Planning and implementing safety management systems

This thesis describes a study of the content and applicability of BS8800:1996 Guide to occupational health and safety management systems. The research is presented chronologically, with literature review and content analysis of SMS related guides and standards interwoven with two elements of qualitative empirical work. The first of these was carried out shortly after publication of BS8800 in 1996, a 'before-the-event' investigation of how organisations were intending to approach SMS implementation. The challenges faced by these organisations are reviewed against standard management theory, suggesting that the initial motivation for SMS implementation governs the approach organisations will adopt to guidance such as BS8800. The second phase of empirical work was undertaken in the context of OHSAS 18001, an auditable protocol based on BS8800, which allows organisations to certify their safety management systems. A discussion of the evolution of certifiable safety management system is presented, highlighting the similarities and differences between this, BS8800, SMS and wider management system standards. A case study then reviews the experiences of a catering company that implemented 18001, motivated by the opportunity for certification as a business benefit. The empirical work is used to comment on the guidance provided by BS8800, within its evolved role as guidance organisations may use for implementation of a SMS to be certified according to the specifications of OHSAS 18001. It is suggested that optimal implementation is facilitated by initial status review, continual improvement and the use of annexes, where there are used to make changes to the existing safety management system. This thesis concludes with a discussion of these elements, highlighting pertinent areas within BS8800 where revision or amendment may be appropriate.

The Evaluation of health and safety auditing systems

The specific objective of the research was to evaluate proprietary audit systems. Proprietary audit systems comprise question sets containing approximately 500 questions dealing with selected aspects of health and safety management. Each question is allotted a number of points and an organisation seeks to judge its health and safety performance by the overall score achieved in the audit. Initially it was considered that the evaluation method might involve comparing the proprietary audit scores with other methods of measuring safety performance. However, what appeared to be missing in the first instance was information that organisations could use to compare the contrast question set content against their own needs. A technique was developed using the computer database FileMaker Pro. This enables questions in an audit to be sorted into categories using a process of searching for key words. Questions that are not categorised by word searching can be identified and sorted manually. The process can be completed in 2-3 hours which is considerably faster than manual categorisation of questions which typically takes about 10 days. The technique was used to compare and contrast three proprietary audits: ISRS, CHASE and QSA. Differences and similarities between these audits were successfully identified. It was concluded that in general proprietary audits need to focus to a greater extent on identifying strengths and weaknesses in occupational health and safety management systems. To do this requires the inclusion of more probing questions which consider whether risk control measures are likely to be successful.

The evolution and design of safety management systems

Research in safety management has been inhibited by lack of consensus as to the definitions of the terms with which it is concerned and, in general, the lack of an agreed theoretical framework within which to collate and contrast empirical findings. This thesis sets out definitions of key terms (hazard, risk, accident, incident and safety) and provides a theoretical framework. This framework has been informed by many sources but especially the Management Oversight and Risk Tree (MORT), cybernetics and the Viable System Model (VSM). Fieldwork designs are proposed for the empirical development of an analytical framework and its use to assist study of the development of safety management in organisations.

The development of hard real-time systems using a formal approach

Hard real-time systems are a class of computer control systems that must react to demands of their environment by providing `correct' and timely responses. Since these systems are increasingly being used in systems with safety implications, it is crucial that they are designed and developed to operate in a correct manner. This thesis is concerned with developing formal techniques that allow the specification, verification and design of hard real-time systems. Formal techniques for hard real-time systems must be capable of capturing the system's functional and performance requirements, and previous work has proposed a number of techniques which range from the mathematically intensive to those with some mathematical content. This thesis develops formal techniques that contain both an informal and a formal component because it is considered that the informality provides ease of understanding and the formality allows precise specification and verification. Specifically, the combination of Petri nets and temporal logic is considered for the specification and verification of hard real-time systems. Approaches that combine Petri nets and temporal logic by allowing a consistent translation between each formalism are examined. Previously, such techniques have been applied to the formal analysis of concurrent systems. This thesis adapts these techniques for use in the modelling, design and formal analysis of hard real-time systems. The techniques are applied to the problem of specifying a controller for a high-speed manufacturing system. It is shown that they can be used to prove liveness and safety properties, including qualitative aspects of system performance. The problem of verifying quantitative real-time properties is addressed by developing a further technique which combines the formalisms of timed Petri nets and real-time temporal logic. A unifying feature of these techniques is the common temporal description of the Petri net. A common problem with Petri net based techniques is the complexity problems associated with generating the reachability graph. This thesis addresses this problem by using concurrency sets to generate a partial reachability graph pertaining to a particular state. These sets also allows each state to be checked for the presence of inconsistencies and hazards. The problem of designing a controller for the high-speed manufacturing system is also considered. The approach adopted mvolves the use of a model-based controller: This type of controller uses the Petri net models developed, thus preservIng the properties already proven of the controller. It. also contains a model of the physical system which is synchronised to the real application to provide timely responses. The various way of forming the synchronization between these processes is considered and the resulting nets are analysed using concurrency sets.

