Reference Systems and Reasonably Practicable
Andy Petrie
Helping businesses ‘cut the BS’ and implement value for money processes for system-safety assurance.
I have just published a series of three articles on the use of Relevant Standards as Good Practice when determining what is Reasonably Practicable.?
In the first of those articles, I mentioned that as well as Relevant Standards, Suitable Reference Systems can also be used as Good Practice.? I thought it would be useful to write a follow-on article explaining the use of Reference Systems in more detail as they’re often misunderstood.
The Reference System approach is often seen as the poor cousin in Risk Analysis, but once you understand it, you will appreciate that it is actually a very common approach, however it is also the easiest one to get wrong if used in appropriately.
One point to note with the Reference System approach is that while it is still relevant to Risk Analysis in the Design stage, it is most commonly used when selecting products for the Supply and Install stages of the delivery lifecycle.
Good Practice as a means of achieving Reasonably Practicable
I explained how the use of Good Practice can satisfy the legal test of Reasonably Practicable in this article so I won’t repeat that here, but I would recommend that you read that one first.
In this article I make a point of Capitalising the term Reasonably Practicable and when I do this, I am referring to the defined Legal Term (a.k.a. the Legal Test) that would be applied under Common Law.
ALARP and SFAIRP are the same and both refer to the same Legal Term of Reasonably Practicable.? If you think they are different then please watch this Video I made for a more detailed explanation.
When considering Reasonably Practicable in the context of Relevant Good Practice, the determination is generally made by a comparison with other organisations that have the same operations and the same risks (I call these Industry Peers) and who are controlling that risk in a way that is considered Relevant Good Practice.
Pre-Approved Reference Systems
The more common approach when considering Reference Systems, is through the use of pre-approved products, designs, or applications.? ??These can be organisational specific approvals or general industry accepted approaches.
Many organisations, particularly in the Railways, have a library of pre-approved products or designs that can be used, without having to undergo a `bespoke safety approval on each occasion.? The typical ones are:
Type Approved Products
Most Rail Infrastructure Managers (RIMs) would have a list of products that they have already deemed as safe and reliable, and which can be used widely across the network without additional safety justification by the designers and/or installers (i.e. Good Practice).? These are known as Type Approved Products, the word ‘type’ referring to the specific make, model, and version of the product. The Type Approval will usually come with an information sheet describing the product configuration and any specific conditions applied upon its use.
The party selecting the Products must ensure that they are using the specific configuration and that they are meeting any conditions of use.
Standard Drawings / Layouts
Some RIMs and other client organisations may have standard designs or layouts that they provide to their suppliers.? Typical examples include standard designs for track turnouts, or designs for bridge structures.?
The RIM has already accepted the basic design as safe and Good Practice, the supplier would only have to provide assurance for any changes, modifications, etc.
Industry Certifications
There are many industry-led certification schemes out there, or standards that the wider industry applies to.? These would generally be applied to products and have some form of recognised certification scheme.?
A typical example of this is the Ingress Protection (IP) rating process, where products or components are given a rating on their ability to resist dust and water.? This is done in accordance with IEC60529 / AS60529 and a quality control process is followed to provide an IP certification for the product.
When we select one of these products, we don’t need to go through first principles to seek the safety assurance that it is fit for purpose, we accept the certification rating.
Commercial Off The Shelf
Another widely used reference system approach is referred to as a Commercial Off The Shelf (COTS) product.? These products can be bought from general suppliers and are widely used in industry.? Provided that we are using them in accordance with the user manual, then we can accept that they are safe and represent Good Practice.?
COTS and SIL Ratings
Some COTS products may be described with a Safety Integrity Rating (SIL) i.e. a SIL 2 product.? This is an incorrect usage of the term SIL as that applies to the software related functionality of a system.? What this would mean in practice is that the component is of a very high reliability such that it could form part of a SIL rated system.
Cross Acceptance
Similar in approach to a pre-approved product is Cross Acceptance.? This is where a product or design has been approved in another, but similar, jurisdiction.? The process of Cross Acceptance reviews the safety argument and/or any applicable constraints or conditions to determine if they are applicable to the new environment.
领英推荐
Product Cross Acceptance
This is essentially a variation to the Type Approved Product approach, where the responsible organisation may choose to accept a Type Approval from a third-party organisation.? A responsible SME would typically review the operating approach, operating environment, etc., to determine if it is suitable to be cross accepted, whether any validation tests may be required, or any conditions applied.? Once it has been accepted, it becomes a de-facto TAP for the new operator.
Generic Application Safety Cases
When dealing with complex safety critical technology there is usually an existing safety case for the product which has been approved for use elsewhere.? This is called the Generic Application Safety Case (GASC) and is for the product itself.?
This would usually be supported by a Specific Application Safety Case (SASC), which considers the use of the Generic Product in the new application.? The GASC would be considered a reference system but would be supported in some cases by a SASC which would need to undergo an appropriate review and approval process using the user’s proper processes.
Bespoke Approach
The bespoke approach is the more difficult as is requires some form of argument to be made as to why a reference system maybe directly relevant to the risks under consideration.?
Two common arguments would be that an approach has been used on another railway and those circumstances are relevant to the ones under consideration.?
Another approach is that a solution used in a non-rail environment may be applicable to a railway context.? This would typically be in relation to a station or pedestrian area, rather than a trackside application.
The argument would need to be supported by an appropriate SME who understood the risk and the assets or operations under consideration.
Finding the sweet spot
Where I have seen reference systems used to the best effect over my career is when an existing asset is being re-purposed or upgraded to adapt to a change in the risk profile.? In these cases, it may not be reasonable to update the asset to modern standards, and at the same time it is not reasonable to just leave it in its original state.?
There’s a sweet spot that can generally be found, whereby an assessment of comparable systems along with consideration of potential controls can be used to identify the optimum outcome.? This is a bit of a mix between an explicit risk assessment approach and a good practice argument, where both are considered to find the reasonable thing to do.
Word of caution
While the bespoke reference system approach to identifying Good Practice can be useful, it can also be misused.? This generally happens when someone tries to use a bespoke argument incorrectly.
The most common misunderstanding is failing to understand that Good Practice evolves over time.? Referring to a specific risk control on an existing railway as a reference system may apply if the comparable system is modern and follows similar standards.? But referring a means of controlling a risk on a railway that is 20 years old may not pass the test as standards, technology, and ways of working would have evolved since then.?
The risk analysis must ensure that appropriate SMEs are involved in the process.
Summary
The ‘Reference System’ approach to Good Practice is often misunderstood, but as you can see from the examples above it is actually very widely used, especially when specifying, selecting, and procuring products or components.?
When developing a design, there may be the opportunity to use a standard design that has been provided by the client as an already assured baseline, and then focus on the changes only.
Where this is not an option then undertaking a hazard identification and risk analysis process may identify opportunities to use a bespoke approach to a reference system as Good Practice, provided you can establish that it is current and relevant.
In the latter stages of the design when products are being selected or during the procurement process when they are being supplied, them the reference system approach forms the core of the safety assurance process.
Although I have focussed on design and supply of assets, a similar approach could be used for operational procedures or maintenance practices.
Takeaways
When considering what is Reasonably Practicable for a hazard, the safety analysis should apply the Risk Assessment Principles in the correct order.
#ARCHArtifex #ARCHSESA #SFAIRP #ALARP #ASSURANCE
Director at Systems and Consultancy Services Limited
1 周I used to have this argument a lot, “engineer/lead: we’ve followed the standards, therefore we are safe and ALARP” my response was always the same, no you’ve done the bare minimum, just because you followed a standard doesn’t make it implicitly ALARP, you need to demonstrate that you are ALARP!