To the Letter Icon

The Safety Spectrum
by Bryce Fisher, Manager, Safety Promotion and Education, System Safety, Civil Aviation, Transport Canada.
This article was originally published in ICAO Journal, Volume 60, Number 4 (July/August) 2005, reprinted with permission.

Regulators must oversee companies and people that reflect the entire safety spectrum

Commitment to safe operations varies from company to company, requiring that the regulator develop multiple strategies to ensure compliance with minimum safety standards and provide the right inducements to advance safety management thinking.

We often hear or use the term "minimum safety standards," which implies the existence of an absolute floor below which things are deemed unsafe, but also the potential for a higher standard. In other words, there is a spectrum to safety, and people and organizations can be positioned along this spectrum according to the way they act in reconciling safety, business and management issues.

When one looks inside an organization, it is apparent that certain actions are rewarded while others are sanctioned. Managers and employees learn these patterns and conform. This pattern of values, expectations and behaviours becomes the organization’s culture. Certain cultures can advance the cause of safety; while others are counter-productive. The safety spectrum attempts to position the range of cultural attributes and associated approaches to safety management.

Regulators interact with companies and persons across the safety spectrum. They need, therefore, to respond in a fashion appropriate to the behaviours exhibited by the organization or individual. They must develop appropriate strategies to ensure compliance with the minimum safety standards and provide the right inducements or bridging strategies to advance safety management thinking.

The safety spectrum brings together current thinking on safety, management, and business issues. While the notions put forth here relate to safety, they can apply equally to areas such as aviation security, health, and the environment. Management of such issues is virtually the same, notwithstanding the need for a specialized vocabulary, information and expertise.

The safety spectrum draws its inspiration from First Environment Inc.-an environmental consultancy-and is an adaptation of its "Green Spectrum®". It incorporates the safety thinking of James Reason, Charles Perrow and Patrick Hudson; the risk management thinking of A. Ian Glendon and Alan Waring; the business and management thinking of Forest Reinhardt and Joan Magretta; and the regulatory thinking of Malcom K. Sparrow.

Safety spectrum categories

The first category in the safety spectrum, "compliance as cost," lies at the end of the spectrum where "borderline" operators and individuals are found: these are the companies or persons that have difficulty complying with the minimum safety standards.

These companies and individuals have difficulty complying with standards because they view compliance as a cost and are driven to minimize compliance expenditures, addressing problems only after they have been caught violating regulations and are forced to comply. More often than not, the "repairs" they perform are superficial and are meant to satisfy the regulator in the short-term. These companies usually blame someone else and take action against the culpable employees who got caught-usually through their dismissal. Once the "guilty" parties and the regulator are out of the picture, these operators revert to their old ways.

Companies or individuals in this category operate in the extreme short term. They would appear to prefer to run the risk of being caught again rather than investing in reforms to their safety system, if indeed they have one. Sometimes fines are treated as a licence to continue to break the rules, the oft-heard "cost of doing business."

The organizational cultural label attached to such behaviours is "pathological," according to aviation human factors expert Ron Westrum, who developed the series of labels identified in this article.When an accident happens, pathological companies or individuals will run and hide, deny, blame or fold.

Regulators are left with little choice in attempting to alter the behaviours of pathological operators. They are obliged to engage in significant surveillance and enforcement activities. The underlying regulatory philosophy is one where regulators are compelled to prescribe and enforce; they must catch the "illegals" in the act.

It is unfortunate that the iron fist of enforcement and all its trappings-namely, surveillance, fines, suspensions, judicial or administrative proceedings-is the only stimulus to which this category of operators will respond and that, in this day and age, regulators are still obliged to expend significant resources on companies and persons in this category.

The second category, "safety as compliance," describes those companies or persons that view safety as compliance with current safety standards-no more, no less. Their hearts and minds are in the right place and they want to comply with the regulations, though they may not be successful 100 percent of the time. The reason for their non-compliance may be that they just do not know better or are motivated to avoid fines, suspensions or other forms of official sanction. To this end, companies or persons attempt to develop and implement compliance programs, such as internal inspections and audits, and often invoke a system of rewards and punishments to support these programs.

Companies or persons within this category are tactical rather than strategic in their safety thinking. They seek formal recognition from regulators, such as compliance certificates and the like, in order to allay their customers’ safety concerns, satisfy their insurers and continue to operate.

Working under the assumption that compliance translates into safety, these companies or persons are sometimes surprised when they have an accident; they have yet to understand that compliance alone will not prevent an accident from happening. When one occurs, these operators are quick to find a "fix" to continue operating. The organizational culture attribute assigned to these companies or persons is said to be reactive.

The regulator’s job is somewhat easier here than in the previous category, although intervention is still required at an operational level. This approach is one of helping operators to better understand how to help themselves. The tools available to the regulator are educational in nature (e.g. interpretation of regulations and standards) and involve assisting operators in the development and implementation of compliance programs. Regulators may still have to revert to an enforcement posture under some circumstances. The underlying regulatory philosophy here is one where operators must demonstrate compliance.