A formal methodology for the verification of concurrent systems

There is an increasing emphasis on the use of software to control safety critical plants for a wide area of applications. The importance of ensuring the correct operation of such potentially hazardous systems points to an emphasis on the verification of the system relative to a suitably secure specification. However, the process of verification is often made more complex by the concurrency and real-time considerations which are inherent in many applications. A response to this is the use of formal methods for the specification and verification of safety critical control systems. These provide a mathematical representation of a system which permits reasoning about its properties. This thesis investigates the use of the formal method Communicating Sequential Processes (CSP) for the verification of a safety critical control application. CSP is a discrete event based process algebra which has a compositional axiomatic semantics that supports verification by formal proof. The application is an industrial case study which concerns the concurrent control of a real-time high speed mechanism. It is seen from the case study that the axiomatic verification method employed is complex. It requires the user to have a relatively comprehensive understanding of the nature of the proof system and the application. By making a series of observations the thesis notes that CSP possesses the scope to support a more procedural approach to verification in the form of testing. This thesis investigates the technique of testing and proposes the method of Ideal Test Sets. By exploiting the underlying structure of the CSP semantic model it is shown that for certain processes and specifications the obligation of verification can be reduced to that of testing the specification over a finite subset of the behaviours of the process.

An expert system for the development of a health and safety policy/risk assessment in the plastics industry

Health and safety policies may be regarded as the cornerstone for positive prevention of occupational accidents and diseases. The Health and Safety at Work, etc Act 1974 makes it a legal duty for employers to prepare and revise a written statement of a general policy with respect to the health and safety at work of employees as well as the organisation and arrangements for carrying out that policy. Despite their importance and the legal equipment to prepare them, health and safety policies have been found, in a large number of plastics processing companies (particularly small companies), to be poorly prepared, inadequately implemented and monitored. An important cause of these inadequacies is the lack of necessary health and safety knowledge and expertise to prepare, implement and monitor policies. One possible way of remedying this problem is to investigate the feasibility of using computers to develop expert system programs to simulate the health and safety (HS) experts' task of preparing the policies and assisting companies implement and monitor them. Such programs use artificial intelligence (AI) techniques to solve this sort of problems which are heuristic in nature and require symbolic reasoning. Expert systems have been used successfully in a variety of fields such as medicine and engineering. An important phase in the feasibility of development of such systems is the engineering of knowledge which consists of identifying the knowledge required, eliciting, structuring and representing it in an appropriate computer programming language.

The design of fault tolerant software for loosely coupled distributed systems

Requirements for systems to continue to operate satisfactorily in the presence of faults has led to the development of techniques for the construction of fault tolerant software. This thesis addresses the problem of error detection and recovery in distributed systems which consist of a set of communicating sequential processes. A method is presented for the `a priori' design of conversations for this class of distributed system. Petri nets are used to represent the state and to solve state reachability problems for concurrent systems. The dynamic behaviour of the system can be characterised by a state-change table derived from the state reachability tree. Systematic conversation generation is possible by defining a closed boundary on any branch of the state-change table. By relating the state-change table to process attributes it ensures all necessary processes are included in the conversation. The method also ensures properly nested conversations. An implementation of the conversation scheme using the concurrent language occam is proposed. The structure of the conversation is defined using the special features of occam. The proposed implementation gives a structure which is independent of the application and is independent of the number of processes involved. Finally, the integrity of inter-process communications is investigated. The basic communication primitives used in message passing systems are seen to have deficiencies when applied to systems with safety implications. Using a Petri net model a boundary for a time-out mechanism is proposed which will increase the integrity of a system which involves inter-process communications.

The interaction between the implementation of an occupational health and safety management system and safety culture:a case study in the rubber industry

