We’ve been criticized in the past for some of our blogs (for example, here) that seem to only point out the negatives of safety rules and procedures, which leads some to believe that we are advocating the abolishment of safety rules and procedures entirely. This is not the case though. Rather, we just think rules (from now on, for the sake of space, we’re going to use the terms “rules” and “procedures” interchangeably) are mishandled and misunderstood. As an example, recently we conducted interviews of personnel at various levels within a large municipal utility organization. One of the questions we asked was about safety responsibilities, and one of the most common responses we get was some variation of “everyone is responsible to always follow the safety rules.”
That makes sense on its face, and that’s often where people stop. But think about what else has to be true for that statement to be true. First, the rule has to actually protect people in all the circumstances to which it applies. This is easier said than done. There are times when following the rules can actually make people less safe. Extreme examples can be found in emergencies, where people must violate evacuation rules due to changing circumstances. But more subtle examples are found in the explosion in permit to work systems and job hazard analysis. Often these become paperwork exercises. Why? Because employees have other pressures on them, such as production and efficiency, and these combine with normal human optimism to make what looks like a robust control on paper, nothing more than a paper tiger.
Second, the rule must be one that is capable of being followed in the real world. Often we write safety rules and they look so easy on paper, because we’re using very constrained and linear thinking. For example, we often create requirements that people must wear PPE to conduct certain tasks, which seems really easy on paper. But in the real world there are times where wearing that PPE makes doing the job difficult or impossible.
Our faith in rules in the safety profession and their ability to protect our employees is both philosophically and practically questionable. On a philosophical level, the idea that our employees can’t figure out how to do the job safely, but we have the knowledge and foresight to do so is, at best, questionable, and, at worst, offensive. On a practical level, we’ve had rules for a long, long time, but we’re still having people get hurt or killed. At some point we need to admit to ourselves that the problem is not that people aren’t following our rules. At some point we have to admit that we’re asking too much from our rules.
Still, rules have a place within a safety management system. Rosa Antonia Carrillo had a great way of characterizing a primary purpose of rules – they capture what we know so far. They aren’t perfect, because the world is complex, so no rule can deal with that complexity. As Sidney Dekker says, rules and procedures are resources for action. They are a tool that we can use to determine the best course of action in a given situation. But they should never be considered the only resource for action.
The title of this blog comes from David Borys, who, with Andrew Hale, completed a review of the relevant research on safety rule following (you can read the whole report they published here). One of the key recommendations from this work is that we need rules for our rules – i.e. we need a system to manage our rules and procedures. Without this we may create a situation where we are the emperor without any clothes on – we feel comfortable, but we look pretty silly.
The above figure, taken from the Borys and Hale report, presents a recommended rule management system, both for existing rules and new rules. The process they outline is at least interesting, because, unlike most management systems, it does not view rules as immutable. Rules should be monitored, just like any other recommended safety defense, to ensure that they actually work.
As a quick overview of the process (for a more in depth review, we recommend you look at the above report), for existing rules you start with monitoring individual and group adherence to the rules (1). From there you evaluate whether the rule is actually protecting employees and is able to be followed (2). For those rules that are effective, you ensure that employees are trained on how and why to follow the rule, including when rules must be adapted (9), and then all employees are held accountable based on the rule (3), with the understanding that there will be exceptions that must be dealt with (4). Old and ineffective rules are scrapped or redesigned (5).
For new rules, the first step is to identify whether a rule is needed to achieve the goal of employee safety and resilience (6) sometimes rules are unnecessary or not the best way to achieve the goal. Then needed rules are written (7), tested to identify effectiveness (8), and employees are trained accordingly (9). And then the system cycle continues, very similarly to the PDCA cycle of continuous improvement.
Is the above-mentioned system perfect? Probably not. But we think it’s time in the safety profession that we take safety rules off the pedestal that they have been on for too long and that we begin to the discussion on proper rule management.