Document Type


Publication Date

May 2014

Publication Title

Journal of Loss Prevention in the Process Industries




Safety principles, Fail-safe, Safety margins, Defense-in-depth, Observability-in-depth, System safety


Aviation Safety and Security | Engineering | Risk Analysis


System safety is of particular importance for many industries. Broadly speaking, it refers to the state or objective of striving to sustainably ensure accident prevention through actions on multiple safety levers (technical, organizational, and regulatory). While complementary to risk analysis, it is distinct in one important way: risk analysis is anticipatory rationality examining the possibility of adverse events (or accident scenarios), and the tools of risk analysis support and in some cases quantify various aspects of this analysis effort. The end-objective of risk analysis is to help identify and prioritize risks, inform risk management, and support risk communication. These tools however do not provide design or operational guidelines and principles for eliminating or mitigating risks. Such considerations fall within the purview of system safety.In this work, we propose a set of five safety principles, which are domain-independent, technologically agnostic, and broadly applicable across industries. While there is a proliferation of detailed safety measures (tactics) in specific areas and industries, a synthesis of high-level safety principles or strategies that are independent of any particular instantiation, and from which specific safety measures can be derived or related to, has pedagogical value and fulfills an important role in safety training and education. Such synthesis effort also supports creativity and technical ingenuity in the workforce for deriving specific safety measures, and for implementing these principles and handling specific local or new risks. Our set of safety principles includes: (1) the fail-safe principle; (2) the safety margins principle; (3) the un-graduated response principle (under which we subsume the traditional “inherently safe design” principle); (4) the defense-in-depth principle; and (5) the observability-in-depth principle. We carefully examine each principle and provide examples that illustrate their use and implementation. We relate these principles to the notions of hazard level, accident sequence, and conditional probabilities of further hazard escalation or advancement of an accident sequence. These principles are a useful addition to the intellectual toolkit of engineers, decision-makers, and anyone interested in safety issues, and they provide helpful guidelines during system design and risk management efforts.


This is an Author's Accepted Manuscript of an article whose final and definitive form, the Version of Record, has been published in Journal of Loss Prevention in the Process Industries, 2014 in Volume 29. Find the published version of this article at this link.
SJSU users: use the following link to login and access the article via SJSU databases.