach. As costs get driven down in training, resourcing, etc, etc, the focus is on communication, collaboration, teaming, high performance, people, and so on to achieve the outcomes rather than more procedures, training, supervision, safety cops….

    On the whole, most organisations have leadership that want to improve their operations to create value for themselves or their shareholders. If business does not understand their own level of safety maturation in all areas of the business, the trade -offs of performing at that level, and that cultural changes begin with the smallest improvements of those trailing aspects of maturation for incremental improvement versus large ‘cultural shift’ programs of which research indicates over 83% of investment in this approach fails. When there is failure in safety most businesses go back to the default safety-I approach.

  5. Martin Harding Reply

    Hi Ron,

    I’m wholeheartedly in favour of working, on a daily basis, to make Safety Differently a reality within my organisation. My constraints revolve around being a “Lone Wolf” crying out in the Wilderness.

    Don’t get me wrong, I’m not seeking sympathy and saying “Poor Me” – quite the contrary I’d like to offer a suggestion that may make help the embedding of Safety Differently within any organisation easier….

    The Before and After approach !

    My suggestion is… Take a series of actual Incidents that have occurred in the organisation, and document how these were dealt with Traditionally (eg Safety 1 = Before). Then document how they can be dealt with following the Safety II approach (After).

    This documentation can then be shown to anyone within the organisation and they can see the difference for themselves using a very solid, actual example. I’m going to give this a go ! I’ll let you know how people respond and how effective the approach was.

    1. Rob Hoitsma Reply

      Interesting Martin, I present investigation results and give Safety I and II reflections (II = reflection on “why did it make sense to do it like this”), without naming the difference explicit. Maybe this help in the discussion and promoting Safety II thinking.

      1. Ron Butcher Reply

        I think to some degree we are all in the Line Wolf role. What I see in the paradigm shift is an expansion of perspective that encompasses the social sciences that are based on the empirical evidence of that research. It has always surprised me that we ignore the bounded rationality of the human condition when that very resource holds the keys to organizational success. With all due respect to the disciplines of engineering and accounting, why would assume human perfection when it certainly has never existed within the constraints of those tightly controlled disciplines.

        I suppose the “trick” is to bring those influences forward lest we just howl at the moon.

  6. Wrae Hill Reply

    We are learning in Canadian Healthcare that standards and flexibility can and should naturally coexist. So I don’t see a problem with discussing reliability & resilience (together), or for that matter Safety 1 (reactive current state) with Safety 2 (proactive desired state), together. We will always require the capacity to respond, however by using Safety 2 / Resilience thinking we are learning how to; anticipate, monitor and learn (organizationally) from “work as done”.. There , I’ve just summarised resilience.
    Thanks for the thoughtful post, Wrae

  7. Wade Needham (@edawneedham) Reply

    I liked this excerpt from the White Paper Safety I to Safety II from EuroControl which assists with your points Ron –

    “Performance adjustments and performance variability are thus both normal and necessary, and are the reason for both positive and negative outcomes. Trying to achieve safety by constraining performance variability will inevitably affect the ability to achieve desired outcomes as well and therefore be counterproductive. Thus rather than looking for ways in which something can fail or malfunction, we should try to understand the characteristics of everyday performance variability.”

    “.. the definition of safety should be changed from ‘avoiding that something goes wrong’ to ‘ensuring that everything goes right’. Safety-II is the system’s ability to succeed under varying conditions, so that the number of intended and acceptable outcomes (in other words, everyday activities) is as high as possible. The basis for safety and safety management must therefore be an understanding of why things go right, which means an understanding of everyday activities.”

    From the above, and to stir the pot a bit, all organisations can benefit from the above shift in focus. Taylor was trying to achieve the above although he discredited the influential human element as a positive source of performance above raw biology.

    One issue I have with developmental theory is that who says that a safety “worldview” is integral for an organisation to develop? Apart from the work of Graves, Beck & Wilbur I would be very weary to further reduce their work down past a point where subjective context presents too many variables for a construct to be applicable to other contexts.

    In appreciation of the risks of reducing a message down to a point where it loses its meaning we too often we play with the cards we have been dealt rather than looking for another table or different deck of cards to play with. A simple analogy is that Safety II is a shift to offence rather than playing defence, risk is uncertainty on objectives; not ignorance of the upside with binary focus on limiting the downside to a point of neutral impact.

    I still struggle that the language of most (but not all) organisations is achieving their objectives which in turn are typically enshrined in language of the industrial-capitalist complex of maximising profits for shareholders / owners and having neutral impact to all other stakeholders. Why isn’t game theory applied to a greater degree, rather than a fixed mindset of non investment in positive outcomes for stakeholders? Why shouldn’t B Corps be the norm rather than the exception / goal?

    in summary why shouldn’t people who go to work have the by-product of increased health rather than an at best neutral approach espoused by Safety I in order to maximise profits? Maybe including a positive health impact to the human in the system & reducing performance variability ensuring that intended outcomes are achieved is the next machination or construct and is Safety III.

