Tag Archives: Safety

Safety-I + Safety-II

At a July 03 hosted conference Dave Snowden and Erik Hollnagel shared their thoughts about safety. Dave’s retrospects of their meeting are captured in his blog posting. Over the next few blogs I’ll be adding my reflections as a co-developer of Cognitive-Edge’s Creating and Leading a Resilient Safety Culture course.

Erik introduced Safety-II to the audience, a concept based on an understanding of what work actually is, rather than what it is imagined to be. It involves placing more focus on the everyday events when things go right rather than on errors, incidents, accidents when things go wrong. Today’s dominating safety paradigm is based on the “Theory of Error”. While Safety-I thinking has advanced safety tremendously, its effectiveness is waning and is now on the downside of the S-curve. Erik’s message is that we need to escape and move to a different view based on the “Theory of Action”.

Erik isn’t alone. Sidney Dekker’s latest presentation on the history of safety reinforces how little safety thinking has changed and how we are plateauing. Current programs such as Hearts & Minds continue to assume people have physical, mental, and moral shortcomings as was done way back in the early 1900s.

Dave spoke about Resilience and why the is critical as its the outliers where you find threat and opportunity. In our CE safety course, we refer to the Safety-I events that help prevent things from going wrong as Robustness. This isn’t an Either/Or situation but a Both/And. You need both Robustness + Resilience.

As a young electrical utility engineer, the creator of work-as-imagined, I really wanted feedback but struggled obtaining it. It wasn’t until I developed a rapport with the workers was I able to close the feedback loop to make me a better designer. Looking back I realize how fortunate I was since the crews were in proximity and exchanges were eye-to-eye.

During these debriefs I probably learned more from the “work-as-done” stories. I was told changes were necessary due to something that I had initially missed or overlooked. But more often it was due to an unforeseen situation in the field such as a sudden shift in weather or unexpected interference from other workers at the job site. Crews would make multiple small adjustments to accommodate varying conditions without fuss, bother, and okay, the occasional swear word.

I didn’t know it then but I know now: these were adjustments one learns to anticipate in a complex adaptive system. It was also experiencing Safety-II and Resilience in action in the form of narratives (aka stories).

A pathetic safety ritual endlessly recycled

Dave Johnson is Associate Publisher and Chief Editor of ISHN, a monthly trade publication targeting key safety, health and industrial hygiene buying influencers at manufacturing facilities of all sizes.  In his July 09 blog (reprinted below), he laments how the C-suite continues to take a reactive rather than proactive approach to safety. Here’s a reposting of my comments.

Let’s help the CEOs change the pathetic ritual

Dave: Your last paragraph says it all. We need to change the ritual. The question is not why or what, but how. One way is to threaten CEOs with huge personal fines or jail time. For instance, in New Zealand a new Health and Safety at Work Act is anticipated to be passed in 2014. The new law will frame duties around a “person conducting a business or undertaking” or “PCBU”. The Bill as currently drafted does not neatly define “PCBU” but the concept would appear to cover employers, principals, directors, even suppliers; that is, people at the top. A tiered penalty regime under the new Act could see a maximum penalty of $3 million for a body corporate and $600,000 and/or 5 years’ imprisonment for an individual. Thrown into jail due to unsafe behaviour by a contractor’s new employee whom you’ve never met would certainly get your attention.

But we know the pattern: Initially CEOs will order more compliance training, inspections, more safety rules. Checkers will be checking checkers. After a few months of no injuries, everyone will relax and as Sidney Dekker cautioned, complacency will set in and the organization will drift to failure. Another way is to provide CEOs with early detection tools with real-time capability. Too often we read comments in an accident report like “I felt something ominous was about to happen” or “I told them but nobody seemed to listen.”

CEOs need to be one of the first, not the last, to hear about a potential hazard identified but not being addressed. We now have the technology to allow an organization to collect stories from the front line and immediately convert them to data points which can be visually displayed. Let’s give CEOs and higher-ups the ability to walk the talk. In addition, we apply a complexity-based approach where traditional RCA investigative methods are limited. Specifically, we need to go “below the water line” when dealing with safety culture issues to understand the why rituals persist. 

Gary Wong
July 16, 2014

G.M.’s CEO is the latest executive to see the light

By Dave Johnson July 9, 2014

Wednesday, June 11, 2014, at the bottom right-hand corner of the section “Business Day” in The New York Times, is a boxed photograph of General Motors’ chief executive Mary T. Barra. The headline: “G.M. Chief Pledges A Commitment to Safety.”

Nothing against Ms. Barra. I’m sure she is sincere and determined in making her pledge. But I just shook my head when I saw this little “sidebar” box and the headline. Once again, we are treated to a CEO committing to safety after disaster strikes, innocent people are killed (so far G.M. has tied 13 deaths and 54 accidents to the defective ignition switch), and a corporation’s reputation is dragged through the media mud. The caption of Ms. Barra’s pic says it all: “…Mary T. Barra told shareholders that the company was making major changes after an investigation of its recall of defective small cars.”