Companies or persons in the third category, "safety as risk," have a broader view of safety. They recognize that compliance alone cannot address every safety issue, and admit that there will always be risks in aviation that should be managed.

Companies or persons that fall within this category are motivated to keep their costs in check and manage any short- to mid-term impact untoward events may have on their reputation, their position in the market, or their brand. They are anticipatory, and attempt to identify hazards before they manifest themselves. They eliminate the hazards or hazardous operation, institute controls to reduce the likelihood of hazards and the scope of their effects, or take measures to contain them.

These organizations are organic and learn from their experiences. Thus they have remedial strategies in place to ensure that safety lessons are learned and disseminated and that long-lasting reforms are applied to the safety management system (SMS). These and other safety programs and program enablers, such as reporting systems and the like, are integrated into one single system and applied across the operations of an aviation concern.

From an organizational culture perspective, companies in this category are deemed "calculative" because, as stated by Patrick Hudson in his keynote address to the Canadian Aviation Safety Seminar (CASS) in 2001, "great value is placed upon systematic and managed approaches to operational safety." Put differently, companies or persons in this category develop and implement operationally oriented SMSs. This seems to be the destination desired by many aviation regulatory bodies.

As companies evolve from compliance to safety management thinking, so too must regulators. They must transform themselves from regulatory compliance auditors into system evaluators, as the underlying philosophy here shifts the onus for proving or disproving safety from the regulator to the organization in question.

For the most part, regulatory inspectors are former pilots, air traffic controllers, mechanics, engineers, etc. They are accustomed to dealing directly with their industry peers at a tactical level. But with SMS, this changes. Inspectors are called upon to intervene at a more strategic level, and are required to interact with system managers whose motivations, contingencies, views, frame of reference and language may be completely new to them.

The learning curve may be steep, but is well worth the journey. Robust SMSs that are rigorously applied and in which regulators have confidence can set the course toward a degree of self-regulation.

This level of independence is a good thing. Companies can address emerging hazards before they manifest themselves in advance of, or in the absence of, a regulatory response. They will have the flexibility to address issues in innovative, effective and efficient ways. In the meantime, regulators can focus their resources on those operators in the first two categories that typically demand higher levels of oversight and intervention.

In the fourth category, "safety as opportunity," are found operators that can leverage their safety management capability to their economic benefit. These companies have longer-term outlooks. They are particularly responsive to their customers’ and stakeholders’ interests in the area of safety.

The strategy of these operators is to include safety issues in their marketing and other business processes as well as their operational decisions. In other words, the business and safety management strategies implemented under an SMS are integrated.

A variety of business strategies, such as product and service differentiation, competitive positioning, cost reduction and risk management, among others, are available to do just that. But the success of any one of these strategies or combination thereof depends on the structure of the industry, the position of the company within the sector, and the managerial acumen of the organization’s managers.

Operators in this category foresee problems or issues before they arise and find solutions, translating their successful management of these issues into an economic advantage. Operators in this category are described as proactive.

Companies at this level of safety management maturity see economic advantage to holding themselves to a higher safety standard. From a strictly safety standpoint, they are self-regulating. With this kind of scheme in place, typically a company’s approach to safety management is documented and incorporated by reference in government legislation as a formal standard, and the regulator is provided with the means to hold the operator accountable to its own standards. Under this scheme, the role of the regulator is focused on monitoring the safety performance of the company, as reported by the company. The resources needed for exercising this type of oversight are reduced even further than in the previous category.

In essence, this approach introduces the potential for customized regulation. The role of the regulator under a self-regulating scheme needs to be well defined, but clearly it can be diminished significantly, provided certain assurances are built in to that scheme.

At the advanced end of the spectrum, safety is fully integrated into the business. It is part of a company’s overall operating principle, and is reflective of its core values. For operators at this end of the spectrum, the overarching philosophy is one of business sustainability and profit maximization in the long term.

Companies in this category incorporate incentives and contingencies so that all executives are accountable for meeting social as well as financial and other business goals. Their strategy is to build safety and other social issues right into their business model. This translates into a cohesive and comprehensive management system that informs and guides every aspect of business management. The corporate culture of such companies is said to be generative.

Moreover, such companies seek to involve their partners and stakeholders in adopting best practices for mutual benefit. This can be achieved through private forms of regulation. Companies and their operating partners come to terms with a standard approach to safety management and, through a third party, hold each other accountable for meeting those standards. The third party that is working for, but independent of, any partner has the responsibility for developing and maintaining the standard and policing its application across the partnership network.

Failure of any one partner to meet the standard is viewed as detrimental to the network and to the industry as a whole, and the spectre of being banished from the network is the largest economic incentive for partners to uphold the tenets of the standard. Partnership networks such as the Star Alliance, oneworld, Sky Team and so on are well positioned to contemplate such an approach.