A prominent theme emerging in Occupational Health and Safety (OSH) is the development of management systems. A range of interventions, according to a prescribed route detailed by one of the management systems, can be introduced into an organisation with some expectation of improved OSH performance. This thesis attempts to identify the key influencing factors that may impact upon the process of introducing interventions, (according to B88800: 1996, Guide to Implementing Occupational Health and Safety Management Systems) into an organisation. To help identify these influencing factors a review of possible models from the sphere of Total Quality Management (TQM) was undertaken and the most suitable TQM model selected for development and use in aSH. By anchoring the aSH model's development in the reviewed literature a range ofeare, medium and low level influencing factors were identified. This model was developed in conjunction with the research data generated within the case study organisation (rubber manufacturer) and applied to the organisation. The key finding was that the implementation of an OSH intervention was dependant upon three broad vectors of influence. These are the Incentive to introduce change within an organisation which refers to the drivers or motivators for OSH. Secondly the Ability within the management team to actually implement the changes refers to aspects, amongst others, such as leadership, commitment and perceptions of OSH. Ability is in turn itself influenced by the environment within which change is being introduced. TItis aspect of Receptivity refers to the history of the plant and characteristics of the workforce. Aspects within Receptivity include workforce profile and organisational policies amongst others. It was found that the TQM model selected and developed for an OSH management system intervention did explain the core influencing factors and their impact upon OSH performance. It was found that within the organisation the results that may have been expected from implementation of BS8800:1996 were not realised. The OSH model highlighted that given the organisation's starting point, a poor appreciation of the human factors of OSH, gave little reward for implementation of an OSH management system. In addition it was found that general organisational culture can effectively suffocate any attempts to generate a proactive safety culture.

The evaluation and development of the lead authority partnership scheme as a central intervention strategy for health and safety enforcement by local authorities

The research comprises a suite of studies that examines and develops the Lead Authority Partnership Scheme (LAPS) as a central intervention strategy for health and safety by local authority (LA) enforcers. Partnership working is a regulatory concept that in recent years has become more popular but there has been little research conducted to investigate, explore and evaluate its practical application. The study reviewed two contrasting approaches to partnership working between LAs and businesses, both of which were intended to secure improvements in the consistency of enforcement by the regulators and in the health and safety management systems of the participating businesses. The first was a well-established and highly prescriptive approach that required a substantial resource commitment on the part of the LA responsible for conducting a safety management review (SMR) of the business. As a result of his evaluation of the existing ‘full SMR’ scheme, the author developed a second, more flexible approach to partnership working. The research framework was based upon a primarily qualitative methodology intended to investigate and explore the impact of the new flexible arrangements for partnership working. The findings from this study of the flexible development of the scheme were compared and contrasted with those from studies of the established ‘full SMR’ scheme. A substantial degree of triangulation was applied in an attempt to strengthen validity and broaden applicability of the research findings. Key informant interviews, participant observation, document/archive reviews, questionnaires and surveys all their particular part to play in the overall study. The findings from this research revealed that LAPS failed to deliver consistency of LA enforcement across multiple-outlet businesses and the LA enforced business sectors. Improvement was however apparent in the safety management systems of the businesses participating in LAPS. Trust between LA inspector and safety professional was key to the success of the partnerships as was the commitment of these key individuals. Competition for precious LA resources, the priority afforded to food safety over health and safety, the perceived high resource demands of LAPS, and the structure and culture of LAs were identified as significant barriers to LA participation. Flexible approaches, whilst addressing the resource issues, introduced some fresh concerns relating to credibility and delivery. Over and above the stated aims of the scheme, LAs and businesses had their own reasons for participation, notably the personal development of individuals and kudos for the organisation. The research has explored the wider implications for partnership working with the overall conclusion it is most appropriately seen as a strategic level element within a broader structured intervention strategy.

Organisational change and safety culture: the impact of communication

This research examines and explains the links between safety culture and communication. Safety culture is a concept that in recent years has gained prominence but there has been little applied research conducted to investigate the meaning of the concept in 'real life' settings. This research focused on a Train Operating Company undergoing change in a move towards privatisation. These changes were evident in the management of safety, the organisation of the industry and internally in their management. The Train Operating Company's management took steps to improve their safety culture and communications through the development of a cascade communication structure. The research framework employed a qualitative methodology in order to investigate the effect of the new system on safety culture. Findings of the research were that communications in the organisation failed to be effective for a number of reasons, including both cultural and logistical problems. The cultural problems related to a lack of trust in the organisation by the management and the workforce, the perception of communications as management propaganda, and asyntonic communications between those involved, whilst logistical problems related to the inherent difficulties of communicating over a geographically distributed network. An organisational learning framework was used to explain the results. It is postulated that one of the principal reasons why change, either to the safety culture or to communications, did not occur was because of the organisation's inability to learn. The research has also shown the crucial importance of trust between the members of the organisation, as this was one of the fundamental reasons why the safety culture did not change, and why safety management systems were not fully implemented. This is consistent with the notion of mutual trust in the HSC (1993) definition of safety culture. This research has highlighted its relevance to safety culture and its importance for organisational change.

