Safety II professionals: How resilience engineering can transform safety practice

Safety II professionals: How resilience engineering can transform safety practice

This is a paper by David Provan, David Woods, Sidney Dekker, and Andrew Raea that is intended to be a guide on how a safety professional’s work would change when moving from a viewpoint of Safety I to that of Safety II.

The authors refer to the “safety professional” so I will do so here as well, but I think it’s important to note that you don’t necessarily have to be part of a named safety organization or have an explicit safety title to be able to function in some or many of the ways that the authors describe.

Especially for us in software, where we may be keeping systems running and/or providing tools to help others do so, we are certainly safety professionals and can make our own shift between Safety I and II views and actions.

Safety I is essentially the traditional way of viewing safety and safety management. This is the mode of centralized control, where the focus is on regulation and compliance. In this view, safety is a matter of determining what is safe, then making processes, procedures, and requirements to fit that. From this perspective, if an accident or near miss occurs, this is due to some deviation from the correct process or procedure.

Safety II is a term coined be Erik Hollnagel. This is the mode of guided adaptability, were the role of the safety professional is to help useful adaptations thrive while finding alternatives for harmful adaptations. That’s not to say adaptation doesn’t exist in Safety I, of course it does, but it is in response to pressures generated by the centralized control model, so many of the adaptations are not desirable.

Because it is a different way of looking at safety that can seem to be in such stark contrast to Safety I, in addition the naming, it can seem that Safety II stands in opposition to Safety I. That there is some sort of one or the other choice that must be made, but the authors tell us, that they are not opposite ends of a continuum, but different and both useful views on how to manage safety practices.

So why move from one to the other? In modern organizations with complex systems, Safety I doesn’t fit well. As the authors tell us:

“Safety I theory does not account for the technical, social and political complexity of organizations in the variability of the work of practitioners in the field”

There is always a gap between work as imagined, as contained in things like documentation, prescribed procedure, or management behavior and work as it is actually done at the frontline. Our systems still work though, because of the people at the sharp end adapting and making it work.

Continuing with the Safety I view in the face of that, only exacerbates the problem, making the safety professional more reactive. Also, when required to generalize and ignore the variation and adaptation in individual teams and practice, the safety person becomes less effective, only able to give un-actionable, vague guidelines.

Safety II

The authors acknowledge that “guided adaptability” is not a new idea but wish to clarify:

“safety comes neither from preventing or encouraging variation, but from recognizing that variation is inevitable. The goal of safety management is to facilitate safe variation.”

People are the only part of the system that can fill those gaps that occur between the work as imagined and the work as done. From a Safety II perspective, plans and requirements are always going to be flawed. As, Richard Cook highlights in How Complex Systems Fail and the authors remind us here, all our systems operate in degraded modes. It is the people that adapt to make the system work in the face of challenges and resource scarcities.

To pressure those doing the work at the front line to instead perform according to some already incorrect and outdated plan, the organization can instead to choose to create an environment where the adaptations are guided in a constructive way. The safety professional can learn what adaptations to encourage and which to help find alternatives for.

Looking at the role of a safety professional through the lens of Safety II, the things they actually do include:

  • Helping to build and increase capacities to respond
    • This may be accomplished by resisting and helping other teams to resist production pressures or persuading management to relax them.
  • Exploring and understanding everyday work of frontline teams.
    • This is where the safety professional can work with a team, not to judge them or rate their compliance, but as a learner who is looking to understand what adaptations are present on the frontline that exist between work as imagined and as work as done.
  • Guiding adaptations by supporting teams at the sharp end in making their own processes and helping to redistribute resources as needed.
  • Knowing and understanding which adaptations to encourage, and which ones to help suppress or find alternatives for.
  • Helping to generate potential future scenarios that can be used to help asses risk and create foresight.
  • Helping to facilitate learning, not just from incidents, but from successes as well.

This is not an exhaustive list of course, but I think most of us can see some part of our current role in a team or organization where we can begin to apply these practices. Though it can seem easy to compare and contrast the views, the shift itself is by no means easy. Many of these will require the backing of upper management to be effective, they may require that we learn new skills, and almost certainly new ways of working, but that is much better than simply remaining with a single view of work that doesn’t fit the systems that we interact with and care for.

Takeaways

  • Safety I and Safety II are not opposites, they are different and useful views of how to manage safety practice.
  • Safety II is built on top of, and extends Safety I
  • Safety I doesn’t take into account the complexities of modern systems or organizations.
  • The Safety II view acknowledges that variation is inevitable and focuses on how to facilitate safe variation in work.
  • Adaptation to pressures of centralized control in Safety I make the safety professional more reactive and unable to give concrete, actionable advice.
  • A safety professional can learn what adaptations are helpful and encourage them while working to find alternatives for those that are harmful.
  • This is not an easy transition, and can take a lot of work across the organization and for the individual safety professionals themselves.
← Four concepts for resilience and the implications for the future of resilience engineering
Vigilance Latencies to Aircraft Detection among NORAD Surveillance Operators →

Subscribe to Resilience Roundup

Subscribe to the newsletter.