Within the boundaries of a given country, the regulator’s role does not change much here from the previous one. However, as most of these partnership networks are likely to cross jurisdictions, a collective approach among regulators is necessary.

At this juncture, it may be instructive to compare the notions put forward in the safety spectrum with those related to the latest trend in management circles: corporate social responsibility, or CSR.

In the December 2004 issue of the Harvard Business Review, Simon Zadek, CEO of AccountAbility and a senior fellow at Harvard University’s John F. Kennedy School of Government, examined Nike’s progression toward becoming a "leader in progressive practices." Zadek observes that the lessons learned from the Nike experience lend themselves to other organizations.

Zadek argued persuasively that the path toward corporate social responsibility lies in a "company’s journey through two dimensions of learning: organizational and societal." He went on to map out five stages of organizational learning that are worthy of repetition here.

Stage What organizations do Why they do it
Defensive Deny practices, outcomes, or responsibilities. To defend against attacks to their reputation that in the short term could affect sales, recruitment, productivity, and the brand.
Compliance Adopt a policy-based compliance approach as a cost of doing business. To mitigate the erosion of economic value in the medium term because of on-going reputation and litigation risks.
Managerial Embed the societal issue in their core management processes. To mitigate the erosion of economic value in the medium term and to achieve longer-term gains by integrating responsible business practices into their daily operations.
Strategic Integrate the societal issue into their core business strategies. To enhance economic value in the long term and to gain first-mover advantage by aligning strategy and process innovations with the societal issues.
Civil Promote broad industry participation in the corporate responsibility. To enhance long-term economic value by overcoming first-mover disadvantages and to realize gains through collective action.

Table 1. The fives stages of organizational learning

It is interesting to note the similarities between the organizational culture attributes of the safety spectrum and Zadek’s five stages of organizational learning. The path toward more advanced safety management thinking, it seems, resembles that put forward by Zadek.

A word of caution: The safety spectrum consists of generalizations about issues and behaviours. Categorization in this sense is simple. Any practical application of the safety spectrum, however, is not so easy.

The categorization of individual operators is dependent on a variety of factors not described here. These include but are not limited to:

  • the size and scope of the operator in question;
  • the complexity of the operations;
  • the organizational structure and coordinating mechanisms;
  • the business model and processes;
  • the company’s position within the sector; and
  • the level of corporate maturity as compared to the overall maturity of the industry.

In addition, categorization is based on whether the operator is subject to individual, systemic and/or organizational type accidents, as well as the parties at risk and their level of risk tolerance.

In many respects, safety is a social issue. Akin to the stages of "issue maturity" depicted in Table 1, the maturity of SMSs has reached the level where SMS is about to be institutionalized globally in legislation and in business practice. It is fast becoming the new norm, and the way business is done.

This is encouraging. Safety management thinking is taking firmer root in aviation circles. And, if they do their homework well, aviation companies and regulators could usher in the era of self-regulation. Look to mega-carriers or alliances to set the stage for this to happen, with the establishment of SMSs for their current and would-be partners.

The position of operationally-oriented SMSs within the safety spectrum should be clearer. But their potential has yet to be fully realized for the benefit of aviation companies, their customers and stakeholders, and the regulators.

By integrating safety management systems and business practices, the aviation industry stands to gain better safety performance with less regulatory intervention. As to how far we want to go depends on the companies, regulators and, in essence, everyone involved in aviation.

    Category 1 Category 2 Category 3 Category 4 Category 5
View Compliance as Cost Safety as Compliance Safety as Risk Safety as Opportunity Safety is a Fully Integrated Business Practice
Issue Reducing costs Sanctions (fines, jail, suspensions, etc.) Waste Customer/stakeholder interests Sustainability
Driver Minimize compliance expenditures Minimize sanctions Minimize costs Maximize revenues Maximize profits
Process Comply when forced to and attribute blame Internal inspections and audits supported by an internal system of rewards and punishments Integrate safety programmes Include safety issues in marketing and operational decisions Fully integrate safety options and issues into all aspects of business
Approach to safety management Devoid of any approach to safety management Compliance strategies Safety Management Systems (SMS) Safety Management Systems (SMS)
Business Strategies
Safety Management Systems (SMS)
Business Strategies
Business Modeling
Cultural label Pathological Reactive Calculative Proactive Generative
Approach Surveillance Enforcement Educating for compliance Assist in implementing self-audit programmes Evaluate/assess management system Monitor Monitor
Philosophy Prescribe Enforce Companies demonstrate compliance Companies demonstrate safety performance Self-regulating Private regulation
Resource distribution Regulator resources   Company resources

Table 2. The safety spectrum: companies found at the low end of the safety spectrum operate in the extreme short term, while those operating at the advanced end of the spectrum fully integrate safety into their business model.

Safety and Professionalism...
Don't start without them.

Date modified: