9.1 Introduction

Resilience Engineering is becoming a widely-recognized safety management paradigm in modern safety science. One of its essential purposes is to propose an alternative, complementary approach to safety, one that acknowledges the importance of variability, decentralized control and the complex and emergent phenomena that result from systemic interactions. However, descriptions of new safety management tools or suggestions for modifying the existing tools on the basis of the principles of the Resilience Engineering paradigm are rare. In recent systematic reviews of Resilience Engineering literature, it was found that the development of practical tools have received little attention [1, 2], and in studies where Resilience Engineering has been utilized for devising or modifying safety management tools, the focus has predominantly been on measuring resilience (with a few exceptions of studies that concern training for resilience capabilities) rather than creating or maintaining it [2]. In order for Resilience Engineering to gain ground among the safety professionals working in safety-critical industries, more concrete clarifications of how Resilience Engineering can be applied in the daily work of a safety professional are needed. In this chapter we examine three commonly used safety management tools from the Resilience Engineering perspective to understand how they can be utilized for enhancing resilience in safety-critical organizations.

9.2 Adaptive Safety Management

Resilience Engineering and the so called Safety-II perspective emphasize that system safety is an emergent property of the system and should be seen as the system’s ability to succeed under varying conditions [3, 4]. In order to succeed, the organization requires adaptive capacity in addition to standard operating procedures. Organizations need to be able to respond to both expected and unexpected disruptions. They need to change and remain stable at the same time. As a consequence, management of a complex safety-critical organization is an inherently contradictory activity. It requires balancing between various tensions, competing demands and irresolvable dichotomies that can never be completely solved [5]. Sometimes the tools that are used to solve one type of problem can have unintended effects on the system, and even generate other, different kind of problems. At the same time, the heterogeneity of tools can in fact be a necessity for safe activities: for instance, sufficient variety is required (e.g., in terms of interpretations) to regulate the safety-critical activities or facilitate learning [6, 7].

Thus, the Resilience Engineering paradigm implies that different, even opposing tools are needed for managing safety. To be able to proactively manage the development activities of an organization, a model is needed to guide the selection and use of the development tools and methods. We utilize the revised model of adaptive safety management [8] originally developed by Reiman et al. [5].

Fig. 9.1
figure 1

adapted from [5, 8]

Model of adaptive safety management,

In the model of adaptive management we have included three tensions Fig. 9.1. The selection of tensions is based on the assumptions that a complex sociotechnical system is multilevel (i.e., involves upper and lower systemic levels), has the ability (and tendency) to self-organize and involves interactions between multiple agents [5]. The first tension, levels of system goals, addresses the questions “why” and “what”, and stems from the multilevel nature of the system. This tension also involves the idea of temporality, namely that system goals are longer-term, and local goals are shorter-term. The second and third tensions represent safety management strategies that aim to manage the self-organization and the interactions between actors. They address the questions of “control” (second tension) and “power” (third tension). Each tension is characterized by contradicting safety management principles (the boxes in Fig. 9.1). In order for safety management to be functional in a sustainable manner, it must be in a state of “dynamic equilibrium”: it should have the capability to utilize all of the principles, regardless of whether they are at odds with each other. This means that the safety management tools, and the way in which they are utilized by the safety professionals, should also be sufficiently diverse in order to cover the whole spectrum of the model.

9.3 Evaluation Checklist

The model of adaptive safety management can be utilized for analyzing and selecting practical tools for management of safety from a Resilience Engineering perspective. We demonstrate the use of the model by describing an evaluation checklist and use it to analyze a selection of well-known, traditional safety management tools. The checklist is intended to be used by safety professionals and can be used as a starting point when an organization develops an improvement program or evaluates the effectiveness of its current safety management tools. The purpose of the checklist is to find out whether a given safety management tool supports or hinders the fulfilment of the principles of adaptive safety management and under what condition. The detailed description of each of the adaptive management principles, along with the checklist of questions are described below.

System goals principle refers to shared core tasks of the organization as well as its identity, and how the company sees itself. They are the shared guiding principles according to which decisions should be made, thus steering general adaptive capacity.

Is the tool in line with company strategy, company objectives and top management expectations?

Does the tool help communicate or internalize the organizations shared core task?

Local goals principle refers to the need to pay attention to acute and local issues in the organization. This includes solving specific problems related to subsystems and their functioning. Often solving the local issues does not immediately contribute to system goals, but without solving the local issues, time and resources cannot adequately be devoted to the system goals either.

Does the tool help employees in their daily problems and operational difficulties?

Does the tool help employees to solve acute safety issues?

Collaborate principle refers to facilitating interaction and connections between members of the organization. Connections and interaction between employees at all levels, both horizontally and vertically, are needed in order to guarantee organizational cohesiveness, communication and enough structure for the system to act in a coherent manner and to organize in a decentralized manner when needed. By creating connections between the various actors in the organization, the system also gains situational adaptive capacity due to the possibility of sharing task related information or helping others in their tasks.

Does the tool help employees participate in decision-making processes or design of their own work or the tools they use in their work?

Does the tool create opportunities for discussion between managers and employees?

Does the tool create or serve as an arena of interaction between organizational members?