Can incident reporting improve safety? Healthcare practitioners' views of the effectiveness of incident reporting

OBJECTIVE: Recent critiques of incident reporting suggest that its role in managing safety has been over emphasized. The objective of this study was to examine the perceived effectiveness of incident reporting in improving safety in mental health and acute hospital settings by asking staff about their perceptions and experiences. DESIGN: /st>Qualitative research design using documentary analysis and semi-structured interviews. SETTING: /st>Two large teaching hospitals in London; one providing acute and the other mental healthcare. PARTICIPANTS: /st>Sixty-two healthcare practitioners with experience of reporting and analysing incidents. RESULTS: /st>Incident reporting was perceived as having a positive effect on safety, not only by leading to changes in care processes but also by changing staff attitudes and knowledge. Staff discussed examples of both instrumental and conceptual uses of the knowledge generated by incident reports. There are difficulties in using incident reports to improve safety in healthcare at all stages of the incident reporting process. Differences in the risks encountered and the organizational systems developed in the two hospitals to review reported incidents could be linked to the differences we found in attitudes to incident reporting between the two hospitals. CONCLUSION: /st>Incident reporting can be a powerful tool for developing and maintaining an awareness of risks in healthcare practice. Using incident reports to improve care is challenging and the study highlighted the complexities involved and the difficulties faced by staff in learning from incident data.

Designing multiple user perspectives and functionality for clinical decision support systems

Clinical Decision Support Systems (CDSSs) need to disseminate expertise in formats that suit different end users and with functionality tuned to the context of assessment. This paper reports research into a method for designing and implementing knowledge structures that facilitate the required flexibility. A psychological model of expertise is represented using a series of formally specified and linked XML trees that capture increasing elements of the model, starting with hierarchical structuring, incorporating reasoning with uncertainty, and ending with delivering the final CDSS. The method was applied to the Galatean Risk and Safety Tool, GRiST, which is a web-based clinical decision support system (www.egrist.org) for assessing mental-health risks. Results of its clinical implementation demonstrate that the method can produce a system that is able to deliver expertise targetted and formatted for specific patient groups, different clinical disciplines, and alternative assessment settings. The approach may be useful for developing other real-world systems using human expertise and is currently being applied to a logistics domain. © 2013 Polish Information Processing Society.

Using patient knowledge for better health systems

Purpose – This paper describes a “work in progress” research project being carried out with a public health care provider in the UK, a large NHS hospital Trust. Enhanced engagement with patients is one of the Trust’s core principles, but it is recognised that much more needs to be done to achieve this, and that ICT systems may be able to provide some support. The project is intended to find ways to better capture and evaluate the “voice of the patient” in order to lead to improvements in health care quality, safety and effectiveness. Design/methodology/approach – We propose to investigate the use of a patient-orientated knowledge management system (KMS) in managing knowledge about and from patients. The study is a mixed methods (quantitative and qualitative) investigation based on traditional action research, intended to answer the following three research questions: (1) How can a KMS be used as a mechanism to capture and evaluate patient experiences to provoke patient service change (2) How can the KMS assist in providing a mechanism for systematising patient engagement? (3) How can patient feedback be used to stimulate improvements in care, quality and safety? Originality/value –This methodology aims to involve patients at all phases of the study from its initial design onwards, thus leading to an understanding of the issues associated with using a KMS to manage knowledge about and for patients that is driven by the patients themselves. Practical implications – The outcomes of the project for the collaborating hospital will be firstly, a system for capturing and evaluating knowledge about and from patients, and then as a consequence, improved outcomes for both the patients and the service provider. More generally, it will produce a set of guidelines for managing patient knowledge in an NHS hospital that have been tested in one case example.

Representing human expertise by the OWL web ontology language to support knowledge engineering in decision support systems

Clinical decision support systems (CDSSs) often base their knowledge and advice on human expertise. Knowledge representation needs to be in a format that can be easily understood by human users as well as supporting ongoing knowledge engineering, including evolution and consistency of knowledge. This paper reports on the development of an ontology specification for managing knowledge engineering in a CDSS for assessing and managing risks associated with mental-health problems. The Galatean Risk and Safety Tool, GRiST, represents mental-health expertise in the form of a psychological model of classification. The hierarchical structure was directly represented in the machine using an XML document. Functionality of the model and knowledge management were controlled using attributes in the XML nodes, with an accompanying paper manual for specifying how end-user tools should behave when interfacing with the XML. This paper explains the advantages of using the web-ontology language, OWL, as the specification, details some of the issues and problems encountered in translating the psychological model to OWL, and shows how OWL benefits knowledge engineering. The conclusions are that OWL can have an important role in managing complex knowledge domains for systems based on human expertise without impeding the end-users' understanding of the knowledge base. The generic classification model underpinning GRiST makes it applicable to many decision domains and the accompanying OWL specification facilitates its implementation.