  8. Andrew Rae (@Dioptre) Reply

    Ultimately, “doing safety differently” ought to be the goal of all organisations unless they are perfectly happy with the status quo. Of all the available things to add or subtract, what should they do next? For an organisation with many existing systems and practices, “doing safety differently” needs to include some subtraction as well as addition. For an organisation without much “doing safety”, they’re probably going to add something. Should it be something inspired by Safety I, or something inspired by “safety differently”? I don’t think we really know the answer yet.

    I think your question comes down to whether “Safety Differently” is in fact a paradigm shift, a different set of practices, or a shift in emphasis.

    If it is a paradigm shift – in the Kuhnian, “Scientific Revolutions” sense – then you’re absolutely right and it challenges the validity of all Safety-I practices, no matter where they occur. If it is either of the others, then it is an open empirical question which practices and emphasis work best for different situations.

    My personal guess is that “Safety Differently” is a movement, including people with very different understanding of the problems. For some, “Safety Differently” is a rennaisance, rediscovering the implications of complex systems theory for organisational safety – or at least re-asserting the importance of this part of the safety science literature. For others, “Safety Differently” is a rejection of ineffective safety practices. I’m sure for some, “Safety Differently” is an opportunity to challenge the status quo as a way to establish a market identity, or as a “novel = better” approach to addressing existing frustrations.

  9. Mark Donnelly Reply

    Can anyone tell me what these particular ‘same-old safety approaches are’ that we keep hearing about…lets first look in depth at each of these issues and test the notion that it is the failure of these topics…and not that of human drive.

    I think people are shying away from the core reasons why safety is where it is…and those things not addressed will not be going away any time, Safety Differently is wishful thinking in assuming we are not what we are and act as we do…

  10. Ludwig Benner Reply

    “a set of interventions and tools follows from the basic tenets of Safety Differently”
    “people are a solution to harness”
    “core reasons” etc.
    I see this in various forms in other postings.

    Based on over 50 years of observations and analyses in a wide range of organizations and positions, I submit that several foundational perspectives have misdirected the practice of safety from it’s earliest days.

    First is the perspective about the role of human beings in achieving “safety.” I believe safety practitioners and researchers need to recognize that human beings are incorporated into systems and activities, to help achieve, with other components, desired performance and outcomes. They are expected to do this in one of two ways:
    1. implementing planned actions designed to achieve the desired performance and outcomes, and
    2. introducing adaptive reactions to any kind of perturbations to planned behaviors or system operations that can disrupt the achievement of desired performance or outcomes.
    The latter role is relevant when seeking to understand “unsafety.” Seeking to harness or “control” them by regulation, executive fiat, slogans or otherwise in the name of safety is in my view counterproductive.

    Second are the perspectives about human beings’ performance expectations in those roles, particularly with respect to the degree of perfection in executing their roles, as illustrated by the terms associated with descriptions of their behaviors like human error, failed to, etc. This affects preparations of humans for these roles, both as to their design, selection, training and monitoring, and then the assessments of their performance in those roles when unexpected results occur.

    Third are the perspectives that accidental occurrences are simplistic, linear chains or stochastic phenomena rather than complex processes requiring numerous successive interactions among people, objects and energies over some time to produce the observed accidental outcomes. This has a major impact on many aspects of safety practice, including terminology, investigation objectives, system design and analyses, training, safety measurement, recommendations, communications, etc.

    Fourth is the perspective of cause determination as the driver for investigating accidental occurrences and defining the causal complicity of human being’s performance during those occurrences. Causes (in all their forms) are the subjective attribution of a non-observable property to some selective “event” of the accidental occurrence process. The societal nexus of cause with fault and blame adds to safety’s problems dealing with the interactions between safety and judicial interests. This is particularly distressing since numerous alternatives are available, as can be demonstrated by eliminating the use of the word “cause” in personal activities for 90 days.

    Fifth is the subtle perspective about the need to use a negative vocabulary in safety practices, like accident prevention, human error, unsafe actions, barriers, control, failed to or failure, did not, cause, intervention, etc. which cast a burdening rather than constructively contributory impression of safety regulations and recommendations for changes.

    Sixth is the range of perceptions about what accident occurrence data should be captured, reported and used for “safety improvement” recommendations and safety research. This results in the use of many different investigation methods, each producing different data outputs, a mixture of empirical source data, interpretations, judgments, conjectures, and irrelevant aggregations of data, rather than specific data about the actions that sustained accidental occurrence processes. This has the further detrimental effects of data users being at the mercy of investigator’s decisions about what they elected to document, and undermining the validity of predictions about effects of proposed changes.

    There are others, but if the field is ever to progress to Safety III, safety practitioners and researchers must rectify these faulty perceptions.

Leave a Reply

Your email address will not be published. Required fields are marked *