Why SFAIRP is not a safety risk assessment
Weaning boards off the term risk assessment is difficult.
Even using the term implies that there must be some minimum level of ‘acceptable safety’.
And in one sense, that’s probably the case once the legal idea of ‘prohibitively dangerous’ is invoked.
But that’s a pathological position to take if the only reason why you’re not going to do something is because if it did happen criminal manslaughter proceedings are a likely prospect.
SFAIRP (so far is as reasonably practicable) is fundamentally a design review. It’s about the process.
The meaning is in the method, the results are only consequences.
In principle, nothing is dangerous if sufficient precautions are in place.
Flying in jet aircraft, when it goes badly, has terrible consequences. But with sufficient precautions, it is fine, even though the potential to go badly is always present. But no one would fly if the go, no-go decision was on the edge of the legal concept of ‘prohibitively dangerous’.
We try to do better than that. In fact, we try to achieve the highest level of safety that is reasonably practicable. This is the SFAIRP position. And designers do it because it has always been the sensible and right thing to do.
The fact that it has also been endorsed by our parliaments to make those who are not immediately involved in the design process, but who receive (financial) rewards from the outcomes, accountable for preventing or failing to let the design process be diligent is not the point.
How do you make sure the highest reasonable level of protection is in place? The answer is you conduct a design review using optimal processes which will provide for optimal outcomes.
For example, functional safety assessment using the principle of reciprocity (Boeing should have told pilots about the MCAS in the 737 MAX) supported by the common law hierarchy of control (elimination, prevention and mitigation). And you transparently demonstrate this to all those who want to know via a safety case in the same way a business case is put to investors.
But the one thing SFAIRP isn’t, is a safety risk assessment. Therein lies the perdition.