Why do the commitments, the pledges and the changes come down from on high almost invariably after the fact?

You can talk all you want about the need to be proactive about safety, and safety experts have done just that for 20 or 30 or more years. Where has it gotten us, or more precisely, what impact has it had on the corporate world?

Talk all you want
Talk all you want about senior leaders of corporations needing to take an active leadership role in safety. Again, safety experts have lectured and written articles and books about safety leadership for decades. Sorry, but I can’t conjure the picture of most execs reading safety periodical articles and books. I know top organization leaders have stressful jobs with all sorts of pressures and competing demands. But I have a hard time picturing a CEO carving out reading time for a safety book in the evening. Indeed a few exist; former Alcoa CEO Paul O’Neill is the shining example. But they are the exceptions that prove the rule. The National Safety Council’s Campbell Institute of world class safety organizations and CEOs who “get it” are the exceptions, too, I’d assert.

And what is the rule? As a rule, proven again and again ad nauseam, top leaders of large corporations only really get into safety when they’re forced into a reactive mode. For the sake of share price and investor confidence, they speak out to clean up a reputational mess brought about by a widely publicized safety tragedy. Two space shuttles explode. Refineries blow up. Mines cave in. The incident doesn’t have to involve multiple fatalities and damning press coverage. I’ve talked with and listen to more than one plant manager or senior organization leader forced to make that terrible phone call to the family of a worker killed on the job, and who attended the funeral. The same declaration is stressed time and again: “Never again. Never again am I going to be put in the position of going through that emotional trauma. Business school never prepared me for that.”

“In her speech to shareholders, Ms. Barra apologized again to accident victims and their families, and vowed to improve the company’s commitment to safety,” reported The New York Times. “Nothing is more important than the safety of our customers,” she said. “Absolutely nothing.”

Oh really? What about the safety of G.M.’s workers? Oh yes, it’s customers who drive sales and profits, not line workers. This is cold business reality. Who did G.M.’s CEO want to get her safety message across to? She spoke at G.M.’s annual shareholder meeting in Detroit. Shareholders’ confidence needed shoring up. So you have the tough talk, the very infrequent public talk, about safety.

Preaching to the choir
I’ve just returned from the American Society of Safety Engineers annual professional development conference in Orlando. There was a raft of talks on safety leadership, what senior leaders can and should do to get actively involved in safety. There were presentations on the competitive edge safety can give companies. If an operation is run safely, there are fewer absences, better morale, good teamwork, workers watching out for each other, cohesiveness, strong productivity and quality and brand reputations. The classic counter-argument to the business case was also made: safety is an ethical and moral imperative, pure and simple.

But who’s listening to this sound advice and so-called thought leadership? As NIOSH Director Dr. John Howard pointed out in his talk, the ASSE audience, as with any safety conference audience, consists of the true believers who need no convincing. How many MBAs are in the audience?

Too often the moral high ground is swamped by the short-term, quarter-by-quarter financials that CEOs live or die by. Chalk it up to human nature, perhaps. Superior safety performance, as BST’s CEO Colin Duncan said at ASSE, results in nil outcomes. Nothing happens. CEOs are not educated to give thought and energy to outcomes that amount to nothing. So safety is invisible on corner office radar screens until a shock outcome does surface. Then come the regrets, the “if only I had known,” the internal investigation, the blunt, critical findings, the mea culpas, the “never again,” the pledge, the commitment, the vow, the tough talk.

There’s that saying, “Those who do not learn from history are bound to repeat it.” Sadly, and to me infuriatingly, a long history of safety tragedies has not proven to be much of a learning experience for many corporate leaders. “Ah, that won’t happen to us. Our (injury) numbers are far above average.” Still, you won’t have to wait long for the next safety apology to come out of mahogany row. It’s a pathetic ritual endlessly recycled.


Asiana Flight 214 followup

The following excerpts are from Wikipedia regarding Flight 214. What they do is reinforce the paradigm that the Aviation industry is a complex adaptive system (CAS) with many agents like the NTSB and ALPA who interact with each other. The imposed fine of $500K reconfirms the need to Act when in the Chaotic domain but more importantly, Sense and Respond to the needs of all people impacted by communicating your actions clearly and quickly.

“Shortly after the accident, the National Transportation Safety Board (NTSB) used Twitter and YouTube to inform the public about the investigation and quickly publish quotes from press conferences. NTSB first tweeted about Asiana 214 less than one hour after the crash. One hour after that, the NTSB announced via Twitter that officials would hold a press conference at Reagan Airport Hangar 6 before departing for San Francisco. Less than 12 hours after the crash, the NTSB released a photo showing investigators conducting their first site assessment.