Command principle refers to setting objectives and prioritizing. Leaders need to select areas where they will focus their effort and to emphasize some connections and some persons over others, depending on their potential contribution to organizational goals. Generally this means that not everyone’s wishes can be fulfilled and not everything can be a priority at the same time. In this role, the manager decides what is important and what is not important for the organization.

Does the tool help top management prioritize safety initiatives?

Does the tool give decision-making authority to selected safety professionals or management representatives?

Encourage principle refers to creating capability for situational responses and ability to self-organize activities, structures and mind-sets based on the current or anticipated situational requirements. Encourage also aims to create general adaptive capacity to the organization and requires a reluctance to simplify and an ambition to break up typical categorizations. This means increasing the variance in the system instead of categorizing and (supposedly) decreasing the potential sources of variance, it means giving the organization options for action, cf. [9, 10].

Does the tool facilitate novelty or bring new insights?

Does the tool give permission and preconditions for the personnel to develop and adjust their own rules, roles, and practices?

Does the tool help diversify thinking or doing?

Does the tool facilitate the development of general competences?

Constrain principle refers to striving for clear system boundaries and standardized performance within these boundaries. Roles and responsibilities are a key feature enabling the coordination of activities. For effective coordination, it is important that the expectations concerning working practices are as clear as possible. This requires certain shared decision-making principles that can be embedded in the operating procedures. By creating standard responses the system gains specific adaptive capacity for predefined events and generic capacity due to optimizing of resource use. Organizations also need to set barriers against typical human errors and violations. Constraining can also be ideological, for example if a particular management philosophy is selected and taken as a granted approach to all issues that the organization faces. This makes employee behavior more predictable.

Does the tool use normative, predetermined criteria for performance?

Does the tool set boundary conditions or limits on operations?

Does the tool seek to standardize thinking or doing?

Finally, the following, more general topics are evaluated:

How is the effect of the tool dependent on the ways the organization manages a) system goals – local goals, b) constrain – encourage, c) command – collaborate?

How is the effect of the tool dependent on the way it is implemented?

9.4 Discovering the Adaptive Potential of Safety Management Tools

We selected three well-known safety management tools, safety audits, classroom safety training and reporting systems, to demonstrate how the checklist can be used in practice. The tools were chosen due to the author’s previous experience with conducting safety audits [11] and implementing a safety concerns reporting system in the nuclear industry, and carrying out various types of safety training.

Safety auditing is a popular method for evaluating the extent to which a set of predetermined requirements is met. Because of this, they naturally tend to constrain rather than encourage and command rather than collaborate. In principle they can be used to encourage adaptive capacities and self-organizing, if these are taken as criteria when defining the requirements against which performance is audited. Due to the focus on requirements, audits can lead the organization to focus on local goals, that is, those requirements that the audit identifies as not conforming to expectations. There can also be a tendency to later lose interest when the non-conformity is closed, further decreasing the focus on system goals.

Classroom safety trainings are a commonly used method for safety improvement. For instance, they can develop safety-related awareness, behavior or attitudes [12,13,14]. Trainings can be targeted at any level of the organization, from shop-floor to top management. Safety trainings typically highlight the importance of safety as a shared value and an organizational priority (system goals). However, the abstract nature of classroom training may hinder the usefulness of the trainings in real work situations.

Various types of reporting systems are utilized for collecting information from the employees. Management uses the feedback received via reporting systems to identify organizational problems and help individuals and teams learn from these mistakes in order to perform better in the future. The usefulness of reporting system is dependent on many conditions, for example, whether the personnel trust that the reports are handled in a just manner, and whether the personnel actually is able to observe issues worth reporting.

Table 9.1 summarizes the various influences these tools exhibit when they are examined in light of the model presented in Fig. 9.1 and the questions listed above.

Table 9.1 The influences of safety auditing, classroom safety training, and reporting on the principles

9.5 Conclusions

This chapter introduced a checklist that can be used in analyzing the influence of safety management tools on resilience. The chapter argued that in management of complex safety-critical systems, several opposing safety management principles need to be taken into account. The question arises, can we, and should we develop tools that contribute equally to all opposing principles? Or should we instead try to optimize the contribution of a selected tool to one principle and seek to remove or control its effects on the other principles? There are probably no clear answers to these questions. It seems, however, that the commonly-used safety management tools have a couple of principles they primarily focus on. This may be due to their historical development in parallel to the models of safety (from technical, human error, organizational factors to resilience). It is important for safety professionals to be aware of how the tools that they use can affect the properties of the system they are trying to manage. The checklist presented in this chapter may help in identifying those effects. Selection and use of safety management tools always includes trade-offs and choices.

For improving resilience, this chapter highlights two points: first, the traditional safety management tools focus heavily on command and constrain, but they do have an influence on the system’s general adaptive capacity by either intentionally encouraging it, or unintentionally by hindering it via indirect effects. Second, it is possible to develop tools that modify, maintain or monitor the adaptive capacity of the organization. This can be done by creating a completely new one such as the Functional Resonance Analysis Model [15], but also by modifying an existing tool. Thus, the Resilience Engineering approach to safety management requires not just developing new tools, but rather understanding the influence of current tools and building on the strengths (and weaknesses) of those tools.