Air Line Pilots Association

On July 9, 2013, the Air Line Pilots Association (ALPA) criticized the NTSB for releasing “incomplete, out-of-context information” that gave the impression that pilot error was entirely to blame.

NTSB Chairman Hersman responded: “The information we’re providing is consistent with our procedures and processes … One of the hallmarks of the NTSB is our transparency.  We work for the traveling public. There are a lot of organizations and groups that have advocates. We are the advocate for the traveling public. We believe it’s important to show our work and tell people what we are doing.”  Answering ALPA’s criticism, NTSB spokeswoman Kelly Nantel also said the agency routinely provided factual updates during investigations. “For the public to have confidence in the investigative process, transparency and accuracy are critical,” Nantel said.

On July 11, 2013, in a follow-up press release without criticizing the NTSB, ALPA gave a general warning against speculation.


On February 25, 2014 the U.S. Department of Transportation (DOT) fined Asiana Airlines US$500,000 for failing to keep victims and family of victims updated on the crash.”


When a disaster happens, will it be fast recovery or swarming?

Last month’s blog was about Act in the Cynefin Framework’s Chaotic domain.  Be aware you cannot remain in the Chaotic domain as long as you want. If you are not proactively trying to get out it, somebody or something else will be taking action as Asiana Airlines learned.

How you decide to Sense and Respond? We can show 2 proactive strategies:

Resilience as Cynefin DynamicsStrategy A is a fast recovery back to the Ordered side. It assumes you know what went wrong and have a solution documented in a disaster plan ready to be executed.

If it’s not clearly understand what caused the problem and/or you don’t have a ready-made solution in place,  then Strategy B is preferred. This is a “swarming” strategy perfected by Mother Nature’s little creatures, in particular, ants.

AntsIf the path to a food supply is unexpectedly blocked, ants don’t stop working and convene a meeting like humans do. There are no boss ants that command and control. Individual ants are empowered to immediately start probing to find a new path to the food target. Not just one ant, but many participate. Once a new path is found, communication is quickly passed along and a new route is established.

This is Resilience – the ability to bounce back after taking a hit. 

When a disaster happens, how fast do you act?

In the Cynefin framework, we place unexpected negative events into the Chaotic domain. The solution methodology is to Act-Sense-Respond. When a disaster produces personal injuries and fatalities, Act is about initially rendering the situation as safe as possible and stabilizing conditions to prevent additional life-threatening events from occurring.

Whenever a disaster happens, we go into “damage control” mode. We think were in control because we determine what information will be released, when and by whom. Distributing information to the right channels is a key action under Act. We try our best to limit the damage not only to our people and equipment but to our brand, reputation, and credibility. In other terms, we attempt to protect our level of trust with customers/clients, media, general public.

In the latter stages of the 20th century, breakthroughs in information technology meant we had to learn how to quickly communicate because news traveled really fast. In today’s 21st century, news can spread even faster, wider, and cheaper by anyone who can tweet, upload a Facebook or Google+ photo, blog, etc. The damage control window has literally shrunk from hours to minutes to seconds.

This month we sadly experienced a tragedy at SFO when Asian Airlines flight 214 crashed. I recently reviewed slides produced by SimpliFlying, an aviation consultancy focused on crisis management. Their 2013 July 06 timeline of events is mind boggling:

11:27am: Plane makes impact at SFO
11.28am: First photo from a Google employee boarding another flight hits Twitter (within 30 secs!)
11.30am: Emergency slides deployed
11.45am: First photo from a passenger posted on Path, Facebook and Twitter
11.56am: Norwegian journalists asks for permission to use photo from first posters. Tons of other requests follow
1.20pm: Boeing issues statement via Twitter
2.04pm: SFO Fire Department speaks to the press
3.00pm: NTSB holds press conference, and keeps updating Twitter with photos
3.39pm: Asiana Airlines statement released
3.40pm: White House releases statement
8.43pm: First Asiana Press release (6.43am Korea time)

Although Asiana Airlines first Facebook update was welcomed, they did not provide regular updates and didn’t bother replying to tweets. Bottom line was their stock price and brand took huge hits. Essentially they were ill prepared to Act properly.

“In the age of the connected traveller, airlines do not have 20 minutes, but rather 20 seconds to respond to a crisis situation. Asiana Airlines clearly was not ready for this situation that ensued online. But each airline and airport needs to build social media into its standard operating procedures for crises management.”

If you encounter a disaster, how fast are you able to act? Does your emergency restoration plan include social media channels? Do you need to rewrite your Business Disaster Recovery SOPs?

If you choose to revisit or rewrite, what paradigm will you be in? If it’s Systems Thinking, your view is to control information. Have little regard for what others say and only release information when you are ready. Like Asiana Airlines.  If you’re in the Complexity & Sense-Making paradigm, you realize you cannot control but only can influence. You join and participate in the connected network that’s already fast at work commenting on your disaster.

That’s Act. How you decide to Sense and Respond will be subsequently covered.